Exploit Fails? Debug Your Shellcode - bin 0x2B
HTML-код
- Опубликовано: 30 ноя 2019
- I often get questions about not working exploits. Sometimes the problem is the shellcode. In this video we look at different ways to debug the shellcode and find the issue.
Haxember 2019 Playlist: • Haxember 2019
=[ 🔴 Stuff I use ]=
→ Microphone:* geni.us/ntg3b
→ Graphics tablet:* geni.us/wacom-intuos
→ Camera#1 for streaming:* geni.us/sony-camera
→ Lens for streaming:* geni.us/sony-lense
→ Connect Camera#1 to PC:* geni.us/cam-link
→ Keyboard:* geni.us/mech-keyboard
→ Old Microphone:* geni.us/mic-at2020usb
US Store Front:* www.amazon.com/shop/liveoverflow
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Website: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
=[ 📄 P.S. ]=
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
Haxember experiment! There will be DAILY videos. I will cover topics I always wanted to cover, but didn't feel like they make for a good dedicated video. These videos take a lot less effort, but they still contain (hopefully) relevant information.
LiveOverflow as always great video! Mind if I ask for some guidance? So I want to work as an malware analyst/anything that requires RE but I also would love to exploit things, not just typical ctf binaries but like kernel exploits/pwn2own exploiting level stuff. Which should I focus on improving/working on: reversing or binary exploitation skills?
Modern Heap exploitation would be nice.
"Show me what effort you have put in to solve the problem yourself" - Man I have been preaching this for years. No shame in asking for help, but it shouldn't be the first thing to do.
Unless you are asking google, of course
Ahh the smell of asm on a cold sunday morning
You know, one time we had a box shelled for 12 hours. When it was all over, I logged in. We didn't find one of 'em. Not one stinkin' sysadmin. The smell... you know that ASM smell. The whole lab smelled like ... victory.
A while a go, I had some problems with my shellcode and especially at the injection point. With a lot of research and experimentation I did manage to solve it nonetheless, but now looking at this tutorial it will be far far way easier to debug these kind of problems. Thanks again for posting this !
Ever since someone pointed out to me that he kind of looks like Micheal Cera, I cannot stop thinking: "This is the German Micheal Cera'"
hahaha right, i know him in Juno movie
i thought he's Indian when i previously watched a video with his face absent. So now he's Indiana Cera.
You have a way of making things really easy to understand and follow along to. Thank you
Thank you :) Always enjoying your videos
Listening on my new headphones, the bass when you type on your keyboard is fantastic!
should I do some ASMR videos?
No. We want pwn porn
Insightful as always, your videos are a real gem. Thank you once again :)
This is the video that I'm looking for.... Thanks man u cleared some of my doubts.. great video
Thanks, this cleared so many things !
Finally! Good videos on my favourite channel! :)
Ehrenmann, dass du so viele Infos für umsonst raus gibst.
Grüße aus Berlin!
Quick hint if msfvenom-generated shellcode is failing: add a couple of NOPs (\x90) to the start. Certain encoders need to decode the actual payload and may end up messing with things in unforseen ways.
Thats a dope hoodie
www.blue-tomato.com/de-AT/product/Teddy+Fresh-Patchwork+Hoodie-595502/
See but then I wonder would it look as good on me. I dunno.
@@pikadroo worth a try? or isn't it?
Beautiful hexplanation!
I am surprised no one asked him to use gdb -q, I see them almost everywhere xD
Thx for explanation.
You rocking some Teddy Fresh in this video?? H3H3 Represent!!!
Nice to see you in a TeddyFresh hoodie :)
I like the addition of webcam. It makes the video more personalised.
Life pro tip, the `printf` command escapes inputs for free.
What a great hoodie.
Do you have any gdb tutorials to recommend? Or perhaps you already have a video on that?
oh godd... i can see myself doing the exact thing in the first example
Michael ceratops explains shellcode debugging
Please never change dat intro
the cameray portrait is too big
but i love the rest!
Hey thank you for this great playlists ! I have been trying to shellcode a remote server for a CTF where I did not have the binary. I have been trying quite a few shellcodes from shellstorm and only one worked. Why would some shellcodes work and others won't ? (I was taking all of them in the same architecture (x86-32) and always selecting ones with execve bin/sh). By the way, the source code was just a C program executing the code from read function.
I once had an exploit in which the software for some reason would always corrupt 3 bytes in the middle of my shellcode at the exact same position
the fix i had for it is making a nop slide (because i'm too lazy to count) and having an "\xeb\x10" at the begining to bassically jump after the corrupted bytes into the rest of the nop slide and then the shellcode.
Great video, man! Quick question; don't exploits that return code execution to the stack not work anymore? It seems to me that ROP and Ret2lib style attacks are the most prominent these days, though I'm obviously asking with the intention to know for sure.
Oh they’re still out there, but most developers worth their salt probably won’t make a mistake that’ll lead to you returning to the stack. Most modern compilers will scream at you to avoid mistakes like that happening.
i love the chennel and the ctf stuff u make but in the end its all jibberish to me coz im so far away from all this knowledge... makes me sad sometimes but incurages me to keep learning.. u rock... oh yeah i forgot... du bist der hammer!! ;D.. ich kann nachvollziehen das nicht viele deutsche den channel ansehen weil kaum einer english spricht das macht mich auch traurig.. :/
I love you!!!!
Greetings from Spain 🇪🇦 new sub
How to inject shell code to binary with non-executable stack?
Is that Ben Eater's 8 bit computer kit?
Do CTF! Need ROP exploit walkthrough!
I'd like to see a review of RedASM. I think this can be a great alternative to these expensive disassembly softwares
never heard of that. But checkout Ghidra ;)
@@LiveOverflow RedASM is an open source tool. I believe you can find it here redasm.io
Is that a ben eater 8 bit computer kit i see in the background?
Video too quiet (as compared with other videos) approx 30% volume boost was needed on my end to be able to hear and understand.
HEEY VERY GOOD TNKS VERY TANKYOU
Me clicking to see if that's a teddy fresh hoodie
hey can u help me out.... I'm trying to solve the HTB headache2 challenge and i dont know what to do...!
i don't know where to begin.
why int 0x80 sometimes isn't working tho
Is it a Ben Eater kit I see running in the background?
Yes! He's doing (or at least used to do) livestreams building the kit
That's what I'm going to say!
Can you get C code or something higher than asm from shellcode?
If the author of the shell code provides it yes. Of course, you could just disassemble it and turn it into C yourself. Since there are only a dozen or so instructions that's actually pretty manageable if you've never reversed anything before.
Lol i needed this tutorial 2 days ago
Lool hab mir gerade letzte Woche auch einen colorblock Hoodie von Teddy Fresh gekauft xD
Hey, LiveOverflow, i know you already answered this on some stream or podcast or something, but i can't find it, so I have to ask again: What's your typing speed?
Where did you get that Hoodie?! 😁
Teddyfresh
My experience : Don't put your shellcode just before the return address... The shellcode needs the stack to works, and will therefore modify itself if you do so...
And it's a pain to debug :')
Holy fuckkk broo!!!! I always get a segmentation fault when placing shellcode on the stack even though I try with Trap to Debuger (\xCC) to trace that my shellcode is working and after I try saving the shellcode after the return pointer and it works. Thank you very muchh
damm, where's that hoodie from?
it looks like teddyfresh, hila from H3H3's brand.
@@TheAmmOmatic perfect, thanks
Interested as well, looks cool!
in windows exploit development
when using python to exploiting overflow in vulnserver or any other software
be sure u encode in following way
shellcode+=("your_shellcode_here")
shellcode = shellcode.encode('raw_unicode_escape')
and then run the program
if you send directly as strings this not gonna work
i was fucked for so many hours when directly sending string format
also
use struct module to pack any address to be expressed as big endian format
Yo bois
Tell me more about that interesting breadboard on your desk. 🤔
He is building an actual computer from scratch. He is more or less following the steps laid out in a series by ben eater on a breadboard 8-bit computer. You can watch his streams of this build on LiveOverflow's twitch.
@@kebien6020 I was wondering if it was the Ben Eater project.
Curious to it myself.
Protip!
Zsh (oh-my-zsh) escapes the shellcode without the -e flag
>caused a segfault
No, a sigill was triggered.
Don't you need to pass -e to echo in order for it to interpret the \x sequences?
well nevermind
Michael Cera?
I think qiling ( github.com/qilingframework/qiling ) can help you debug and analyze shellcode.
this shows copy and paste is not solution for everything you're trying some things still needs some small attention 🤠
1st
You know when I was 14/15 I nearly did it, became just as elite. I installed suse Linux on a partition. Bought the manual and everything. But I couldn't find drivers for my damn modem that would work. So I couldn't get on the Internet (this was 1999) and my hacking project died there =(
What the hell is that sweater?
I really like your videos *a lot* and have a great deal of respect for you but your accent eludes me.
I mean, your account says you're from Germany and your pronunciation also sounds German but sometimes you have really weird grammar that doesn't really work in German or English?
For example in the first part of the video:
"Because I get often questions..."
The more natural way to say this in English would be "Because I often get questions"
But! In German the sentence in this context would be "Weil ich oft Fragen kriege" (or something similar) WHICH HAS THE SAME ORDER OF WORDS EXCEPT TWO DIFFERENT WORDS ARE SWAPPED
Again, please don't misunderstand this as critique or an insult (As a German, I totally get how hard it is to speak English well!). It's just that the mistakes you make genuinely intrigue me.