Bypassing Stack Canaries and NX/DEP (Ret2Lib-C) - Bird - [Intigriti 1337UP LIVE CTF 2022]

Поделиться
HTML-код
  • Опубликовано: 9 янв 2025

Комментарии •

  • @PinkDraconian
    @PinkDraconian 2 года назад +2

    Finally got some time to sit down and watch this one! Well done. Loved it!

  • @zeshanahmednabin
    @zeshanahmednabin Год назад +2

    You are such a gem. You make hard concepts look like a piece of cake.
    I wish to oneday learn binary exploits like you. But idk how long will it take. It's such a long journey and so many things to learn. The duration frustrates me. No matter how hard I try it will take minimum of 3-6 months just to cash in the basics.

    • @_CryptoCat
      @_CryptoCat  Год назад

      Awwww thanks mate 💜 This was a nice challenge!

  • @intigriti
    @intigriti 2 года назад +3

    Again, absolutely love this video!

    • @_CryptoCat
      @_CryptoCat  2 года назад

      thank youuu 💜💜💜

  • @superhero1
    @superhero1 2 года назад +3

    Still watching, thanks for the video about my challenge!

    • @_CryptoCat
      @_CryptoCat  2 года назад

      Thank for the challenge! 😉 I liked the combo, even if you knew how to leak canary and ret2libc, you still had to do some reversing/debugging to even get to that point. The issues I had local vs remote didn't occur at all either, I wish it was that smooth during the competition 😂

  • @AidinNaserifard
    @AidinNaserifard 2 года назад +2

    Such an amazing challenge, Thanks for the great video mate!💪

  • @mehdihassan2153
    @mehdihassan2153 2 года назад +2

    Hi crypto love your videos
    I need some help with pwndbg i cant use the cyclic command i get the like this
    Pwndbg> cyclic
    Undefined command : "cyclic" try help

    • @_CryptoCat
      @_CryptoCat  2 года назад +2

      thanks mate 🥰 probably the issue is that pwntools isn't in your system path, check this from the pwntools docs:
      "If these tools do not appear to be installed, make sure that you have added ~/.local/bin to your $PATH environment variable."
      so you can run "echo $PATH" to see if it's there, if not modify your PATH in the ~/.bashrc file to include it 😉

  • @airawinner300
    @airawinner300 2 года назад +2

    !

  • @kanyo5569
    @kanyo5569 Год назад +1

    why didn't u use a leaked libc addr and calculate the offset from that addr to the base libc on gdb, like so
    io.sendline("%3$p")
    leaked = int(io.recvuntil(".").strip().decode()[:-1][9:],16)
    libc.address = leaked - 0x114a37
    the puts method didn''t really get into my head, this would still work right ? Great videos btw

    • @_CryptoCat
      @_CryptoCat  Год назад

      Sure, you could also use the format string vuln to leak libc 🙂 The puts() method will also work when you only have BOF and no leak though!