Format String Exploit and overwrite the Global Offset Table - bin 0x13

preview_player
Показать описание


-=[ 🔴 Stuff I use ]=-

-=[ ❤️ Support ]=-

-=[ 🐕 Social ]=-

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#BinaryExploitation #FormatString
  1. LiveOverflow
  2. how to hack
  3. hacking tutorial
  4. reverse engineering
  5. information security
  6. ethical hacking
Рекомендации по теме
Format String Exploit 0:11:58

Format String Exploit and overwrite the Global Offset Table - bin 0x13

Format String Exploits 0:17:05

Format String Exploits - Writing Data

Format String printf 0:19:44

Format String printf Vulnerabilities (PicoCTF 2022 #46 'flag-leak')

A simple Format 0:10:01

A simple Format String exploit example - bin 0x11

#BinaryExploitation #FormatString Format 1:19:38

#BinaryExploitation #FormatString Format String Exploit and overwrite the Global Offset Table

Format String Exploit: 0:12:16

Format String Exploit: Bypass NX bit by overwriting an entry in GOT table

Format String Exploits 0:09:47

Format String Exploits - Introduction

GOT overwrite with 0:36:48

GOT overwrite with Format String - pwn108 - PWN101 | TryHackMe

7: Format String 0:18:32

7: Format String Vulnerabilities (printf) - Buffer Overflows - Intro to Binary Exploitation (Pwn)

9: Overwriting Global 0:26:56

9: Overwriting Global Offset Table (GOT) Entries with printf() - Intro to Binary Exploitation (Pwn)

GOT Overwrite Attack 0:12:24

GOT Overwrite Attack Using Format String Vulnerability || Binary Exploitation - 0x14

Playing around with 0:11:11

Playing around with a Format String vulnerability and ASLR. format0 - bin 0x24

Format String Exploit 0:24:59

Format String Exploit Troubleshooting Over Twitter - bin 0x11 b

PICO CTF 2013 0:09:15

PICO CTF 2013 - Format 2 (Format string exploit)

pwn/impossible_v2 HeroCTF 2023 0:06:41

pwn/impossible_v2 HeroCTF 2023 - printf GOT overwrite

Format String Exploits 2:20:30

Format String Exploits - CSE598 - Robert - 2024.02.02

Format String Vulnerabilities 0:13:02

Format String Vulnerabilities | Binary Exploitation | PicoCTF Stonks

Exploit Development | 0:08:33

Exploit Development | Format Strings Series 6/6 - x64 exploitation + Final thoughts

Format String Vulnerability: 0:10:44

Format String Vulnerability: Leak Content from the Stack

Binary Exploitation, Heap-Based 0:01:15

Binary Exploitation, Heap-Based Buffer Overflow - Overwrite Function Pointer

Format String Vulnerability 0:27:27

Format String Vulnerability Explained | CTF Walkthrough

Introduction to format 0:11:21

Introduction to format string vulnerabilities

GOT overwrite to 0:12:25

GOT overwrite to code redirection Tamil | Binary exploitation | format string bug | #GOT #pwn | 0x12

Format String to 0:13:25

Format String to dump binary and gain RCE - 33c3ctf ESPR (pwn 150)

Комментарии
Автор

Probably one of the hardest exploits to grasp in your series, but once you do, damn! It's beautiful

nikoshalk
Автор

can't overwrite the return pointer? no prob, we GOT this :P

mequambluespark
Автор

now..that's a lot of info to grasp....and again...i'm going to watch this 10 times

thrndm
Автор

This channel is the best for learning Binary Exploitation, thanks for those amazing videos.

rakshitawasthi
Автор

For the "double write", instead of %n(int*), we could use %hn(short int*)

stek
Автор

That method of setting the GOT entry from 0x84b4 to 0x0804 is insanely cool. What I did was write the bytes in reverse, where I switched the order of the addresses I used as input and wrote 0x0804 to the first half of the address and then then wrote 0x84b4 to the second half. Worked in format3, but I've got to try your method too.

epicm
Автор

I've had to watch this a few times to understand it but I've learned a lot. Carry on doing what you do!

nicolasschleicher
Автор

Thanks this video really helped with my school assignment to overwrite the GOT

grelyelo
Автор

you could also write individual bytes with "%hhn" (half half int = byte)

sciencebug
Автор

Python tip @5:10: this pad function should just be .ljust(512, 'X')

Anonymouspock
Автор

Im a big fan, I know this is old, but the EXIT_PLT name confuses, cause its actually EXIT at GOT, right? Such a good material keep up the good work!

dplastico
Автор

Awesome tutorial as usual.
By the way, do you use the shellcoder's handbook as resource for making these? It seems like you cover the book's topic in sequence pretty smoothly, which also lines up with the exploit exercises.

Occcc
Автор

Question you ask @10:13 "How do we get a lower number, if we can only increase the amount of character?"
I would respond with, "You write the lower number first?"
I am guessing that the reason you don't write the lower number first, is because of what you mention later, about the least significant bytes actually overwriting the entire 4 bytes? ie. the second write would clobber the higher bytes from the first write. Is that right?

typedeaf
Автор

good stuff.. thanks for showing people how to hack and not to use auto-tools. <3

rekhispagatos
Автор

i think actually 4000 people look this video 10 times XD

niektuytel
Автор

6:58 i am not sure what is that supposed to mean: does the size of buffer matter? as long as the 134513844 is not bigger as the max memory limit of the current process(or stack?), we can at the end overwrite address in GOT.

xkjg
Автор

We can divide the address further into bytes, so we need to print even less.

Also, why do you pad the input there? I don't think its required for the exploit to work.

__mk_km__
Автор

wow i think this is the most difficult episode so far

tenghaooo
Автор

For me, i always use "info functions" in GDB because it will display all the functions and their address in the program

Zuzu-fqiv
Автор

Why is the global offset table's address remaining the same? Won't it change with ASLR?

achyuthvishwamithra