Skip to content

Introduction

Discord QQ Group Invitation

Welcome to Pwn Wiki : An open-source wiki for Pwners all around the world!

Pwn (/pəʊn/), i.e. the binary exploitation, is a kind of computer attack that focuses on exploiting security flaws and vulnerabilities in the target program. Here we firstly give out detailed definitions for this word phrase:

  • Exploitation: The word "exploitation" means that our goal is to exploit vulnerabilities hidden in the target programs to achive further goals. For example, to succeed a remote code execution (aka RCE) or to complete a local privilege escalation (aka LPE). Usually we will need to write some new programs to achieve that.
  • Binary: The word "binary" means that our attacking targets are the binary files , which are usually the executable files. For example, Linux programs usually consists of executables in format of ELF, and our goal of first attacking phase is to analyze these ELF files and their programs logics to find out vulnerabilities inside that.

The word Pwn is somewhat an onomatopoeia representing the sound of a successful attack on the target computer in hackers' culture, which is originally from a typographical error that wrongly type the own as pwn in a game called Warcraft. Nowadays Pwn is somewhat a short word replacement to the Binary Exploitation, and is widely used in hackers' cycles for years.

Compared to those "dangerous" real-world attacks, a more "secure" form of Pwn is the Capture The Flag (aka CTF) competetion, which is where "Pwn" is more widely being known. For the Pwn challenge in such competetions, authors need to build a program with vulnerabilities in that and establish a remote environment for participants to attack. Participants will need to do the analyzation to find our potential security flaws and doing attacks on remote environments to achive specific goals like remote code execution or local privilege escalation. A special string called the flag will be placed in the remote environment, which represents the success of an attack, as gaining it usually need to achive the designed required privilege like RCE.

For more details about the CTF, please refer to the CTF-Wiki project.

In order to help people with interests in computer security especially the binary exploitation, we established this Wiki site inspired by the CTF-Wiki project. We hope that our work can provide detailed materials of all the knowledge and techniques in the field of binary exploitation to make it easier for beginners to learn Pwn.

In our original design, the Pwn Wiki will consist of following contents:

  • Basic knowledge needed in binary exploitation.
  • Fundamental and advanced skills of binary exploitation, specified by different platforms and operating systems.
  • Detailed analyzation and exploitation on real-world vulnerabilities, categorized by CVE/CNVD number.

Anyway, we hope that you can enjoy your journey on the Pwn Wiki. Let us live long and pwn together!