HEX ADVENT 2025: Make A Wish - Tue, Dec 2, 2025

Let’s make a wish! But before we can tell Santa our true desires, we need to first understand some key concepts.

What is Binary Exploitation?

Binary exploitation, also known as “pwn”, is the art of exploiting memory corruption or logic vulnerabilities in compiled executables and controlling code execution.

Common Userland Attacks

Computers often have different rings of privileges which allow different level of access to resources. The core of the operating system, known as the kernel, runs with ring 0 privileges, while applications (such as web browsers, document processors etc.) run on ring 3 (known as userland). Memory corruption vulnerabilities in userland and kernel land can both be exploited, and they do share some key concepts!

Most CTFs feature userland pwn challenges, and some techniques include:

Understanding these concepts will be useful to solving this challenge (even though the challenge is in kernel land 😉)!

Setting Up A Kernel Debugging Station

Make A Wish is a kernel pwn challenge, which means that instead of exploiting a binary in userland, you will be exploiting a kernel module. Typical userland pwn exploits are written in python, but as you will need to make specific syscalls to the operating system to exploit the vulnerability in the kernel module, you will be writing your exploit in C.

For a guide on how to set up debugging for this challenge, refer to: https://kaligulaarmblessed.github.io/challenges/lnc4-cheminventory/

Once you have set up a debugging station, it is time to find the vulnerability in the module! I recommend decompiling the .ko file with a tool such as Ghidra or IDA. Once you have found the vulnerability, think about the primitives that you have, and if a technique similar to the ones mentioned above exist for the kernel!

Happy hunting and have fun!

Back to Home