Exploiting a Vulnerable Linked List Implementation - "Links 1" Pwn Challenge [ImaginaryCTF]
Вставка
- Опубліковано 20 лип 2024
- "Links 1" (Pwn) challenge from ImaginaryCTF (iCTF) 23/06/22 - "I love linked lists, but I can never remember the exact syntax how to implement them in C. Can you check over this implementation and make sure I didn't screw anything up?". In this challenge we'll use Ghidra, GDB-PwnDbg and PwnTools to exploit a vulnerable custom LinkedList implementation by overwriting an entry link to point to the flag. Hope you enjoy 🙂 #CTF #iCTF #ImaginaryCTF #Pwn #BinaryExploitation
Write-ups: github.com/Crypto-Cat/CTF/tre...
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
UA-cam: / cryptocat23
Twitch: / cryptocat23
↢ImaginaryCTF↣
imaginaryctf.org
/ imaginaryctf
/ discord
↢Video-Specific Resources↣
www.geeksforgeeks.org/data-st...
• Linked Lists - Compute...
↢Resources↣
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forensics
Decompile Code: www.decompiler.com
Run Code: tio.run
↢Chapters↣
Start: 0:00
Basic file checks: 0:56
Explore program functionality: 1:28
Linked Lists: 4:44
Review code (ghidra): 8:21
Attack plan: 15:49
First approach (fail): 17:46
Second approach (win): 21:00
Recap: 23:30
End: 25:43 - Наука та технологія
Write-ups (and corrections xD): github.com/Crypto-Cat/CTF/tree/main/ctf_events/ictf/pwn/links
The reason approach 1 failed was due to "date" being in the .rodata (read-only) section of the binary. We'll explore this more in the next video: ua-cam.com/video/GCkHwYBlsN8/v-deo.html
This was fantastic CryptoCat. Thank you for your dedication and regular content ❤
Thanks mate 💜 I really liked these challenges 😊 I see you have make videos as well, subscribed!
Another great one. Thanks for keeping your wrong paths and their explanations in the videos. Adds so much value for noobs like me.
Thanks mate 🥰 I always debate whether to keep failed approaches and rabbit holes in. It adds more time to already pretty long videos.. glad to hear it was useful 🙏
very interesting ! I still wonder how to send non ascii chars with python3... Had a very hard time to get root on HTB Overgraph and python3 didn't help. Had to do it manually. I hope you'll make a video on this once the box is retired, it's worth it imho
Awesome!💙
ty 💜
😎😎😎
ez dub lets ride
👊