x64 ret2win - LINUX Buffer Overflow (PicoCTF 2022 #41 'x-sixty-what')
Вставка
- Опубліковано 26 кві 2022
- Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ j-h.io/patreon ↔ j-h.io/paypal ↔ j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# j-h.io/c2dev
👨🏻💻7aSecurity ➡ Hacking Courses & Pentesting j-h.io/7asecurity
📗Humble Bundle ➡ j-h.io/humblebundle
🐶Snyk ➡ j-h.io/snyk
🌎Follow me! ➡ j-h.io/discord ↔ j-h.io/twitter ↔ j-h.io/linkedin ↔ j-h.io/instagram ↔ j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ j-h.io/sponsorship
🚩 CTF Hosting Requests ➡ j-h.io/ctf
🎤 Speaking Requests ➡ j-h.io/speaking
💥 Malware Submission ➡ j-h.io/malware
❓ Everything Else ➡ j-h.io/etc
"Don't forget guys, don't blindly trust any old code on the internet. That being said, I'm going to blindly trust this code on the internet."
I had a real good laugh at this, thank you for your great humor John!
You're really good at explaining how this works ! Thank you John for sharing your knowledge !
I have watched all your earlier binary exploitation videos and this video definitely adds a bit more context and knowledge that I was missing when it comes to x64 and the IP differences. The canonical address stuff makes sense now. Thank you :) I also love that you effed up with the print statement, I do similar stupid stuff all the time 🤦🏻♂️😆
This is brilliant and very clear explanation...thanks for sharing
I love yours vídeos.
Made me understand 64 bit still more.
Very nice. Made me understand 64 bit a lot better
This is pure gold... thx so much!
Thanks for these videos! My GDB crashed on printf, and googling the error revealed that the issue was that the flag string was not 16 byte aligned. Skipping the opcode "0x40123a push rbp" happens to keep the stack pointer aligned and that's why it worked 🤓
Thank you John!!
Very great information!!!
Awesome!!!
I'd have liked to see you use r2 for this ctf.
I saw that the buffer overflow 3 has less than 500 solves, I hope we can get a video about it
Jeff is the real MVP
Hey man!!
"A gimmick is a novel device or idea designed primarily to attract attention or increase appeal, often with little intrinsic value."
Hardly anything to do with the meaning seemed to be intended in this video.
@@mellowgeekstudio Exactly.
cool
Hello,
I did exactly the same as it was done in this video, but my attack failed and I don't know why. The only difference between my attack and Hammond's was the flag function's address. In this video it was 0x0000000000401236. Mine was 0x0000000000001191. When I enter an overflow string into my program, it gets a segmentation fault, but the flag function is not called. When I check the changed RIP, it is something different than I have actually inputted, it is something like 0x555555bf-something, but I didn't put these numbers anywhere.
Am I missing something?
Very cool! I was struggling with this one and the video was very clearly explained. Quick question: what do you use to run Kali in a VM? My VirtualBox instance is very slow and I have a super beefy computer (32GB RAM, i7 CPU, RTX3080 graphics). I enabled 3D acceleration and put half of the resources available for the box (16GB memory, 8 cpus, max video memory) but it's super slow. Virtualization is enabled in bios.
PS: I prefer to use `echo -e "AAAA...\x3b\x12\x40"` for piping input into the binary, I think the python makes it confusing.
maybe ur using hdd instead of SSD? it's a very huge difference
make sure to put the VM files on SSD
I have no idea if this is something that might be significant, I am new to all this,
but what I did notice was that my VirtualBox instance ran a lot slower than my VMware instance, I don't know if it is worth a try changing to the VMware?
32:05 ColdFusion's post says "Examining RSP... so RIP is at offset 120" and John does the same. Why does matching the pattern at RSP give us the offset for RIP? Is it because RSP comes immediately after RIP in memory, and because its a non-canonical address RIP "gets skipped"? If so, is RSP always immediately after RIP in memory? Thanks
When you hit the leave instruction the rsp will point on the return address the same that will be poped into the rip
Also ret seems to not pop that adress if its not canonical
@@rabiaawasmi1554 I see, thank you!
Video did a terrible job at making that clear.
This one is the longest one
Can someone please explain me what is
makes it fill the bytes to be the size of QWORD (8 bytes)
How long are you in this business ....6 years or more?
Gdb ?
Pro? Structured data in structured data
We need a "gimmick" counter 😂
and a "press the i believe button" counter 😂
R15?
Given GEF is written in Python, why isn't it just pip installable?
pip is for adding code packages to your python development environment
@@drewzilla1263 no, if I for example use pip install black I can use black globally and not just in my development environment
What this metta spa
Yt algo things 👍
Rax,rcx, explain
It's GIF not GIF...