7: Format String Vulnerabilities (printf) - Buffer Overflows - Intro to Binary Exploitation (Pwn)
7th video from the "Practical Buffer Overflow Exploitation" course covering the basics of Binary Exploitation. In this video we'll look at format string vulnerabilities (printf) which can be exploited by attackers to leak values/address off the stack and even perform write operations, leading to code execution. We'll use checksec, ghidra, pwndbg and write a fuzzing script with pwntools! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #BinaryExploitation #BufferOverflow #BinExp #RE #Pwn #PwnTools
Find the binary files, source code and scripts to go with the series @ https://github.com/Crypto-Cat/CTF/tree/main/pwn/binary_exploitation_101
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Binary Exploitation / Reverse Engineering↣
Pwn.College: https://pwn.college
How2Heap: https://github.com/shellphish/how2heap
NightMare: https://guyinatuxedo.github.io
Ir0nstone: https://ir0nstone.gitbook.io/notes/types/stack
PinkDraconian: https://www.youtube.com/playlist?list=PLeSXUd883dhjmKkVXSRgI1nJEZUDzgLf_
More: https://github.com/Crypto-Cat/CTF#readme
↢Video-Specific Resources↣
https://vickieli.dev/binary%20exploitation/format-string-vulnerabilities
https://codearcana.com/posts/2013/05/02/introduction-to-format-string-exploits.html
https://axcheron.github.io/exploit-101-format-strings
https://docs.pwntools.com/en/stable/fmtstr.html
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
HackTricks: https://book.hacktricks.xyz/exploiting/linux-exploiting-basic-esp
GTFOBins: https://gtfobins.github.io
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Basic File Checks: 1:00
Review Source Code: 2:28
printf() Format Vuln Basics: 3:58
Leaking Values from the Stack: 5:10
Difference with %s Format Specifier: 8:07
Format String Write (%n) Exploit Basics: 10:46
PwnTools Fuzzing Script: 14:32
Disassemble with Ghidra: 15:42
Compare to x64 Binary: 16:37
End: 18:26
Видео 7: Format String Vulnerabilities (printf) - Buffer Overflows - Intro to Binary Exploitation (Pwn) канала CryptoCat
Find the binary files, source code and scripts to go with the series @ https://github.com/Crypto-Cat/CTF/tree/main/pwn/binary_exploitation_101
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Binary Exploitation / Reverse Engineering↣
Pwn.College: https://pwn.college
How2Heap: https://github.com/shellphish/how2heap
NightMare: https://guyinatuxedo.github.io
Ir0nstone: https://ir0nstone.gitbook.io/notes/types/stack
PinkDraconian: https://www.youtube.com/playlist?list=PLeSXUd883dhjmKkVXSRgI1nJEZUDzgLf_
More: https://github.com/Crypto-Cat/CTF#readme
↢Video-Specific Resources↣
https://vickieli.dev/binary%20exploitation/format-string-vulnerabilities
https://codearcana.com/posts/2013/05/02/introduction-to-format-string-exploits.html
https://axcheron.github.io/exploit-101-format-strings
https://docs.pwntools.com/en/stable/fmtstr.html
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
HackTricks: https://book.hacktricks.xyz/exploiting/linux-exploiting-basic-esp
GTFOBins: https://gtfobins.github.io
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Basic File Checks: 1:00
Review Source Code: 2:28
printf() Format Vuln Basics: 3:58
Leaking Values from the Stack: 5:10
Difference with %s Format Specifier: 8:07
Format String Write (%n) Exploit Basics: 10:46
PwnTools Fuzzing Script: 14:32
Disassemble with Ghidra: 15:42
Compare to x64 Binary: 16:37
End: 18:26
Видео 7: Format String Vulnerabilities (printf) - Buffer Overflows - Intro to Binary Exploitation (Pwn) канала CryptoCat
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![Decoding, Brute-Forcing and Crafting Flask Session Cookies - "web-intro" [DefCamp CTF 2022]](https://i.ytimg.com/vi/dA28abgc57o/default.jpg)
Decoding, Brute-Forcing and Crafting Flask Session Cookies - "web-intro" [DefCamp CTF 2022]
Day 4 - HTB Cyber Santa CTF: HackTheBox Capture The Flag 2021![Emdee Five for Life [easy]: HackTheBox Misc Challenge (BeautifulSoup / Burp Intruder)](https://i.ytimg.com/vi/n0Dg-19DB9Y/default.jpg)
Emdee Five for Life [easy]: HackTheBox Misc Challenge (BeautifulSoup / Burp Intruder)![Buffer Overflow (ret2win) with 5 char* Arguments - "Vader" Pwn Challenge [Space Heroes CTF 2022]](https://i.ytimg.com/vi/DRgpQvraTUo/default.jpg)
Buffer Overflow (ret2win) with 5 char* Arguments - "Vader" Pwn Challenge [Space Heroes CTF 2022]![fs0ciety [easy]: HackTheBox Misc Challenge (ZIP cracking)](https://i.ytimg.com/vi/-cc1k6AwsLE/default.jpg)
fs0ciety [easy]: HackTheBox Misc Challenge (ZIP cracking)![BitsNBytes [hard]: HackTheBox Stego Challenge (Stego Helper Identification Tool)](https://i.ytimg.com/vi/sI7dQaEp-mE/default.jpg)
BitsNBytes [hard]: HackTheBox Stego Challenge (Stego Helper Identification Tool)![Eat the Cake! [medium]: HackTheBox Reversing Challenge (UPX packing)](https://i.ytimg.com/vi/-x4MZXtnUt4/default.jpg)
Eat the Cake! [medium]: HackTheBox Reversing Challenge (UPX packing)
Forensics Challenges - HTB x Synack RedTeamFive Capture The Flag (CTF) 2021![Marshal In The Middle [medium]: HackTheBox Forensics Challenge (decrypt TLS traffic in wireshark)](https://i.ytimg.com/vi/6WYN66mygaA/default.jpg)
Marshal In The Middle [medium]: HackTheBox Forensics Challenge (decrypt TLS traffic in wireshark)![Blue Shadow [medium]: HackTheBox Forensics Challenge (tweetlord)](https://i.ytimg.com/vi/8CawjASJi0Q/default.jpg)
Blue Shadow [medium]: HackTheBox Forensics Challenge (tweetlord)
Pwn: clutter-overflow - picoMini CTF 2021 Challenge
NahamCon CTF 2022: Web Challenge Walkthroughs![Pusheen Loves Graphs [easy]: HackTheBox Misc Challenge (IDA Pro)](https://i.ytimg.com/vi/z6kvBBxlSgc/default.jpg)
Pusheen Loves Graphs [easy]: HackTheBox Misc Challenge (IDA Pro)![Forget Me Not [medium]: HackTheBox Forensics Challenge (volatiliy .dwarf files)](https://i.ytimg.com/vi/GJSALoiVHko/default.jpg)
Forget Me Not [medium]: HackTheBox Forensics Challenge (volatiliy .dwarf files)![JWT Key Confusion & Nunjucks SSTI - "Naughty or Nice" [Day 5: HackTheBox Cyber Santa CTF]](https://i.ytimg.com/vi/tV7C6HSrtm4/default.jpg)
JWT Key Confusion & Nunjucks SSTI - "Naughty or Nice" [Day 5: HackTheBox Cyber Santa CTF]![Manager [easy]: HackTheBox Mobile Challenge (APK Reversing / Traffic Analysis)](https://i.ytimg.com/vi/h6Lirx6mvUA/default.jpg)
Manager [easy]: HackTheBox Mobile Challenge (APK Reversing / Traffic Analysis)![Overwriting RBP with an Off-by-One Buffer Overflow - Cake - [Intigriti 1337UP LIVE CTF 2022]](https://i.ytimg.com/vi/jU7yB-elFV8/default.jpg)
Overwriting RBP with an Off-by-One Buffer Overflow - Cake - [Intigriti 1337UP LIVE CTF 2022]
0 - ROP Emporium Series - Intro/Setup
JSON Web Token Flaws - Python AppSec (by Duo Sec) - Veracode Security Labs Community Edition (free)
1: SQL Injection (Union + Blind) - Gin and Juice Shop (Portswigger)
HackTheBox Cyber Apocalypse 2021 CTF - Pwn Challenge Walkthroughs