Thank you once again! 💪 I usually don't use recvuntil since I prefer to retrieve all the input and then parse it myself in python, rather than making pwntools parse it and stop at a given byte sequence. It is irrelevant, nevertheless. P.S: The song is the same as the one used in the outro. The track is specified in the description :)
Because that's the beginning of the address where our input is stored into memory, and where we are redirecting the execution flow because the program is leaking that very address. In other words, by overwriting the return address of the vulnerable function, we make the RIP (instruction pointer) jump and start executing the contents at that address, that's why you have to place the shellcode at the beginning. If you would otherwise place the padding first, say AAAA... (0x41414141...), the program would try to interpret that data as opcode (actual instructions) and they are invalid. It is explained around 12:25
I'm not doing -shellcode, I'm doing - len(shellcode). That's because I want to pad with A's 0x50 minus the bytes of the shellcode, and I don't want to manually count them. So I use 0x50 - len(shellcode)
This is one of the best videos I've seen on the ret2shellcode attack. I learned a lot, thank you!
Glad to help 💪. Keep on learning!
Amazing !
Waiting for more.
Thank you :)
I learned SO MUCH on this one! This was a blast! Thank you Thank you Thank you Thank you Thank you 🙏🙏🙏🙏🙏
You are most welcome!
Nice job yet again!! ( Love the eerie music at 16:34 )
PS: I've used p.recvuntil("I'm waiting for you at ") and then p.recv().
Thank you once again! 💪
I usually don't use recvuntil since I prefer to retrieve all the input and then parse it myself in python, rather than making pwntools parse it and stop at a given byte sequence. It is irrelevant, nevertheless.
P.S: The song is the same as the one used in the outro. The track is specified in the description :)
very very informative! thanks a lot man!
You are welcome! Stay tuned for more videos :)
why does the shellcode come before the padding in this case? In the previous videos you did the padding first.
Because that's the beginning of the address where our input is stored into memory, and where we are redirecting the execution flow because the program is leaking that very address. In other words, by overwriting the return address of the vulnerable function, we make the RIP (instruction pointer) jump and start executing the contents at that address, that's why you have to place the shellcode at the beginning. If you would otherwise place the padding first, say AAAA... (0x41414141...), the program would try to interpret that data as opcode (actual instructions) and they are invalid. It is explained around 12:25
this is wonderful
Thank you. Glad it helps!
in my connections, when i delete with backspace, it deletes all word (not one char, deletes until a space) how can i fix it? thanks.
What exactly do you mean?
@@RazviOverflow when i type sth in the Shell, and press backspace, it deletes all the word not one character
Why do you minus shellcode? why do you not add them all together like in the previous videos?
I'm not doing -shellcode, I'm doing - len(shellcode). That's because I want to pad with A's 0x50 minus the bytes of the shellcode, and I don't want to manually count them. So I use 0x50 - len(shellcode)
@@RazviOverflow Oh ok what is the purpose of subtracting 0x50 from the length of the shellcode ?
ignore me I think I figured it out.
@@davidmohan2698 No worries at all. If you still have any doubt ask me, I'll do my best to clarify it.