Skip to content

Introduction

The term to pwn [/poʊn/] originally comes from the gaming community and means the verb to own. In cybersecurity, it refers to gaining unauthorized control over a system or exploiting it.

What to expect

In the pwn category, the user is provided a copy of a program that runs on a remote server. The user has to find a vulnerability in said program and exploit it to gain control of the remote server and to read the contents of files there. The flag is normally written in the file /flag.txt on the remote server.

Skills required (or Motivation to learn)

  • C (understanding code, not necessarily writing)
  • assembly (understanding, not writing)
  • Memory layout of a program
  • Writing Shellcode

Types of challenges (not an exhaustive list)

  • Exploit Buffer Overflows
  • Find Memory Leaks in a Binary Program
  • Programs that use unsecure Libraries
  • Return Oriented Programming