Pwntools & GDB for Buffer Overflow w/ Arguments (PicoCTF 2022 #43 'buffer-overflow2')

แชร์
ฝัง
  • เผยแพร่เมื่อ 27 พ.ย. 2024

ความคิดเห็น • 38

  • @FurikuriYugi
    @FurikuriYugi 2 ปีที่แล้ว +17

    Don't be sorry. It is important for people that are new to programing to see that despite how talented and or expierenced one is that we stil can get stumbled up on things even if it is a miss spelling that can eat away hours of your time.
    Great job as always and thank you.

  • @JohnSmith-eq5bw
    @JohnSmith-eq5bw 2 ปีที่แล้ว +27

    I'm trying to get started in the infosec field after completing an unrelated undergraduate degree. It's fascinating stuff, but it's very easy to get discouraged. Seeing John encounter difficulties and work around them is inspirational. If a seasoned pro has a hard time with PicoCTF, that makes me feel a lot better about having a tough time applying the theory I'm learning.

    • @00killerix
      @00killerix 2 ปีที่แล้ว

      For curiosity, what's degree have u done? :D

  • @drewzilla1263
    @drewzilla1263 ปีที่แล้ว

    Nothing to be sorry about, John. The topic of these videos require a longer video. I love working along on these with you and I feel good when I figure things out around the same time you do, or at least I understand what you're talking about. It means I learned well form your videos so far. Thank you!

  • @HAGSLAB
    @HAGSLAB 2 ปีที่แล้ว +1

    I'm sure John knows this and is just using argparse manually to learn and teach. But, for anyone interested, `pwn template` actually gives you a template for your exploit including local/remote support.

  • @_hackwell
    @_hackwell 2 ปีที่แล้ว +2

    thanks for the video! it'll help a lot for the upcoming cyber apocalypse

  • @__hetz
    @__hetz 2 ปีที่แล้ว +1

    I take a stab at Advent of Code every year, usually hitting the wall a bit over halfway through, and all I wanted last year was to make it on a leaderboard for the first time. I knew I'd have to do it with the easiest challenges in the first week, and it eventually happened to where I had "completed" a challenge fast enough that I would've finally made it. I was done and working in under two minutes... or I would have been except I had that same + instead of += typo on a line. It took me another 30 minutes of trying to find nonexistent bugs like index errors or off-by-ones before I realized the problem.... so maybe this year will be the year instead.
    As others have said don't beat yourself up over it because it happens to the best of us. At the same time showing these occasional struggles over simple oversights greatly humanizes the process. It reminds us that even professionals can tunnel vision themselves away from a solution that was firmly in their grasp.
    Keep up the awesome work, John!

  • @artemis-arrow-3579
    @artemis-arrow-3579 2 ปีที่แล้ว +3

    I'm currently learning exploit development, ur vids r rly helpful man, they give me a general idea for such things

  • @themadichib0d
    @themadichib0d 2 ปีที่แล้ว

    Super cool, hadnt seen pwntools or gef before this, but I love how clean that exploit script looks once it was done.

  • @Whyineedachannelname
    @Whyineedachannelname 2 ปีที่แล้ว +1

    Thanks for all the work you do it's very educative can't wait to see the next one

  • @FunkadelicFeed
    @FunkadelicFeed 2 ปีที่แล้ว

    Seeing you struggle was so inspiring and encouraging. If you also have trouble sometimes then it's okay for me to struggle with almost all of the challenges 🤣

  • @AntonioSouza
    @AntonioSouza 2 ปีที่แล้ว

    Thank`s you John.

  • @thedailysenior
    @thedailysenior ปีที่แล้ว

    You the best!

  • @_AN203
    @_AN203 2 ปีที่แล้ว

    Pwn tools seems to be targeting walk throughs which is hell helpful !!

  • @alisenjary
    @alisenjary 2 ปีที่แล้ว +2

    Very nice

  • @viv_2489
    @viv_2489 2 ปีที่แล้ว

    Great python pwntool and gdb tutorial

  • @spencerlaplaca437
    @spencerlaplaca437 2 ปีที่แล้ว +1

    Huntington beach California here

  • @taponplaza
    @taponplaza 2 ปีที่แล้ว

    super informative video!!

  • @kostyatitovsky9983
    @kostyatitovsky9983 2 ปีที่แล้ว

    Hello, John! Read about subparser for argparse ;)

  • @0xSebin
    @0xSebin 2 ปีที่แล้ว

    John please do more videos related to Buffer overflow ...

  • @bhagyalakshmi1053
    @bhagyalakshmi1053 ปีที่แล้ว

    Arg 1to transfer arg 2

  • @KaliMax1337
    @KaliMax1337 2 ปีที่แล้ว

    John, these are great vids- thanks! just starting out and really like rev eng but aside from CTF's , how is this an in demand skill for the real world?

    • @nekosalad8308
      @nekosalad8308 2 ปีที่แล้ว

      i think blue team seniors do rev eng. its not a junior level skill afaik.

  • @redspotaquashrimps
    @redspotaquashrimps 2 ปีที่แล้ว

    Very cool! How many hours you spend per day doing this stuff before you know what you're doing from daily work to late night I suppose? :)

  • @oliverthomas700
    @oliverthomas700 2 ปีที่แล้ว

    Hi John, thanks for another great video!
    I have a question about reading the value of ebp, when you have set it to cafef00d. I know the ebp+0x8 is cafec00d but when I do the
    "x $ebp+0x8" it prints "
    \360\376\312
    \360\003". Why is that? 🙂

  • @fr0x41nk
    @fr0x41nk 9 หลายเดือนก่อน

    I don’t know Seth Rogan was in infosec

  • @bhagyalakshmi1053
    @bhagyalakshmi1053 ปีที่แล้ว

    Part 2

  • @bhagyalakshmi1053
    @bhagyalakshmi1053 ปีที่แล้ว

    Integer value given?
    Integer over /underflow what tlime.

  • @gothops154
    @gothops154 2 ปีที่แล้ว

    44:58 armchair programming here, but (not x OR no y) is just (x AND y)

    • @_JohnHammond
      @_JohnHammond  2 ปีที่แล้ว +1

      I might be stupid but I don't think that's true?
      IF ( NOT x OR NOT y) doesn't that mean either x could be 0 or y could be 0, the logic succeeds-- while with IF ( x AND y ), the logic only succeeds if both x is 1 and y is 1?

    • @intuital
      @intuital 2 ปีที่แล้ว +1

      Actually, it's equal to NOT (x AND y). de Morgan's Theorem.

  • @bhagyalakshmi1053
    @bhagyalakshmi1053 ปีที่แล้ว

    Not 0?

  • @v2nd2tt44
    @v2nd2tt44 2 ปีที่แล้ว

    man still playing pico ctf 🕴..

  • @bhagyalakshmi1053
    @bhagyalakshmi1053 ปีที่แล้ว

    Byipas

  • @bhagyalakshmi1053
    @bhagyalakshmi1053 ปีที่แล้ว

    R vilu number what uuink k collections.

  • @databang
    @databang 2 ปีที่แล้ว

    f̸̫̱̑̒͋͂͐͋̋̐̕u̶̼̻̦̥͔̍̈́͒̆͗̃̀͂͆̚z̶̨̨̢̛̲̰̯̹͍͚͕̒͑z̸̡̛͙̖͖y̵̪̜̞͇̜͕̏̅̈́͌̀̎̕L̶̢̛̫͉͓̙̏͛̓̈́̽o̴̪͈͓̮͐̋̐̇͒̑͊̊̕ģ̷̭͕̽͊̈́̋̀͛́ỉ̵̼̮̹̖̙̣̘͔̞͜c̵̙͙̍̈́̈́̄͆̌̆̈́͘F̶̦̈̆̏̊̈́̈́͘͝Ṭ̴̛͙̺̰̬͇̫̟̞̃̀̈́́̚̚͝W̶̬̺͓̯͕̿̒

  • @bhagyalakshmi1053
    @bhagyalakshmi1053 ปีที่แล้ว

    Haaa part 2, 3, 4 opening 🪟