28:15 We don't need to specifically use ret after the 32 A. We basically need to overflow RBP with 8 bytes and reach the return address which then should be overflown by a canonical address which is the case for main(). We could potentially start our payload with "A"*40 and directly after that we use p64(main_function). Other than that cool video thank you!
Having just watched the longer video with you and Matt as a primer to this, this video is excellent and a wonderful distillation of the key information in that video. Very very cool, and very informative! Well done and thank you :)
@ImJykai can't die with life insurance 🤷♂️ valid point get me in on that insider life extender policy which gets me the added guaranteed 25 years of healthy living please
I could be wrong but I think that there were no stack alignment issues at the start. The reason that you need to add one ret instruction was, that you were overwriting RBP which is base pointer, but return address is just after base pointer on stack so you need to add 8 more bytes to control RIP. But great video❤
I like the technique a lot.... props to the folks who made pwntools, it's something else. Now, please pretty please.... can you run one of these using a modern binary that is not thrown together with obvious buffer overflows that one might have to work a little harder to get anywhere with? I totally appreciate this is sorta beginner level binary exploitation, but I do wonder if there is an intermediate -> expert level set of techniques that every day red teamers use on the bleeding edge of ethical hacking
hello John tysm for this amazing video, I am a ctf player how is still trying to decide which category to focus on, and this video inspired me to look more at PWN. again tysm
Hey John, I'm a biologist from Brazil who likes very much programming in general and security. I learn a lot with you! I was uncertain if it'd be good to say what I'm gonna say, but though you might find it interesting (you are totally free to delete the comment if you want, I'm not gonna bother with that!) and might find it cool to learn something new (as I always find, learning with your videos hehehe) and with no practical utility for you (totally nerdy thing to know). So: In the thumb, the snake you put there is not a python, actually it is another type of snake, a viper. I can tell it by some characteristics, such as its fangs. Viper have these big rear fangs, used to inject venom. Python snakes have no big hear fangs and also no venom. The prey is killed by constriction instead of venom. Again: just saying, I'm not by any means criticizing your work or meaning you "should've known this".
Snyk needs support for Rust... Er maybe they wait until the trademark RFC is decided since that might affect them if they were to try and develop something for it.
I've been coding for years, have completed projects in 4 languages, run a web3 coding discord with hundreds of members, and still this is all absolutely nonsense to me lol Shit's wild.
Hey John. I really like your content, so don't take this the wrong way. I've been wondering why I regularly have trouble focusing throughout your videos, and I think I've come to the conclusion that it's because you speak very "loudly" (not in amplitude obviously, but in articulation), which when listening for longer periods of time, can become quite mentally tiring. A bit like being yelled at for 44 minutes. Not sure if it's just my neurodivergent ass, but I thought I'd mention it. I mean, I assume you compress the audio as well to increase loudness, and if people need it louder, they can just increase the volume. I am 100% sure people will still find your videos interesting and engaging with a little less power on the speak. Keep up the great work though!
You are on a roll with uploads. I love your content.
Yeee.
28:15 We don't need to specifically use ret after the 32 A. We basically need to overflow RBP with 8 bytes and reach the return address which then should be overflown by a canonical address which is the case for main().
We could potentially start our payload with "A"*40 and directly after that we use p64(main_function).
Other than that cool video thank you!
Having just watched the longer video with you and Matt as a primer to this, this video is excellent and a wonderful distillation of the key information in that video. Very very cool, and very informative! Well done and thank you :)
Dang bro you've got 500k subs now? I remember when you only had 10k
First 🥇🏆 to reply here. Hehe. Yeah, he's one of the biggest ethical hackers on UA-cam now. Hehe
With you on that. John's one of the first people who got me really into this stuff. Now I'm over here in the field living it
@@JacobWK yeah man i tried but ultimately, hacking aint for me. Id rather sell you a life insurance policy then go home and crack a beer lol
@ImJykai can't die with life insurance 🤷♂️ valid point get me in on that insider life extender policy which gets me the added guaranteed 25 years of healthy living please
Time flies man - feel you
The hair is a flowing sea of beauty
I could be wrong but I think that there were no stack alignment issues at the start. The reason that you need to add one ret instruction was, that you were overwriting RBP which is base pointer, but return address is just after base pointer on stack so you need to add 8 more bytes to control RIP. But great video❤
I like the technique a lot.... props to the folks who made pwntools, it's something else. Now, please pretty please.... can you run one of these using a modern binary that is not thrown together with obvious buffer overflows that one might have to work a little harder to get anywhere with? I totally appreciate this is sorta beginner level binary exploitation, but I do wonder if there is an intermediate -> expert level set of techniques that every day red teamers use on the bleeding edge of ethical hacking
hello John tysm for this amazing video, I am a ctf player how is still trying to decide which category to focus on, and this video inspired me to look more at PWN. again tysm
Some leet haxing there 👍😍Thankfully stack-overflow attacks are hard to pull off 😨
Hey John, I'm a biologist from Brazil who likes very much programming in general and security. I learn a lot with you! I was uncertain if it'd be good to say what I'm gonna say, but though you might find it interesting (you are totally free to delete the comment if you want, I'm not gonna bother with that!) and might find it cool to learn something new (as I always find, learning with your videos hehehe) and with no practical utility for you (totally nerdy thing to know). So: In the thumb, the snake you put there is not a python, actually it is another type of snake, a viper. I can tell it by some characteristics, such as its fangs. Viper have these big rear fangs, used to inject venom. Python snakes have no big hear fangs and also no venom. The prey is killed by constriction instead of venom.
Again: just saying, I'm not by any means criticizing your work or meaning you "should've known this".
Can you help me learn Python like in this video? Please give me some keywords. What is so different about CTF coding and common coding?
A pleasure to watch your content Bro, keep doing your thing man 🎉
Was waiting for this content thanks John lots of love from Goa 🔥❤️❤️❤️❤️❤️❤️
Nice DEFCON t-shirt!
The exploit worked locally for me.
But when I did the remote. It doesn't work. Dk why maybe some stack alignment issue. My local Ubuntu is 23.04.
I tried to compile the binary locally without using the docker stuff. But then I don't have the pop instructions in my binary.
Why is that?
Hello, what is the first video in which you explain how to learn reverse engineering. I mean how to learn reverse engineering from scratch
Best channel ever
Nice one john ❤️❤️❤️
Snyk needs support for Rust... Er maybe they wait until the trademark RFC is decided since that might affect them if they were to try and develop something for it.
I've been coding for years, have completed projects in 4 languages, run a web3 coding discord with hundreds of members, and still this is all absolutely nonsense to me lol
Shit's wild.
8:05 memo~
Sir I am your big fan and i feel motivated after seeing your video
I have a issue can you tell me roadmap to become in hacking level
🔥🔥🔥
Damn that is cool to watch.
You are super talented. 🙏
finally, thanks dude. i feel seen.
This video is gold
Day 3 of requesting to make videos on picoCTF 2023.
Please.
It's been on my list, I'll see how many I can put together!
@@_JohnHammond oh thank you 😁
4:12
Hey John. I really like your content, so don't take this the wrong way. I've been wondering why I regularly have trouble focusing throughout your videos, and I think I've come to the conclusion that it's because you speak very "loudly" (not in amplitude obviously, but in articulation), which when listening for longer periods of time, can become quite mentally tiring. A bit like being yelled at for 44 minutes. Not sure if it's just my neurodivergent ass, but I thought I'd mention it. I mean, I assume you compress the audio as well to increase loudness, and if people need it louder, they can just increase the volume. I am 100% sure people will still find your videos interesting and engaging with a little less power on the speak. Keep up the great work though!
The most beautiful 44 minutes of my life
Really nice👍!
Character watch scatter baheru letters was alf 'a,z' character
3:56
0:59
cool
Rsp what
I'm talking about apps
22:5
5:11
The snake on the thumbnail is not a python, bro, its not even a boa...see the fangs that's a viper...
first
Cmp
You're my hero
R11,all numbers 🔢 list explain