DANGEROUS C Functions gets & strcpy (PicoCTF 2022 #04 buffer-overflow0)

Рет қаралды 34,761

2 жыл бұрын

Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ j-h.io/patreon ↔ j-h.io/paypal ↔ j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# j-h.io/c2dev
👨🏻‍💻7aSecurity ➡ Hacking Courses & Pentesting j-h.io/7asecurity
📗Humble Bundle ➡ j-h.io/humblebundle
🌎Follow me! ➡ j-h.io/discord ↔ j-h.io/twitter ↔ j-h.io/linkedin ↔ j-h.io/instagram ↔ j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ j-h.io/sponsorship
🚩 CTF Hosting Requests ➡ j-h.io/ctf
🎤 Speaking Requests ➡ j-h.io/speaking
💥 Malware Submission ➡ j-h.io/malware
❓ Everything Else ➡ j-h.io/etc

Пікірлер: 47

@jpierce2l33t 2 жыл бұрын

Dude, following along right with you, even going ahead now until I get stuck! Please keep going, this is great and I appreciate you so much!

@jlm1144 2 жыл бұрын

I was at that part in my Security+ chapter about buffer-overflow and I was looking for an example of what it really did in C. Thanks man !! :)

@VA3KAMA3 2 жыл бұрын

Super cool series, always a pleasure to watch them! Keep it up!

@greyether777 2 жыл бұрын

Thanks John. We appreciate how you thoroughly explain everything and keep it simple at the same time. You're a rockstar!!

@mrnord1989 2 жыл бұрын

Thank you John, every time I watch one of your videos I always learn something new :)

@wilcosec 2 жыл бұрын

Great series! Keep it coming!

@Talyzeni 2 жыл бұрын

These videos are so awesome. Thanks so much John

@JB4lly 2 жыл бұрын

Maybe putting -fstack-protector when compiling would have worked? Not sure

@windows74001 2 жыл бұрын

Haha I'm a noob at these CTF challenges and had troubles solving this one for some reason. Looking through it with your guidance I'm like "Wow I'm an idiot, it was so simple" lol

@LDowning0190 2 жыл бұрын

Enjoyed the video. Keep them coming.

@logiciananimal 2 жыл бұрын

3 ways to fail the computer systems course I did ~20 years ago: 1) cheat 2) do way too little adequate work 3) use gets()

@KGAD0831 2 жыл бұрын

Loving this series, John. Please finish it!

@zer001 2 жыл бұрын

This was fun! Please more John. :)

@tuxmaster2715 Жыл бұрын

You the best John, thanks a lot for these material and your explanations, You are a master mind my friend

@wChris_ 2 жыл бұрын

it seems to be a kali linux thing having no stack-protector when building with gcc, as it works on my machine (ubuntu)

@FunkadelicFeed Жыл бұрын

You have to pass “fstack-protector" when compiling with gcc

@richardStretcher 2 жыл бұрын

I wanted to subscribe, but I've completely forgotten that I already was. Anyway, thanks for another informative video!

@masudrahman253 Жыл бұрын

Done Watching Cool Thanks John

@kaleabalemayehu 2 жыл бұрын

you already know it but let me tell you one more time YOU ARE AWESOME.

@drioko 11 күн бұрын

Awesome

@anmoldeepsingh9281 6 ай бұрын

i think the stack smashing wasnt detected probably the way gcc was compiled, its default could have been -fno-stack-protector, so default build task will never include a canary

@cqundefine 2 жыл бұрын

sigsegv stands for signal segmentation violation

@MiguelDevOps 2 жыл бұрын

6:34 a minor correction: the char array buf1 is 100*sizeof(char) Bytes long

@TehPwnerer 2 жыл бұрын

Oh the days I coded in C/C++, flush of output buffer is not guaranteed without the flush

@fjr2go 2 жыл бұрын

Nice'n'easy :)

@henrym5034 2 жыл бұрын

Thank you for all the beginner-friendly content A question as an absolute newbie into binary: only an input of length>=20 causes the SIGSEGV, i.e. it doesn’t happen with say 17. Is there a way to know or estimate how many more bytes I need?

@hedgechasing 2 жыл бұрын

The segfault is triggered by overwriting the return address on the stack (changing its value to some random garbage makes the program try to jump to that address and read code from there which the OS does not allow and sends the segfault signal) how many bytes you need to modify depends on the layout of the stack. You can use a debugger and look at the addresses of the local variables or look at the disassembly to see how much space is being allocated on the stack, but in this particular case the extra four bytes are the space on the stack for the local variable input. The layout of the stack is return address, then input then the buffer (though the stack grows down so these end up at decreasing addresses). When you put an input less than 16 characters it fits into the buffer. If you put 16-19 characters it starts clobbering the local variable input, and only once you put in 20 or more characters does it start touching the return address and cause the segfault.

@henrym5034 2 жыл бұрын

@@hedgechasing thanks for the explanation! I definitely have to look at it more

@frixx22 2 жыл бұрын

If this is training wheels, I am still at the crawling phase XD. I'll get there one day :')

@rsvv6828 2 жыл бұрын

What is the version of Sublime text you are using?? Please answer

@stopper0203 7 ай бұрын

I don't understand how just adding a few extra characters causes the flag to magically appear. Is it because added the extra characters causes some specific code to execute? If so which part?

@zer001 2 жыл бұрын

I think strcpy is the most used function to demonstrate bufferoverflows.