Capture The Flag (CTF) - Linux Binary Exploitation Challenges Lab

Basic Knowledge Requirements

Linux (Ubuntu, Parrot Security or Kali Linux is recommended)
Linux security features (RELRO, Canary, NX, PIE & etc)
GNU Debugger (GDB)
GDB Plugins (gef, pwndbg & etc)
Assemble Language knowledge (optional when Ghidra or IDA is in force)
Ghidra or IDA (optional but recommended)
C Language knowledge
Python Language (Python 3 is recommended)
Exploit Development skill
pwntools (optional but recommended)

Challenges

If you can solve the following challenges, please let me know (Discord @samiux#3445).

Linux Binary Exploitation (Pwn) Challenges Lab

PwnCTF 22.04 is developed on CTFd Framework. The challenges are mainly designed for Pwnable and Practical purpose. Difficulty is basic to intermediate level. No heap exploitation is involved.

PwnCTF 22.04 is based on Glibc 2.35 (Ubuntu 22.04 LTS). There are a total of 10 challenges.

Usage

Import the ova file into Virtualbox (or VMWare) and access the control panel at the server IP address on port 8000 with browser (e.g. http://192.168.56.50:8000). It is well tested on Virtualbox. Network interface is “Bridged Network” by default. Please change the type of network interface on Virtualbox when necessary. Please register at the control panel page for the challenges.

WARNING - This lab is vulnerable and do NOT allow it to be connected to the internet.

Download

sha256 : 625f9dd09aec7e23584b5740b94f2bb5596261ce6ce8b9a0f4a2f37f0232ab3d – PwnCTF 22.04_v20230122.ova (Glibc 2.35)
Download PwnCTF 22.04_v20230122.ova (5.67GB)

Changelog

May 20, 2022 - Version 2022.0 – First released
May 21, 2022 - Version 2022.1 – Some improvement
May 21, 2022 - Version 2022.2 – Increase 5 more challenges, a total of 10 challenges
Aug 19, 2022 - Version 2022.3 – Modify the Virtualbox settings for better implementation experience
Sep 25, 2022 - Delete Glibc 2.31 version (PwnCTF 2022)
Oct 15, 2022 - Version 22.04 – Based on Ubuntu 22.04 LTS (GLib 2.35)
Oct 25, 2022 - Version 20221025 – Updated Ubuntu
Nov 04, 2022 - Version 20221104 – Updated Ubuntu
Dec 13, 2022 - Version 20221213 – Updated Ubuntu
Dec 15, 2022 - Version 20221215 – Minor fixed
Jan 06, 2023 - Version 20230106 – Reduced OVA file size
Jan 22, 2023 - Version 20230122 – Update Ubuntu

Demo

Tutorials & Writeups

Writeups

Nightmare

Tutorials

pwn.college - Basic concept in Videos
CTF pwn tips
CTF Wiki - Chinese

Books

从 0 到 1 - CTFer 成长之路 – Nu1L 战队编著 (ISBN 978-7-121-37695-5)
CTF 竞赛权威指南 - Pwn 篇 – 杨超编著 (ISBN 978-7-121-39952-7)

Bonus

Challenge : gets_only (Linux binary)
Description : Oh! Only gets() in the binary!
File : gets_only
sha256 : 65075f0f30bbd5561ca80aa57c645c7b31af4b49b6f8764575fca4b44989cb1c
Author : Samiux
Date : August 21, 2022