Exploit Development | Format Strings Series 5/6 - Memory leak + ASLR bypass

preview_player
Показать описание

Environment: Ubuntu 16.04 x86
To enable ASLR (should be enabled by default): echo 2 | sudo tee /proc/sys/kernel/randomize_va_space

If you enjoyed this video, feel free to donate to your favorite open source tool. There are some great people out there providing us with amazing tools that allow us to do these stuff.
  1. 0x4ndr3
Рекомендации по теме
Exploit Development | 0:08:33

Exploit Development | Format Strings Series 6/6 - x64 exploitation + Final thoughts

Exploit Development | 0:11:12

Exploit Development | Format Strings Series 1/6 - Intro and dumping sensitive data

Exploit Development | 0:07:49

Exploit Development | Format Strings Series 4/6 - Rewriting the GOT table

Exploit Development | 0:07:17

Exploit Development | Format Strings Series 2/6 - Redirecting code flow

Exploit Development | 0:09:28

Exploit Development | Format Strings Series 5/6 - Memory leak + ASLR bypass

Exploit Development | 0:08:58

Exploit Development | Format Strings Series 3/6 - More control over the writing process

format0 // protostar 0:09:34

format0 // protostar / A simple format string exploit exercise // exploit development../// writeup

Remote format string 0:13:45

Remote format string exploit in syslog() - bin 0x1E

A simple Format 0:10:01

A simple Format String exploit example - bin 0x11

Adapting the 32bit 0:09:46

Adapting the 32bit exploit to 64bit for format4 - bin 0x27

format2 ! Protostar 0:06:21

format2 ! Protostar // A simple format string exploit exercise // exploit dev/ writeup

Format String Exploits 0:09:47

Format String Exploits - Introduction

Ch 4 Format 0:43:20

Ch 4 Format string bugs

CNIT 127 Ch 0:42:14

CNIT 127 Ch 4: Introduction to format string bugs

Format String #shorts 0:00:57

Format String #shorts

OSED Week 11 0:15:11

OSED Week 11 | Format String Specifier Attack

RGui 3.4.4 POC 0:00:42

RGui 3.4.4 POC | Vanilla Structured Exception Handling Overflows | Exploit Development

Format String Attack 0:48:40

Format String Attack | Exploit Development #Desafio02 Beco do Exploit #VM29 - Pegasus 1

Format String printf 0:19:44

Format String printf Vulnerabilities (PicoCTF 2022 #46 'flag-leak')

Getting Started with 1:40:09

Getting Started with Exploit Development

Intro Format String 0:16:31

Intro Format String Vulnerability | PicoCTF 2017 [39] 'I've Got a Secret'

Format String Vulnerabilities 1:03:32

Format String Vulnerabilities – The Impact Of A Leaky Program

160 - Some 0:43:48

160 - Some Browser Exploitation and a Format String Bug? [Binary Exploitation Podcast]

Exploit Development Part 0:28:44

Exploit Development Part 5

Комментарии
Автор

Good to see high quality videos on bypassing ASLR.

I was getting into making my own cool stuff but I gave up to learn regular corporate stuff and because ASLR on Windows was ruining my code.

I followed an old tutorial on 0x00sec and managed to route the start of execution on any binary to a code cave, calling MessageBoxA, but when I tried jumping back to main()/original entry point it crashed because I was getting the RVA inside the program instead of the actual address in memory, which is what Id need to push onto the stack.

I think overflow exploits are the way to go.

I havent tried this, but can you not simply find main() and overwrite whatever comes before it with shellcode, reouting execution to that point? So then after shellcode is run main() would run and execution would follow as normal.

victorandreverdipereira
Автор

Amazing content. I would love to see more!

michalisp.
Автор

Nice tutorial. Thx.a lot. Can you explain in 6m:13s, the code show what = leak -0x5a0 - 0x1b2000 + 0x3ada0. The hex number 0x5a0 came from what place ?

pwndumb
join shbcf.ru