again this is an older video; but this kind of stuff even it is an "easy" challenge still completely blows my mind. this is CRAZY. I totally love this.

These tutorials are by far some of the best material on the entire internet focused on this subject. I love the technical explanations as well as the quality of the video editing. Curious what you are using to do your editing? Keep up the excellent work, I've learned quite a lot from these and look forward to learning that much more. Where do you hang out in IRC? Kudos!

I love the videos posted on this channel.The content is very clearly explained in depth.This is the best material I read so far.

11:19 when my mom looks at me when I pop out of her womb

Thanks for the video, I was stuck at this level since yesterday! Watched your video exactly until 1:51 and immediately noticed what I was overseeing/missing all the time. Damn. Further exploitation was pretty straightforward :D

learning in 2022 and it seems that these tutorial vidz of yours are some of the best on the whole www

Of course you aren't the best security researcher, but you are the one making the best informative videos i know of and i thank you for that :)

Excellent !!! Amazing videos !! I am so happy to discover these videos . The best video I ever came across on internet 😎

You're amazing! :)

"oh, that looks fucked" lol Awesome video series!

And that's why you must use strncpy(copy N chars from src to dest) here, never trust user input :D. Awesome series!

great video!

really, awesome!

Thank you for this good series of tutorial :) I'm a bit confuse on print in GDB. Could you help explain why we have to set $i1 = (struct internet*) 0x08041028 ? Shouldn't print work with an existing variable in the current context ? I first tried (gdb) print *i1, print i1, x/x i1 but the address of i1 seems to be totally different from the real one 0x08041028.

ow, that looks fucked I love it. Great vids by the way, keep it up :)

don't forget to turn ASLR off!

How do I get my gdb to show the destination address?

Hi, I was wondering if there is a way to exploit this on a 64-bit system. The problem is that we have to override 0x00007ffff7ef6070 (address to malloc'd area on heap) to 0x00000000006041d0 (address to puts@got) and strcpy stops copying before a nullbyte.

3:45 I didn't know a Compiler can optimize that since it's a function. I mean, it's possible but it's a really special purpose optimization.

How did it actually change where i2->name was pointing to? Shouldn't it have just changed the value inside? Or does it have to do with overwriting the meta-headers?

Why eip is overwrote with the source of string copy after you overwrote the destination of string copy can someone explain please

How can you use the run echo command with the chars needed if the programme doesn't work arround the argv argument but a gets() function

@10:00 why doesn't the malloc for the name of the i2 ever get assigned? The name of i2 was 0x0 before the strcpy().

This video was very helpfull but there is something I can't figure out. When you replace the FFFF with the Address of Puts what happens to the code flow.. I mean why the eip is replaced with the firt 4 characters of second argument?? Thanks in advance

You're really good but what I don't understand is that if EIP indicates the next step to process how can you manipulate it if it should be changing every microsecond? Like while Im watching your youtube video isn't eip changing to read new data from memory and send it to the audio card? Maybe it is all process encapsulated?

Hi LiveOverflow, I have followed through your tutorial, and it is straightforward and super helpful. I thought that I would try it on an Ubuntu 16.04, 32 bit system, and I have run into a problem. At about 3:10 you have a segfault for your strcpy function, and it is clear which string is being copied and the string's target address (0x46464646). But, when I have a segfault, my error message says: __strcpy_sse2 () at ../sysdeps/i386/i686/multiarch/strcpy-sse2.S:1657 1657 ../sysdeps/i386/i686/multiarch(strcpy-sse2.S: No such file or directory. When I use backtrace I get he same error. This error is not nearly as clear and helpful as the one that you receive in your tutorial. I have looked around online to see how to solve the "no such file or directory" problem thinking that this might help. I tried installing libc6-dbg, installing build-essentials and setting gdb's debug-file-directory. This didn't help. Is it because I am using a different version of C? Or, is the error message difference due to a configuration in gdb. Thank you.

Hi , thank you for your videos, i have a problem , the output of the gdb isnt like you, the part `*__GI_strcpy (dest=0x804a038 "", src=0x0) at strcpy.c:39` please help me

does anybody know where I can find the sources for these protostar exercises? the original website is down, and the bootable image that I downloaded over vulnhub doesn't contain any source code. I have searched the internet, but didn't find anything.

u r wow!

-Heap overflow- -Buffer overflow- LiveOverflow

This worked because printf on line 34 was optimized to puts(), if it was printf printing with arguments then it could have gone into endless recursion by calling printf & exploit would have failed. The real question is how to exploit this code if line 34 was printf.?

My gdb is not showing the memory address where segmentation fault occurred. Any idea ? It says -->> Program received signal SIGSEGV, Segmentation fault. __strcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S:298 298 ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S: No such file or directory.

to do what he is try to do by the beginning : run gdb break * after the latest strcpy define hook-stop info registers end run with the payload to detect

what Linux and gdb are you using

Thanks a lot! Will there be a video on exploiting heap functions such as unlink?

How much it will differ in ×64 system.? For heap0 challenge, I was able to get the overflow offset but the address from objdump is different from gdb . When I try it in gdb it crashes and from terminal it never jumps to winner.

why echo is not working insted of /bin/echo ?

@Liveoverflow you should really start the challenges @ root-me system hacking, THAT WOULD BE EPIC AS FUCK!

at 8:49 it'es bits not bytes right ?

Hey can i contact you by email?

I do not understand