PWN - Bruteforcing Stack Canaries (PicoCTF 2022 #44 'buffer-overflow3')

I've been watching all of your CTF videos for 2022 and dude, you do a fantastic job at explaining everything, even when your dead tired at 1 in the morning you still take time to explain everything in detail. Thank you for making me fall in love with pen testing and cyber security even more than I already am! You go John!

PS I did the YouTube things 😉

MrToast

Great stuff! I'm finally getting to piece together what pwntools does. (I understand buffer overruns etc. fairly well, but these automated tools are new to me). What would be even better would be some sort of O'Reilly book or the like on it. (Yes, I'd even buy a dead tree edition.)

logiciananimal

Dude! Please do more of these. It is way more helpful to see you "bump around" (and thereby realize that you are human) than to just see you figure out complex problems in a millisecond and feel like a complete dummy when it takes me hours to figure out the same thing (if I ever do!). PLUS, we get to see your "debugging" process, which is super, super helpful. Thanks for the content as always.

kevinwilson

First, t'looks like gonna learn something new again..

verolyn

I appreciate watching the full process of figuring it out. A lot of videos just speed through things and I’m left thinking “how did you see that so quickly?” Watching you do your thing as is also teaches the problem solving process which is just as important.

CrazedMachine

Great content
Thanks sir for providing this type of knowledge 🔥🔥🔥

SalmanKhan.

Great content as always. Thank you for sharing. I am learning a lot about python.

LDowning

You can access the man pages of read with `man 2 read`.
This is because read is a syscall, not a library function, so it's docs are in section 2 of the manual. Section 3 is for libraries.

Hope ppl will find it helpful.
Keep up the great work!

edi

Can we somehow exploit the fact that the local stack canary is copied from a global variable instead of brute forcing (e.g. if the canary was less "brute-forceable")?

ugurre

Damn my script works locally but somehow it doesn't work remotely. Could you please provide your source code to test? Thanks!

unutilisateurdeyoutube

Hello my friend,
at startup of video you are struggling with sscanf, it seems to me that you do didn t spotted the 2 's' : sscanf is different than scanf.
first parameter of sscanf is a pointer to a buffer which is called length in this instance, thats why your printf %d returns random number, and should be replaced by %p in order to be compliant with the type which is a pointer
thanks for all the rest

tbremard

Today is my eyes chemical to facing problem nover problem chemical to face 👀 not problem

bhagyalakshmi

Dive to ip address number dive files open remo light attending after again to everyone that red colour process signal to dry flowers

bhagyalakshmi

18:40 that offset variable was haunting me since the last two videos.
Great video.

root

Desc, asc date rood ing number attending

bhagyalakshmi

next time try socat for the binary as local service listen over tcp.

bech

Rdi, RSI,rdx buf function using number

bhagyalakshmi

Concrete wall for you breaking information

bhagyalakshmi

Volume button purposes hi volume
Exl, rop reply

bhagyalakshmi

Volume button purposes hi volume
Exl, rop reply

bhagyalakshmi