No video
Using z3 to find a password and reverse obfuscated JavaScript - Fsec2017 CTF
Рет қаралды 84,349
Күн бұрынRecently I attended fsec 2017 in croatia. And there was a cool CTF challenge I solved during the conference that I wanted to share.
script: gist.github.co...
=[ 🔴 Stuff I use ]=
→ Microphone:* geni.us/ntg3b
→ Graphics tablet:* geni.us/wacom-...
→ Camera#1 for streaming:* geni.us/sony-c...
→ Lens for streaming:* geni.us/sony-l...
→ Connect Camera#1 to PC:* geni.us/cam-link
→ Keyboard:* geni.us/mech-k...
→ Old Microphone:* geni.us/mic-at...
US Store Front:* www.amazon.com...
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Website: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
=[ 📄 P.S. ]=
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
#CTF
@webwolfy7310 5 жыл бұрын
This is by far my favourite hacking related KZfaq channel, the story + CTF format works great as far as I'm concerned.
@seismicdna 6 жыл бұрын
I think if you keep the story + film in the first part and the challenge in the second part (or vice versa), a lot of people would like it.
@indexoverflow 6 жыл бұрын
Agreed. The storytelling was interesting, but it made the flow of the video a bit unnatural. Try it the way suggested above.
@ltstaffel5323 6 жыл бұрын
+1
@lpnando 6 жыл бұрын
I also agree
@kingkongrilla 2 ай бұрын
Very dope video walking through the various skillsets required to solve such a problem, as well as the need to understand the scope of a problem. De-obfuscation is really the secret sauce, once you understand the recipe manipulating it is just a matter of how lazily/efficiently you can execute.
@biehdc 6 жыл бұрын
As you asked if storytelling + reversing is good, i dont think so, because it breaks the thought process when you try to follow whats going on, especially for less experienced like me i think
@LiveOverflow 6 жыл бұрын
thanks! valuable feedback :)
@FreeER 6 жыл бұрын
same opinion here. Even though you'd just mentioned it the jump from the anti debugger to the story made me stop the video and say "wait, what?". I don't mind a story _and_ a debugging session/explanation in the same video but interleaving the two when the story isn't some part of the explanation (eg. a friend of mine pointed out...it reminded me of...) apparently breaks my mind :D
@ryangurak5239 6 жыл бұрын
I agree. But, I like to hear both types of things, perhaps intertwined more thoroughly so it doesn't seem so jarring.
@Jango1989 6 жыл бұрын
I liked the story telling and thought it added to the video and made it more interesting and entertaining to watch.
@BoZmD 6 жыл бұрын
I thought the video was a nice intro to why and where you made this. I like your humility. I also like the pacing of the video. Sure I wish you would slow down, but I can watch it again. You get to the solution quickly showing how each step fits together. I will rewatch closer.
@blairsaid 6 жыл бұрын
Very impressive man. Really enjoyed your video and was satisfied with the story telling.
@DSAhmed 2 жыл бұрын
I love it when you drop F bombs. Great videos. I'm sad that KZfaq algorithms took so long to suggest your videos to me.
@MrJellekeulemans 2 жыл бұрын
Love your videos. I'm learning alot from them.
@einstian 5 жыл бұрын
I really like your videos! Great for learning how to deconstruct ctf challenges :)
@DM-qm5sc 4 жыл бұрын
It sucked That the video ended 😭
@evilchairproductions482 5 жыл бұрын
I'm going trough your CTF playlist and I find my country! Yaay!
@theotherguy6282 2 жыл бұрын
Appreciate the honesty on how long it takes to solve ctfs
@msec7188 6 жыл бұрын
Look at that Cake!!! Nice vid as always !!
@phiber9 5 жыл бұрын
great meeting you dude! too bad we didnt get a chance to talk over a beer.
@angryman9333 3 жыл бұрын
i need to rewatch these, since first time i saw it i didn't knew shit about this stuff
@owendearmond-macleod5668 6 жыл бұрын
I thought it was a good mix between talking about the conference and playing the CTF.
@SergioAndress 3 жыл бұрын
Muito interessante seus vídeos sobre hacker, obrigado por compartilhar seus ensinamentos e por sua humildade em ser quem você é!
@r00tb33 6 жыл бұрын
I'm asking for a favor pls make a playlist of all web app security videos from your channel. I'm a newbie to web app sec it would be really helpful for all of us. Thanks.
@NickInts 6 жыл бұрын
Hahaha flag hoarding! Well when you're the main person who makes CTF videos, I guess people expect you to be a god!
@lucid8584 5 жыл бұрын
you WERE IN CROATIA WHY THE FUK I DIDNT VISIT THAT CONFERENCE :(
@Bickers42 5 жыл бұрын
Nice video, have you got a link or a backup of the challenge files? The link in the video doesn’t work anymore
@crispy_rw 4 жыл бұрын
More fun @liverOverFlow
@Kabup2 5 жыл бұрын
Hey, do you know something about a IATool to reverse bins? IA used to auto reverse? Or IA used as a hacker tool in anyway?
@leon1985ist 4 жыл бұрын
Hi how are you mate !! Thanks for this awesome videos , do you may sharing what kinda resources and books you study to Lear all of this please , am just starting to hacking and HTB and CTF
@nukexplosion6679 3 жыл бұрын
You can read "Hacking: The art of exploitation" and "Attacking network protocols". Also you can see LiveOverflow's binary hacking and web hacking playlist. I recommend you start with "Hacking: The art of exploitation" and the binary playlist first, then go for web and network protocol stuff. Also be sure to check out this invaluable reddit post: www.reddit.com/r/hacking/comments/a3oicn/how_to_start_hacking_the_ultimate_two_path_guide/
@nukexplosion6679 3 жыл бұрын
Also check out his "The secret step by step way to start hacking" video
@zzh1996 6 жыл бұрын
why can't I register for this CTF? is it closed? when I press enter in the register form, the pages refreshes and nothing happened
@AlboCoder 6 жыл бұрын
Are you going to be at defcamp CTF?
@jynns2556 6 жыл бұрын
Wow great video
@SimonWanner 6 жыл бұрын
I recently wrote a deobfuscator for this kind of while/switch obfuscation: gist.github.com/skyrising/00a3500e24ddeab167c5692445e6dd11
@pinokio514 5 жыл бұрын
Hi. Where I may to find the pdf presentation (3:47)?
@IceHax 5 жыл бұрын
why do you even censor your face if you spoke in public and people could see you? i dont get it lol
@jeremypatrickdahan 4 жыл бұрын
Hey, do you have a link for the CTF or is it down ?
@Handlessuck1 5 жыл бұрын
i wish i could do this but where to start?
@chegevarra1036 3 жыл бұрын
What is this video about for?
@muha0644 5 жыл бұрын
9:53 well at least you can solve them... unlike me
@SimoneAonzo1988 6 жыл бұрын
No storytelling... "real life good graphics bad gameplay"
@omerkatz3595 6 жыл бұрын
Very good video, where can I get z3?
@mariomlinaric745 5 жыл бұрын
I live in Croatia (Zagreb)!
@kim87713 5 жыл бұрын
how to download any html files?
@samfoxman7046 6 жыл бұрын
This firefox extension works very well to deobfuscate javascript. (Only works on old firefox versions) addons.mozilla.org/en-US/firefox/addon/javascript-deobfuscator/
@HDQuote 6 жыл бұрын
why does he have a juche (korean communist) sticker on his laptop at 1:31?
@zacpier 6 жыл бұрын
His laptop's hostname is "redstar-os" I wouldn't think much of it
@liptakszabolcs1395 5 жыл бұрын
Hahaha CTF decoding machine :)
@cothan2062 6 жыл бұрын
Interesting. I modify your code and use BitVec only, (I removed BV2Int) and the code produces unsat. However, in BitVecRef, there is __mul__ and __div__, so I think there is no need to convert it to Int (by using BV2Int) at line 61, 62. Then I figure out, that in line 61, the divide operation in BitVec is un-natural, so we have to use BV2Int. (pictures included) imgur.com/LUKQFnL TIL: __mul__ in z3 is great, __div__ is not.
@LiveOverflow 6 жыл бұрын
I spent most of my time fighting with z3. I also tried it with BitVecs first. I think I ran into the same issue and got frustrated.
@ko-Daegu 2 жыл бұрын
Where can I learn more about z3
@Creuilcreuil 6 жыл бұрын
nice vid as always, btw *def* is_valid(c): *return* c *in* "APSYD0GNIL1_"
@LiveOverflow 6 жыл бұрын
+Creuilcreuil _ no. That won’t work. It has to be a z3 expression
@nile7999 6 жыл бұрын
THIS THE SHIT I DO LIKE HYAHHHHHHHHHHHHH
@generalkenobi300 6 жыл бұрын
Buy the ST license...
@89elmonster 6 жыл бұрын
I didn't know you were black
@4pxris3 5 жыл бұрын
what? he's german how would he be black
@Whynot83848 5 жыл бұрын
@@4pxris3 because he blackened his face
@francismori7 5 жыл бұрын
@@4pxris3 also lol, why can't a german-born person be black? :/
@Fabian-_- 6 жыл бұрын
Wow 😵 wie? :D
@hemanth.alluri 5 жыл бұрын
I don't really like this style of mixing the write-up and the story-telling parts. It ruins both. Having both exist separately (either in the same video or as 2 separate videos) would be better.
@pavansai6078 5 жыл бұрын
How to find password for 7z file ?? Plz reply
@ahmedselimuzum3049 5 жыл бұрын
You can brute force it with John the ripper
@pavansai6078 5 жыл бұрын
@@ahmedselimuzum3049 where to get the john the ripper ?
@ahmedselimuzum3049 5 жыл бұрын
@@pavansai6078 github.com/magnumripper/JohnTheRipper the official repo of John The Ripper
@pavansai6078 5 жыл бұрын
@@ahmedselimuzum3049 bro how to use any video plz
@ahmedselimuzum3049 5 жыл бұрын
@@pavansai6078 kzfaq.info/get/bejne/jrOEnqp_uN_Hl2Q.html a tutorial for john the ripper 7z cracking
@rogercruz1547 5 жыл бұрын
Somebody added a portuguese translation to your video and the title simply sucked ass, I had to switch to english to understand what was happening...
@nathanoy_ 2 жыл бұрын
lol 8:00 python really has evolved a lot. these 10 lines are now just `x in "APSYD0GNIL1_"` xdd
LiveOverflow
Рет қаралды 85 М.