Overwriting RBP with an Off-by-One Buffer Overflow - Cake - [Intigriti 1337UP LIVE CTF 2022]
3rd Pwn video from @intigriti 1337UP LIVE CTF 2022: "Cake". We can't overflow the RIP directly this time, but we can use an off-by-one overflow to overwrite the least significant byte of the RBP. If we point the RBP to an address in the buffer we control, we can force it to jump to our shellcode, when the calling function leaves. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #BinaryExploitation #BufferOverflow #BinExp #RE #Pwn #PwnTools
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Intigriti↣
https://ctftime.org/event/1597/
https://ctf.intigriti.io
https://go.intigriti.com/discord
https://twitter.com/intigriti
↢Binary Exploitation / Reverse Engineering↣
Pwn.College: https://pwn.college
How2Heap: https://github.com/shellphish/how2heap
NightMare: https://guyinatuxedo.github.io
Ir0nstone: https://ir0nstone.gitbook.io/notes/types/stack
PinkDraconian: https://www.youtube.com/playlist?list=PLeSXUd883dhjmKkVXSRgI1nJEZUDzgLf_
More: https://github.com/Crypto-Cat/CTF#readme
↢Video-Specific Resources↣
PwnInit: https://github.com/io12/pwninit
Format String Vulns: https://axcheron.github.io/exploit-101-format-strings
Off-By-One-1: https://www.welivesecurity.com/2016/05/10/exploiting-1-byte-buffer-overflows
Off-By-One-2: https://csl.com.co/en/off-by-one-explained
Off-By-One-3: https://nixhacker.com/exploiting-off-by-one-buffer-overflow
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
PwnInit: 0:21
Basic File Checks: 2:40
Disassemble with Ghidra: 5:10
Format String Vuln Basics: 7:27
Attack Outline (Off by One RBP Overwrite): 10:30
PwnTools Script: 18:03
Debug Expected Behaviour with GDB: 19:00
Debug Basic Overflow with GDB: 21:50
Debug Final Payload with GDB: 25:18
Exploit Remote Server: 29:55
Bonus (Format String Write / ROP Solutions): 31:19
End: 33:34
Видео Overwriting RBP with an Off-by-One Buffer Overflow - Cake - [Intigriti 1337UP LIVE CTF 2022] канала CryptoCat
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Intigriti↣
https://ctftime.org/event/1597/
https://ctf.intigriti.io
https://go.intigriti.com/discord
https://twitter.com/intigriti
↢Binary Exploitation / Reverse Engineering↣
Pwn.College: https://pwn.college
How2Heap: https://github.com/shellphish/how2heap
NightMare: https://guyinatuxedo.github.io
Ir0nstone: https://ir0nstone.gitbook.io/notes/types/stack
PinkDraconian: https://www.youtube.com/playlist?list=PLeSXUd883dhjmKkVXSRgI1nJEZUDzgLf_
More: https://github.com/Crypto-Cat/CTF#readme
↢Video-Specific Resources↣
PwnInit: https://github.com/io12/pwninit
Format String Vulns: https://axcheron.github.io/exploit-101-format-strings
Off-By-One-1: https://www.welivesecurity.com/2016/05/10/exploiting-1-byte-buffer-overflows
Off-By-One-2: https://csl.com.co/en/off-by-one-explained
Off-By-One-3: https://nixhacker.com/exploiting-off-by-one-buffer-overflow
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
PwnInit: 0:21
Basic File Checks: 2:40
Disassemble with Ghidra: 5:10
Format String Vuln Basics: 7:27
Attack Outline (Off by One RBP Overwrite): 10:30
PwnTools Script: 18:03
Debug Expected Behaviour with GDB: 19:00
Debug Basic Overflow with GDB: 21:50
Debug Final Payload with GDB: 25:18
Exploit Remote Server: 29:55
Bonus (Format String Write / ROP Solutions): 31:19
End: 33:34
Видео Overwriting RBP with an Off-by-One Buffer Overflow - Cake - [Intigriti 1337UP LIVE CTF 2022] канала CryptoCat
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Decoding, Brute-Forcing and Crafting Flask Session Cookies - "web-intro" [DefCamp CTF 2022]Day 4 - HTB Cyber Santa CTF: HackTheBox Capture The Flag 2021Emdee Five for Life [easy]: HackTheBox Misc Challenge (BeautifulSoup / Burp Intruder)Buffer Overflow (ret2win) with 5 char* Arguments - "Vader" Pwn Challenge [Space Heroes CTF 2022]fs0ciety [easy]: HackTheBox Misc Challenge (ZIP cracking)BitsNBytes [hard]: HackTheBox Stego Challenge (Stego Helper Identification Tool)Eat the Cake! [medium]: HackTheBox Reversing Challenge (UPX packing)Forensics Challenges - HTB x Synack RedTeamFive Capture The Flag (CTF) 2021Marshal In The Middle [medium]: HackTheBox Forensics Challenge (decrypt TLS traffic in wireshark)Blue Shadow [medium]: HackTheBox Forensics Challenge (tweetlord)Pwn: clutter-overflow - picoMini CTF 2021 ChallengeNahamCon CTF 2022: Web Challenge WalkthroughsPusheen Loves Graphs [easy]: HackTheBox Misc Challenge (IDA Pro)Forget Me Not [medium]: HackTheBox Forensics Challenge (volatiliy .dwarf files)JWT Key Confusion & Nunjucks SSTI - "Naughty or Nice" [Day 5: HackTheBox Cyber Santa CTF]Manager [easy]: HackTheBox Mobile Challenge (APK Reversing / Traffic Analysis)0 - ROP Emporium Series - Intro/SetupJSON Web Token Flaws - Python AppSec (by Duo Sec) - Veracode Security Labs Community Edition (free)1: SQL Injection (Union + Blind) - Gin and Juice Shop (Portswigger)HackTheBox Cyber Apocalypse 2021 CTF - Pwn Challenge Walkthroughs