4: Ret2Win with Function Parameters (x86/x64) - Buffer Overflow - Intro to Binary Exploitation (Pwn)
17.1 هزار بار بازدید -
2 سال پیش
-
4th video from the "Practical
4th video from the "Practical Buffer Overflow Exploitation" course covering the basics of Binary Exploitation. In this video we'll build upon the ret2win attack from the previous video, this time needing to supply function parameters to the "win" function. This is the first challenge we will cover in both x86 and x64, since parameters are handled quite differently on these opposing architectures. We'll use checksec, ghidra, pwndbg and create a couple of pwntools scripts, automating finding the EIP/RIP offset and making use of ROP objects! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #BinaryExploitation #BufferOverflow #BinExp #RE #Pwn #PwnTools
Find the binary files, source code and scripts to go with the series @ https://github.com/Crypto-Cat/CTF/tre...
↢Social Media↣
Twitter: Twitter: _CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: LinkedIn: cryptocat
Reddit: Reddit: _CryptoCat23
YouTube: cryptocat23
Twitch: Twitch: cryptocat23
↢Binary Exploitation / Reverse Engineering↣
Pwn.College: https://pwn.college
How2Heap: https://github.com/shellphish/how2heap
NightMare: https://guyinatuxedo.github.io
Ir0nstone: https://ir0nstone.gitbook.io/notes/ty...
PinkDraconian: Pwn Zero To Hero
More: https://github.com/Crypto-Cat/CTF#readme
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
PwnTools: https://github.com/Gallopsled/pwntool...
CyberChef: https://gchq.github.io/CyberChef
HackTricks: https://book.hacktricks.xyz/exploitin...
GTFOBins: https://gtfobins.github.io
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Basic File Checks: 0:38
Review Source Code: 1:24
Disassemble with Ghidra: 2:11
32-bit - Manual Exploit: 3:16
32-bit - Debug with GDB-PwnDbg: 5:18
32-bit - PwnTools Script: 10:46
32-bit - PwnTools with ROP Objects: 13:15
64-bit File/Code Review: 14:37
Compare x86 and x64 (GDB): 15:39
Find RIP Offset (cyclic): 17:27
64-bit - Manual Exploit: 18:33
Locate POP Gadgets with Ropper: 20:54
Fix glaringly obvious mistake xD: 23:03
64-bit - PwnTools Script: 26:04
64-bit - PwnTools with ROP Objects: 28:39
End: 29:54
Find the binary files, source code and scripts to go with the series @ https://github.com/Crypto-Cat/CTF/tre...
↢Social Media↣
Twitter: Twitter: _CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: LinkedIn: cryptocat
Reddit: Reddit: _CryptoCat23
YouTube: cryptocat23
Twitch: Twitch: cryptocat23
↢Binary Exploitation / Reverse Engineering↣
Pwn.College: https://pwn.college
How2Heap: https://github.com/shellphish/how2heap
NightMare: https://guyinatuxedo.github.io
Ir0nstone: https://ir0nstone.gitbook.io/notes/ty...
PinkDraconian: Pwn Zero To Hero
More: https://github.com/Crypto-Cat/CTF#readme
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
PwnTools: https://github.com/Gallopsled/pwntool...
CyberChef: https://gchq.github.io/CyberChef
HackTricks: https://book.hacktricks.xyz/exploitin...
GTFOBins: https://gtfobins.github.io
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Basic File Checks: 0:38
Review Source Code: 1:24
Disassemble with Ghidra: 2:11
32-bit - Manual Exploit: 3:16
32-bit - Debug with GDB-PwnDbg: 5:18
32-bit - PwnTools Script: 10:46
32-bit - PwnTools with ROP Objects: 13:15
64-bit File/Code Review: 14:37
Compare x86 and x64 (GDB): 15:39
Find RIP Offset (cyclic): 17:27
64-bit - Manual Exploit: 18:33
Locate POP Gadgets with Ropper: 20:54
Fix glaringly obvious mistake xD: 23:03
64-bit - PwnTools Script: 26:04
64-bit - PwnTools with ROP Objects: 28:39
End: 29:54
2 سال پیش
در تاریخ 1400/12/12 منتشر شده
است.
17,169
بـار بازدید شده