Basic Buffer Overflow - VulnServer TRUN

Fantastic video. Appreciating the "slow pace"

This is by far the simplest and logical walkthrough of buffer overruns and how to exploit them that I've seen. I really appreciate the pace (I dont care that it was long) as you covered each part. I understood everything except the struct and little endian elements. I guess I have some reading to do :-)

Love the slow pace and crystal-clear explanations. Easy to understand and follow.

Came in here with very minimal (to non-existent) understanding of bytecode and memory-buffers ... just let me say that you did an absolutely amazing job at explaining the whole of it and how each aspect works and interacts with each other.
All of that in just about an hour. "Slow pace", yeah right.
You're a great teacher and a real blessing for those willing to learn.
I've watched a few CTF videos and miscellaneous stuff of yours but after this one you got yourself that +1 "plzsub" :D!
Keep up the great work, John!
It is greatly appreciated.

This is by far the best video i ever saw regarding buffer overflows and how to exploit them. This is a must see for every security researcher.

You're an awesome instructor, I commend you for humbling yourself and breaking everything down in simple terms vs your knowledge level lol. Thx man

Beginner here - not sure why you built the nop_sled, but the rest of it made perfect sense. Thank you.

Thank you so much for this tutorial. You have explained it very clearly and easy to follow. Buffer overflow is the topic that made me think twice to continue pursuing cybersecurity. But there you are. Life saver. Dream Saver! Thank you so much for this tutorial.

The way you broke that down to where a complete beginner like myself could grasp it is a real talent.

I can’t believe I just sat through a 1h video and it was the greatest thing I’ve seen all day. Loved, loved it!

Thank you. The way you explained and demonstrated everything made so many different pieces finally come together for me. Ty

This may have been one of the best videos I've ever seen on how to exploit a buffer overflow. The technique of writing the code from scratch to do this in python was super helpful! Thanks John!

I have watched a ton of your videos over the past few week, but this is my favorite. Watching you work through that was super instructive and downright entertaining. ⭐⭐⭐⭐⭐

You are amazing my dude, I love how you really went step by step and didn't gloze over anything. Especially the programming and immunity debugger parts. (which is practically everything). This teaching style trumps university professors

love you john hammond, I learned so much feel like i should dive more into buffer overflow after practically doing it myself along with you. Thank you!

Tip: you can use the instruction int3 (0xCC) to make a debug breakpoint, then you can see much faster when the exploit occurs.

Now that i have spent weeks understanding buffer overflow, everyone has started making awesome videos on that topic

Unreal mate, I rarely comment but you have imparted your knowledge with exceptional skill!! I absorbed it all so easily!!! Awesome.

Finally, the only video where it really clearly explains about BoF. Thanks

Most simple and comprehensive walkthrough of buffer overflow.. Really liked and understood it.. keep it up john

Thank you John for the great video. Super Informative! The "beginner" approach is much appreciated.

This and TCMs buffer overflow are my go to when I need to do BOFs

Well, understanding computer architecture is super important for understanding and making these exploits. Great video!

This was the most in depth explanation I have seen so far. Thank you!

I can't say BIG THANK enough I have watched many videos about this BOF but this one one I get some hints Be blessed John

You're legend mate! I learned a lot from this video. You've explained it very well 5 star for you 🌟🌟🌟🌟🌟

I recently fell in love with your videos. I'm still a student but I hope that one day I'll have such a deep understanding as you have.

Tremendous help and fantastic write up, worked perfectly!

That was an amazing video. It really helped that you created everything by hand without using too many tools to shorten the process. Thanks a lot!

from couple of weeks i was searching for some good practical for buffer overflow, and seriously man u made it so easy with the python script, the end was awesome when you get the meterpreter, love u man ❤️ keep doing this gr8 work.

Pretty cool diversity of clips. Can’t wait for some more koth.

i dont know any thing about this and i was hooked for the whole video this was an amazing explanation i felt like im understanding every thing thou i'll forget all of it by the next hour :D

Great video. Thanks for the slow pace.

blown away... and great teaching skills !

Tip, you can use python to generate a list of 2984 different 4*characters by using random and a dictionary to retrieve it. Great Video John, keep it up

What you manage to do is insane... it seems almost magic. Thanks for sharing. Hope to see other exploits like this (using buffer overflow). Cheers!

Really enjoyed it, I tried this once prior to watching this and realized where I stuffed up. (little endian addr), the mona script helps ALOT.. thanks.

Thanks so much for this video. I was able to do BOF very easily after your video.

This is a really good explanation of how to do the BOF on certain exams. I already knew how to do this, but I learned a few things on the way. love your work bro

Hello, i had spent hours searching for a fix that would work for python3, then i found this video. Thanks so muchhhhhh

Perfecto... I learned Buffer Overflows once 5 months ago and taking my OSCP soon. About to jump into these again to do over and over for the test. Perfect timing mate!

I still don't fully understand buffer overflows but I'm way closer now, thank you!

This was a fun watch, since i had little knowledge of Fuzzing or buffer overflow i didnt know they were related, but oberflow does kinda work how i thought. Now i have something else to mess with and try to practice 😂

Thanks alot John! I was able to do it and this should help with the upcoming eCPPT retake. It was down to the wire and i couldnt connect with the one i built. See the mistakes now.

This was a very clear and well explained video. Great job John

i wish i found your channel sooner. GJ!

Wow great Video!! Love the slow pace and explanation.

I salute you, Sir!🙌

Its a super fast pace for me but i keep grabbing onto the handle bars everytime he posts and am fully enjoying this circus ride :)
I genuinely cant get enough.
Please be my boss John !?
I would literally enjoy having you boss me around (not in a wierd way) but i want to sponge you.
No i did not say spoon you hahah :)
Your teaching skills are super amazing but your brain is the jam!
Totally digging your skills dude.

Awesome walkthrough, thank you!

Woah! watched the whole video and learned alot ! Thanks John

Awesome john i really love your content . never got bored watching your videos till the last second
Keep up the good work ★

Thank you so much John

This is pure gold..

God level tutor!

Fantastic! thank you John, so many bits and pieces are clarified with your video.

!GOLDEN CONTENT!

1:00:33 I literally said WOOOW, so cool!

such a great video! thank you john!!!!

*Perfect* lesson :)
Three thumbs up

Awesome video John, great explanation and demonstration. thanks for uploading.

what a great trip! great job!

Man, thanks for putting this together.

Great explanation

Thank you for this video , i learnt a lot 🙂

Great vid, John. Can you make a video on a more challenging scenario; where you have IP overwrite however the buffer size is very small to fit the shellcode?

Thank you so much. Spike section was a bit complicated. And you don't need to generate all the characters, you can find them on github

this is a banger! I'm new and it made perfect sense

Thank you so much. Was so lovely and helpful. Please continue.

i appreciate did learn a lot . You're fast in scripting for a beginner to catch up

Brand New stuff for me well explained. Got overall concept of BOF.

I got a meterpreter!😃 thanks soooo much!

That was amazing and super informative. Thanks John!

I'm reminded of MC Frontalot - Zero Day, nerdcore song about hacking and exploits - always kinda made sense but this video gave a real example. (also recommend frontalot to all the nerds in this chat).
"Found this bug on my own, no need for a fuzzer.
'It’s already too late' spreading as we planned.
No need for the NO OPs, I know just where to land.
Clearing out the registers, with pointers to my functions,
loaded to your memory and writing new instructions.
Braindump i/o, siphoned out the eye holes;
enticed so i’m digging through the disassembled byte code.
Push pop change order stack frame FILO
filesystem inodes, all fall to my flow.
Running over, there again i go:
self-propagation engine, polymorphic sideshow.
Every network, we’re found to get around...
the exploit payload encoded in this sound.

Great to have awesome persons like you to help people to learn and much appreciate that you share your valuable knowledge. I am studying OSCP and planning to attend the exam and get the certificate and for sure I will follow your great videos to learn and learn but what make me confused like what is the best to practice for exam HTB or the offensive lab or any other resources and what is the best to study materials first then start practice over and over or study and practice in same time ?!
We are very lucky to have a person like you to learn from.May god bless you and much appreciate

The beard looks absolutely epic

Amazing video! Thank you.

I love exploit development. Very well explained.👍

Really appreciate your vids man! 👍 even tough I stopped coding a couple of years ago you engage me to catch back up and attend my first upcoming ctf events. Cheers

I’m not great with pentesting but anything I’ve encountered in the cybersec field this far I’ve been able understand with enough studying. Buffer overflow is the exception, I can wrap my head around the theory, I can even follow along your with steps and “understand” but I could never do this exploit on my own. This is at least my 4th time coming back to BOFs to hopefully understand and I just can’t get it.

I am totally noob in binary exploitation and thank you again !!!

Awesome video. You made this pretty easy to understand! Thank you

Thank so much for this...i have learn a lot ,sir i am waiting for your complete cyber security courses from buggier to master level

Perfect vid for what I needed! Im going through the eCPPT course rn :))

You're the best!

John you are so good amazing and addicting to watch Thank you

Nice one John 💯

Really great content, learned so much cool stuff and enjoyed it. Thank you and keep videos like these coming....

Should probably add that the nop sled is only needed when you don’t know the exact address of the buffer you’re jumping to and you’re just guessing the area it’s going to land in and putting your nop sled there as a safe landing pad followed by your payload.

great video, and i follow step by step. it worked to the last minute... but it is still waiting meter/preter

Amazing video. Thank you

very well explained ty

thats so cool thanks

great video!

That's so cool man. I love your channel thanks for the videos.

this was beautiful ,learnt a lot!

Great video. Would be awesome if we get videos for the other vulnerable commands of Vulnserver too.

I would love learning how the shellcode is written instead of just using Metasploit

Cool vid!!!

I could spend lots of money for college, or be debt free and learn at home, I love hacking and binary exploitation is my new motivation after recently getting dry on web exploitation I feel like I just started hacking again