Basic Buffer Overflow - VulnServer TRUN

Рет қаралды 194,520

3 жыл бұрын

To help support me, check out Kite! Kite is a coding assistant that helps you faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link) Come play the GuidePoint Security Capture the Flag! go.guidepointsecurity.com/202...
Hang with our community on Discord! johnhammond.org/discord
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: paypal.me/johnhammond010
GitHub: github.com/JohnHammond
Site: www.johnhammond.org
Twitter: / _johnhammond

Пікірлер: 232

@signum42 3 жыл бұрын

Fantastic video. Appreciating the "slow pace"

@mattstorr 3 жыл бұрын

This is by far the simplest and logical walkthrough of buffer overruns and how to exploit them that I've seen. I really appreciate the pace (I dont care that it was long) as you covered each part. I understood everything except the struct and little endian elements. I guess I have some reading to do :-)

@martinndzelen88 2 жыл бұрын

same here i got lost around there

@jonaskoelker 2 жыл бұрын

Little vs. big endian, two minute edition: when you write numbers, like 123 (= 1*100 + 2*10 + 3*1), you write the 3 in the ones place last, and the 1 in the biggest place (here 100s) first. That's big endian. If you write the ones place first and the biggest place last, e.g. write 321 to mean 3*1 + 2*10 + 1*100, that's little endian. The particular number we're looking at in the code, 0x62501203, is currently in big endian. What the particular step is about is converting it to a 4-digit base-256 number written in little endian (in python's `bytes` type). If you just want to do the conversion by hand, from int to int, you can just put in 0x03125062. Notice how each pair of hex digits has been swapped by its opposite: first and last swap, and the middle two swap. Each pair of hex digits corresponds to a single digit in base 16*16 = 256. Python v3.2 and newer has a `.to_bytes` method on int objects, so you could also do `(0x62501203).to_bytes(4, byteorder='little')` and get the desired result.

@derekrickmon5316 2 жыл бұрын

You don't understand something until you can explain it simply.

@kameronwilliams723 2 жыл бұрын

The way you broke that down to where a complete beginner like myself could grasp it is a real talent.

@theITGuy-no3nt 3 жыл бұрын

I have watched a ton of your videos over the past few week, but this is my favorite. Watching you work through that was super instructive and downright entertaining. ⭐⭐⭐⭐⭐

@fhajji 3 жыл бұрын

Love the slow pace and crystal-clear explanations. Easy to understand and follow.

@KieCodes 3 жыл бұрын

That was an amazing video. It really helped that you created everything by hand without using too many tools to shorten the process. Thanks a lot!

@emT__T 3 жыл бұрын

Thank you John for the great video. Super Informative! The "beginner" approach is much appreciated.

@nicklevson9608 3 жыл бұрын

This was the most in depth explanation I have seen so far. Thank you!

@aaronw6195 2 жыл бұрын

This may have been one of the best videos I've ever seen on how to exploit a buffer overflow. The technique of writing the code from scratch to do this in python was super helpful! Thanks John!

@chrishammer5925 3 жыл бұрын

Perfecto... I learned Buffer Overflows once 5 months ago and taking my OSCP soon. About to jump into these again to do over and over for the test. Perfect timing mate!

@collapzcursed 3 жыл бұрын

Came in here with very minimal (to non-existent) understanding of bytecode and memory-buffers ... just let me say that you did an absolutely amazing job at explaining the whole of it and how each aspect works and interacts with each other. All of that in just about an hour. "Slow pace", yeah right. You're a great teacher and a real blessing for those willing to learn. I've watched a few CTF videos and miscellaneous stuff of yours but after this one you got yourself that +1 "plzsub" :D! Keep up the great work, John! It is greatly appreciated.

@krist81 2 жыл бұрын

Thank you. The way you explained and demonstrated everything made so many different pieces finally come together for me. Ty

@markgentry8675 3 жыл бұрын

This is a really good explanation of how to do the BOF on certain exams. I already knew how to do this, but I learned a few things on the way. love your work bro

@kapalov 3 жыл бұрын

Finally, the only video where it really clearly explains about BoF. Thanks

@saurabhshinde1855 2 жыл бұрын

Most simple and comprehensive walkthrough of buffer overflow.. Really liked and understood it.. keep it up john

@glennbogaerts7914 3 жыл бұрын

This was a very clear and well explained video. Great job John

@AvinashKumar-fe8xb Жыл бұрын

love you john hammond, I learned so much feel like i should dive more into buffer overflow after practically doing it myself along with you. Thank you!

@dopy8418 3 жыл бұрын

Pretty cool diversity of clips. Can’t wait for some more koth.

@Cyberducky 3 жыл бұрын

I recently fell in love with your videos. I'm still a student but I hope that one day I'll have such a deep understanding as you have.

@adminservice9459 3 жыл бұрын

You're an awesome instructor, I commend you for humbling yourself and breaking everything down in simple terms vs your knowledge level lol. Thx man

@HuntingKingYT 2 жыл бұрын

Tip: you can use the instruction int3 (0xCC) to make a debug breakpoint, then you can see much faster when the exploit occurs.

@normanalc3115 3 жыл бұрын

You're legend mate! I learned a lot from this video. You've explained it very well 5 star for you 🌟🌟🌟🌟🌟

@danielallan3417 2 жыл бұрын

Unreal mate, I rarely comment but you have imparted your knowledge with exceptional skill!! I absorbed it all so easily!!! Awesome.

@atharvakadlag1937 3 жыл бұрын

Now that i have spent weeks understanding buffer overflow, everyone has started making awesome videos on that topic

@howtobecometoolkit 3 жыл бұрын

Can you send some good resources you found?

@tomsite2901uk Жыл бұрын

This is by far the best video i ever saw regarding buffer overflows and how to exploit them. This is a must see for every security researcher.

@MatteoGariglio 2 жыл бұрын

What you manage to do is insane... it seems almost magic. Thanks for sharing. Hope to see other exploits like this (using buffer overflow). Cheers!

@geraldfranzmaliwanag 9 ай бұрын

Thank you so much for this tutorial. You have explained it very clearly and easy to follow. Buffer overflow is the topic that made me think twice to continue pursuing cybersecurity. But there you are. Life saver. Dream Saver! Thank you so much for this tutorial.

@liquathrushbane2003 3 жыл бұрын

Beginner here - not sure why you built the nop_sled, but the rest of it made perfect sense. Thank you.

@avananana 3 жыл бұрын

I'm no genius but as far as I know, nop sleds are used to guide the program to execute code when you don't know exactly where the code lies but you know the rough area. In this case you knew exactly where to go so the nop slide was indeed kind of useless, but I do believe he brought it up only so we could know it's a thing. The reason your malicious code could lie somewhere else in the system is if it didn't fit inside the initial payload, where the code itself is another payload and ended up going somewhere else in the system. A way to reach the code is by putting a long nop slide infront of it and initiating a jmp instruction somewhere inside the nop slide. This way you don't have to know where the code lies, only roughly where it is.

@ronorocky 2 жыл бұрын

from couple of weeks i was searching for some good practical for buffer overflow, and seriously man u made it so easy with the python script, the end was awesome when you get the meterpreter, love u man ❤️ keep doing this gr8 work.

@jorgevilla6523 3 жыл бұрын

Wow great Video!! Love the slow pace and explanation.

@Ricjamz Жыл бұрын

Tremendous help and fantastic write up, worked perfectly!

@anuragyelala6952 3 жыл бұрын

Fantastic! thank you John, so many bits and pieces are clarified with your video.

@aaaaaaaaaaaaaaaaaaaaaaaa997 2 жыл бұрын

Great video. Thanks for the slow pace.

@KaranveerSingh97 2 жыл бұрын

Well, understanding computer architecture is super important for understanding and making these exploits. Great video!

@Topherelius 3 жыл бұрын

That was amazing and super informative. Thanks John!

@pinglollo6283 3 жыл бұрын

Awesome video John, great explanation and demonstration. thanks for uploading.

@HaouasLeDocteur 3 жыл бұрын

I can’t believe I just sat through a 1h video and it was the greatest thing I’ve seen all day. Loved, loved it!

@pdemosllegaralos520subs2 3 жыл бұрын

Really enjoyed it, I tried this once prior to watching this and realized where I stuffed up. (little endian addr), the mona script helps ALOT.. thanks.

@AFchump78 3 жыл бұрын

Thanks alot John! I was able to do it and this should help with the upcoming eCPPT retake. It was down to the wire and i couldnt connect with the one i built. See the mistakes now.

@MattKAva 3 жыл бұрын

I still don't fully understand buffer overflows but I'm way closer now, thank you!

@robertron5303 3 жыл бұрын

Really appreciate your vids man! 👍 even tough I stopped coding a couple of years ago you engage me to catch back up and attend my first upcoming ctf events. Cheers

@TheHangman1995 3 жыл бұрын

This and TCMs buffer overflow are my go to when I need to do BOFs

@lIlIllll1 3 жыл бұрын

Perfect vid for what I needed! Im going through the eCPPT course rn :))

@aymenahdibi1251 3 жыл бұрын

Awesome john i really love your content . never got bored watching your videos till the last second Keep up the good work ★

@stuarthook6226 3 жыл бұрын

Thanks so much for this video. I was able to do BOF very easily after your video.

@yashwardhanchavan6153 3 жыл бұрын

Really great content, learned so much cool stuff and enjoyed it. Thank you and keep videos like these coming....

@zelalemabate3804 2 жыл бұрын

Awesome walkthrough, thank you!

@oscpjourney541 3 жыл бұрын

I can't say BIG THANK enough I have watched many videos about this BOF but this one one I get some hints Be blessed John

@johnsnow1062 3 жыл бұрын

Thank you so much. Was so lovely and helpful. Please continue.

@swyveu 2 жыл бұрын

blown away... and great teaching skills !

@jacksmith3183 3 жыл бұрын

Really enjoyed it, I tried this once prior to watching this and realized where I stuffed up. (little endian addr), the mona script helps ALOT.. thanks.

@ketononeill8898 3 жыл бұрын

Awesome video. You made this pretty easy to understand! Thank you

@AC-dw8cs 3 жыл бұрын

i wish i found your channel sooner. GJ!

@Construction-agencyCoUk 2 жыл бұрын

Woah! watched the whole video and learned alot ! Thanks John

@ping9940 2 жыл бұрын

i dont know any thing about this and i was hooked for the whole video this was an amazing explanation i felt like im understanding every thing thou i'll forget all of it by the next hour :D

@Jan_Seidel 3 жыл бұрын

*Perfect* lesson :) Three thumbs up

@somekindofbluestuff 2 жыл бұрын

such a great video! thank you john!!!!

@CondorrK 11 ай бұрын

This was a fun watch, since i had little knowledge of Fuzzing or buffer overflow i didnt know they were related, but oberflow does kinda work how i thought. Now i have something else to mess with and try to practice 😂

@mariorodriguez474 3 жыл бұрын

what a great trip! great job!

@LDowning0190 2 жыл бұрын

Amazing video! Thank you.

@saurabhkumar1976 3 жыл бұрын

Thank you for this video , i learnt a lot 🙂

@abdallahchbaro836 3 жыл бұрын

Thank you so much. Spike section was a bit complicated. And you don't need to generate all the characters, you can find them on github

@ivanlopez8377 3 жыл бұрын

Man, thanks for putting this together.

@razzawazza 3 жыл бұрын

That's so cool man. I love your channel thanks for the videos.

@mart.3318 2 жыл бұрын

Great video! Thank you very much!

@jerryjohn2655 3 жыл бұрын

Thank you so much John

@4ag2 3 жыл бұрын

Nice one John 💯

@FreezeLuiz 3 жыл бұрын

Great vid, John. Can you make a video on a more challenging scenario; where you have IP overwrite however the buffer size is very small to fit the shellcode?

@ayaanlatifsaikia1353 3 жыл бұрын

Great video. Would be awesome if we get videos for the other vulnerable commands of Vulnserver too.

@HK-sw3vi 3 жыл бұрын

this is a banger! I'm new and it made perfect sense

@adamkadaban 3 жыл бұрын

The beard looks absolutely epic

@varadvithalkj1716 3 жыл бұрын

this was beautiful ,learnt a lot!

@antdgar 2 жыл бұрын

Great explanation

@m3tac0m 3 жыл бұрын

I love exploit development. Very well explained.👍

@cansofcoke 3 жыл бұрын

You've outdone yourself with this one John. Buffer overflow is just voodoo magic for me at the moment and your vid has made it seem more achievable for me :))

@namankumar5464 3 жыл бұрын

Thank so much for this...i have learn a lot ,sir i am waiting for your complete cyber security courses from buggier to master level

@bbowling619 2 жыл бұрын

Its a super fast pace for me but i keep grabbing onto the handle bars everytime he posts and am fully enjoying this circus ride :) I genuinely cant get enough. Please be my boss John !? I would literally enjoy having you boss me around (not in a wierd way) but i want to sponge you. No i did not say spoon you hahah :) Your teaching skills are super amazing but your brain is the jam! Totally digging your skills dude.

@farouqseriki5942 Жыл бұрын

Hello, i had spent hours searching for a fix that would work for python3, then i found this video. Thanks so muchhhhhh

@nikolas8741 3 жыл бұрын

I got a meterpreter!😃 thanks soooo much!

@jimo8486 3 жыл бұрын

very well explained ty

@Hey-qo2zl Жыл бұрын

Great to have awesome persons like you to help people to learn and much appreciate that you share your valuable knowledge. I am studying OSCP and planning to attend the exam and get the certificate and for sure I will follow your great videos to learn and learn but what make me confused like what is the best to practice for exam HTB or the offensive lab or any other resources and what is the best to study materials first then start practice over and over or study and practice in same time ?! We are very lucky to have a person like you to learn from.May god bless you and much appreciate

@liliwantsvideos 3 жыл бұрын

Thanks a lot! This is an amazing insight - i allways wondered how an overflow leads to execution :-p

@josuemarks5675 2 жыл бұрын

Amazing video. Thank you

@inkotanyi.9185 Жыл бұрын

I salute you, Sir!🙌

@mathieul695 Жыл бұрын

Tip, you can use python to generate a list of 2984 different 4*characters by using random and a dictionary to retrieve it. Great Video John, keep it up

@lalaland322 2 жыл бұрын

great video!

@Zaakipaladin 3 жыл бұрын

Such a cool video!!

@moonshiry 2 жыл бұрын

You are amazing my dude, I love how you really went step by step and didn't gloze over anything. Especially the programming and immunity debugger parts. (which is practically everything). This teaching style trumps university professors

@bmbiz 2 жыл бұрын

Please refrain from using the word "trump(s)". It triggers my PTSD. ;)

@ldSt3345 2 жыл бұрын

@@bmbiz please refrain from writing such terrible comments. It triggers my triggerinator.

@skreet7251 2 жыл бұрын

@@ldSt3345 please refrain from being a bub it triggers my bob

@merajrabbani 3 жыл бұрын

Brand New stuff for me well explained. Got overall concept of BOF.

@pdemosllegaralos520subs2 3 жыл бұрын

Thanks a lot! This is an amazing insight - i allways wondered how an overflow leads to execution :-p

@karimwassef9892 3 жыл бұрын

Love your vids btw!

@pedror9314 3 жыл бұрын

Cool vid!!!

@savoyblue777 3 жыл бұрын

John you are so good amazing and addicting to watch Thank you

@pdemosllegaralos520subs2 3 жыл бұрын

Thank you John for the great video. Super Informative! The "beginner" approach is much appreciated.

@sarahconnorh4609 3 жыл бұрын

Oh daammmmn, i was looking for Reverse engineering lessons, THANKS JOhn ! (P.S : Feel free to recommend ressources ;P )

@gameplayone23 3 жыл бұрын

thank you, great tutorial. Could you make a new video explaining the way to do the same thing but with a limited buffer size ?

@cyb3rtooth199 3 жыл бұрын

MORE CTFs!!! That's what I'm talking about!

@vaskomarinov7042 3 жыл бұрын

!GOLDEN CONTENT!

@martinndzelen88 2 жыл бұрын

i appreciate did learn a lot . You're fast in scripting for a beginner to catch up

@karlparadis6 3 жыл бұрын

Hi John, great video I learned so much, thanks. Question: did you have to use a gadget to JMP ESP or could it have been done without using a gadget? E.g with some injected shellcode?