filmov
tv
Shellcode Execution (ret2shellcode) - pwn104 - PWN101 | TryHackMe
Показать описание
Hijacking the program's execution flow in order to execute our payload, which conveniently corresponds to assembly instructions/code that spawn a shell (Shellcode), an attack that is commonly referred to as ret2shellcode or simply shellcode execution. This time we are abusing a buffer overflow caused by the misuse of read. The address of the buffer on the stack (where we want to jump to in order to execute the shellcode) is leaked by the binary itself, thus allowing us to bypass ASLR with ease. In this video ASLR and the concept of Shellcode are introduced. Detailed explanation is given as to how execute the shellcode. Step-by-step tutorial solving pwn104 from PWN101 binary exploitation room on TryHackMe.
More on shellcode execution:
More on ASLR (Address Space Layout Randomization):
00:00 - Intro
00:14 - Checking binary protections
00:59 - Executing the binary
01:17 - Segmentation fault (vuln)
01:44 - Analyzing binary's output
02:32 - ASLR (Address Space Layout Randomization)
06:53 - Disassembling the binary
07:28 - read() function
08:30 - Disassembling the binary
09:49 - Shellcode
10:57 - Recap
12:22 - Shellcode address leak
13:46 - Shellcode as input
14:19 - Looking for shellcodes
14:52 - Shellcode as input
16:30 - Writing the exploit
18:01 - Exploiting locally
18:30 - Exploiting remotely
19:10 - Debugging the connection
19:47 - Exploiting remotely
20:33 - Reading the flag
20:58 - Outro[*]
Exploit code, not people.
Twitter: @Razvieu
*Outro track: Etsu - Selcouth
GG
More on shellcode execution:
More on ASLR (Address Space Layout Randomization):
00:00 - Intro
00:14 - Checking binary protections
00:59 - Executing the binary
01:17 - Segmentation fault (vuln)
01:44 - Analyzing binary's output
02:32 - ASLR (Address Space Layout Randomization)
06:53 - Disassembling the binary
07:28 - read() function
08:30 - Disassembling the binary
09:49 - Shellcode
10:57 - Recap
12:22 - Shellcode address leak
13:46 - Shellcode as input
14:19 - Looking for shellcodes
14:52 - Shellcode as input
16:30 - Writing the exploit
18:01 - Exploiting locally
18:30 - Exploiting remotely
19:10 - Debugging the connection
19:47 - Exploiting remotely
20:33 - Reading the flag
20:58 - Outro[*]
Exploit code, not people.
Twitter: @Razvieu
*Outro track: Etsu - Selcouth
GG
0:23:24
Part 2: Shellcode Execution with Python | Joff Thyer
0:05:57
9 Generating Shellcode and Getting Root
0:03:23
Generating Shellcode and Gaining root RCE
0:11:37
Generating Shellcode With Msfvenom
0:05:00
PoC Shellcode Injection
0:42:31
Tryhackme - pwn104 writeup (ret2shellcode) | tamil
0:26:03
Execution Flow Hijacking (ret2win) - pwn103 - PWN101 | TryHackMe
0:03:23
Generating Shellcode and Gaining root RCE
0:07:49
Pwn | NTUSTISC bof (ret2text)
0:34:15
TryHackMe Aratus
0:27:33
Dirty Pipe! [Recent Threats - Part 4] -- TryHackMe LIVE!
0:06:09
Nimcrypt Demo (Public & Undetected Private Versions)
0:13:10
Aratus-Tryhackme room | Aratus walkthrough
0:31:02
TryHackMe #395 ContainMe
0:06:15
404 Starlink Open Source Security Tool Demonstration - fscan
0:06:40
404 Starlink Open Source Security Tool Demonstration - KunLun-M
0:15:14
Buffer Overflow to Modify Variable Values - pwn102 - PWN101 | TryHackMe
0:36:18
TryHackMe #476 CVE-2022-26923
0:14:53
Exploiting Buffer Overflow (BOF) tutorial - pwn101 - PWN101 | TryHackMe
0:36:24
Exploiting Format String vulnerabilities tutorial - pwn106 - PWN101 | TryHackMe
0:08:06
picoGym (picoCTF) Exercise: buffer overflow 2
0:03:29
Intro - Binary Exploitation (PWN101) room on TryHackMe
0:15:42
Tryhackme - pwn101 writeup | tamil
0:29:13
Aratus TryHackMe
Комментарии