How They Hack: Buffer Overflow & GDB Analysis - James Lyne
Вставка
- Опубліковано 24 бер 2015
- Following on from the simple buffer overflow demonstration this shows a more focused use of the ability to overwrite data enabling an attacker to control the return pointer and have the computer execute alternative code. We step through a simple binary, identify the flaw and then exploit it. This video will likely raise more security and exploitation questions than answer them (it is a big topic) but I hope that it inspires interest and enhances your understanding a little.
- Наука та технологія
This is literally some of the best and practical explaination conveyed so nicely, a low level stuff (pun intended :D), great respect
Seems you’ve stopped posting vids...but this is by far the best intro to BO and gdp our there. I salute you good sir, and please come back!
True
I agree. This was so much fun watching a BO practical example. I quite enjoyed it. 🤟✌️👏👏👏
Best video explanation of this seemingly complicated topic, thank you!
I am delighted, acquire so much understandable infromations , TY man!
This guy is freaking awesome. He explains it so much better than my professor :D.
How did you find the return pointer just by looking at the stack?
sooo helpful - would have been up all night doing my pset if it weren't for this video
Hi James, very nice video. I am interested in system programming, and it is so difficult to find a tutorial video like this. Please don't stop.
This video was so helpful, I watched it twice :)
Amazing explanation. Thanks a lot
Thanks for this wonderful analysis video....
This video is really high quality content!
Thank you for your awesome how-to!
The only thing that is NOT CLEAR from this video is how you guessed the return address? How did you know exactly which address should be replaced by B ascii values?
“x/1x $sp” should work
thank you so much for clear explanation. Please where can I find a full course of your courses ?
beautiful!!! just what I was after!
I understood properly, thank you sir for the video
Could you explain how do we identify the return address?
anoop john by radarex
When you print the stack with x/##x $esp, the first address that you call the offset, is that just the first address of the following 4 * 4 bytes?
Another good one keep up you have good representation way
Great video sir!
awesome video explained so much
James- great video
Why does the stack store new data towards the return pointer? Wouldn't going the opposite way ensure rp is never touched?
Thank youuuuu I have a little problem, saying that I can write into the buffer through an argv[1] once I figure how much character I need and I figute what the return pointer address is, if I execute ./program my payload + p32(address I need in hex) when I check gdb the return address changed but not to the address I need it to be, as if it read the "\" and the "x" of the little endian p32 as a value on their own, how can I change that?
Your legends sir your best ... You rock ..
much appreciation mate
Well explained. I got the flag I was looking for.
I'm finally getting it!!! 🎉
how do i ignore the gcc errors because of the implicit declarations of the "gets" function
More videos plzz ..
Is it possible to exploit packet buffer overflow due to slow data rate
This is awesome
Thank you sooo much
Which software is this?
I do the same exact step but i only have seg fault. Can It be because the Memory region of my eip( return pointer) Is only readable?
Superb
V well explained
If i want to put a shellcode , the return address is the bottom of the stacj ,isn't it ?
8:50 I'm really confused on how he can tell it's the return pointer
Exactly my point. how do u determine the return pointer
@@tlehloba Usually, trial and error
You can find it out by checking push/pop instructions, which push items onto the stack frame or pop from it , in the disassembled function. The return pointer of a function is pushed on the stack when it's called,.
@@kraken3950 thank you mann you saved the day
good stuff
awesome
You do know u used the same superman lone in both buffer videos right? Haha just teasing thank you for answering questions that nobody else could
what if we do not have an $esp register after the gets function? instead I have $rax register
its 64-bit application,you will find $rsp instead of $esp
>>Thank U so much
How to identify the return pointer?
first you do break main, then when you run and it hits the first break point at main you can do info frame and it will give you the rbp/ebp (depending on whether you run on 64 or 32 bit architecture). It will also give you the eip/rip this is the location of the return pointer
Anybody else getting a cannot access memory address error after setting breakpoints?
❤
Why does the address of the granted function needs to be written down in little endian?
because the value we are storing at a particular memory address must be stored in hex. Little endian specifies that it is already in hex otherwise we would not be able to differentiate between python string or python reference to hex value
Кто сделал лабу? В лс скиньте плез)
teach me more about hacking an android device
The code is not compiling
This does not work! maybe it did on what ever system you used ? But it doesn't work on unbuntu 20.04, cannot over write return of gets, no matter what I try!
ne och
+Abay Zhunus главное дедлайн продлили)
ai dento
Тем временем до дедлайна 47 минут
Че там 8 лабка ма? ахахахахха
Какая ? )
В будущем это уже 7я лаба)😂
Instead of 0x41414141 I get 0x565561f5 which is my ret address.
I got the address working when I used the example code from kuafu1994.github.io/HackWithGDB/ASM.html
nbbbbbnbnbnkjbjkbjkbjkbjkbjkbjkbjkbjkbkjbjkb
Has anyone really been far even as decided to use even go want to do look more like?
Oatify Er... take a deep breath and then try again...
you don't use nano? I can't watch this.
Seems like finally some1 explained properly without much hassle. :))
can I have your linkedin account i've a challnge for u
How to identify the return pointer?
first you do break main, then when you run and it hits the first break point at main you can do info frame and it will give you the rbp/ebp (depending on whether you run on 64 or 32 bit architecture). It will also give you the eip/rip this is the location of the return pointer.
@@breakingcode92 How do you determine eip/rip?