That is the most comprehensive example of how a buffer overflow works that I have ever seen in a video. I have only seen it explained in books on the subject. That was a well done video and most programmers have no idea how important it is to check buffers because most don't know anything about how the processor actually works. This would be a good video for all programmers to see. I am not a professional programmer, it is a hobby interest for me but it is also a hobby interest to learn how the circuitry in the computer at the logic level actually works so it naturally makes since to me how the overflow attack works. Well done.
Todd, I wanted to take a moment to write out a special message for you. Something about your message really pulled on some heartstrings for some reason, so number 1, thank you so much for the kind words, seriously it means so much to me. Secondly, I completely get what you're saying. It's inherently a pretty technical subject to cover, I mean there are so many moving parts and most of them are seriously pretty low-level in relation to the CPU; and the 1s and 0s therein. As you were saying, most programmers have probably heard of these kinds of attacks but since they typically use such a high-level/highly-abstracted language that handles memory management and does garbage collecting for them, it can very easily slip their minds which, 100% downplays the severity of it. It's because of this reason that I decided to make a video so that ALL of us, as a community - hackers, programmers, infantile water lizards, etc. could learn about these kinds of vulnerabilities :) Thank you so much for commenting, Todd. Keep up the great work as well! I hope you stick around! :D
Great video! One thing about the secure example, although that specific version is not insecure, it's important to note that dependent on the size of your buffer (even if you only read the buffer size in) can become insecure. When taking input into a buffer with read, it's usually pretty smart to only read untill the 2nd to last byte. Eg. if you have a buffer of size 200, you read in 199 bytes, this is because read does not supply a NULL byte or anything to terminate the string for you. Why is this an issue? If you're for example printing a string where input is supplied with read, and you're printing using the %s modifier. Printf will print untill a NULL byte is hit. If your buffer happens to be 8 byte aligned the user may fill up the 8 byte buffer completely, without a NULL byte. The printf will subsequently print those 8 bytes and whatever is found in memory afterwards, if whatever is found happens to not be a NULL byte. This is a leak primitive. As an example I took your secure program and changed the buffer size to 256 and the read size to 256. So char buf[256] and read(0,buf,256). Output looked as follows: AAAAA..
:O that was fascinating... (you really DO learn something new everyday xD)!! seriously, thank you so much for such a detailed explanation; I had a blast reading this and will definitely try to tinker with this soon (right now, I'm following the malloc maleficarum and working on the house of force - really exciting stuff!) :D!! AND THANK YOU SO MUCH for subscribing and the kind words, Jens! :')
@@crr0ww heap stuff is where it gets really exciting! Looking forward to see what videos you might make on it! If you're diving into heap stuff I can recommend using pwndbg instead of peda for debugging btw. As it has bindings for checking the heap and free bins. This makes it a lot easier to keep track of what's going on instead of having to manually parse the heap to figure out what's going on 👌
@@jensnielsen8612 I 100% agree; this heap stuff is insanely intriguing (oh and you best believe I'm going to make a video on heap exploitation :)) I've already got pwndbg running and have been using it religiously recently xD, and MAN is it magnificent :D tysm for having this little interaction with me, jens! you really made my day :)
Hello Crow, I love your content and I just stumbled on it yesterday. One other thing caught my attention, please can you make a mini series showing how you mod(riced) your operating system, and the fonts and zsh shells and theme you are using? It looks so good!
trust me, i feel you. there is no game like runescape : ') just hearing the music and editing it brought me back straight to lumbridge. those were the days :')
0x41414141 Happened to stumble upon your channel recently, and quite happy I did. As a very seasoned (old) IT guy, I find your videos highly educational, and I love your sense of humor and all the little drawings and such! Keep up the great work!
0x41414141 Loved the video, I never really understood buffer overflows even though I have been exposed to it for a while. The video is well structured and the comedy makes the digesting of such technical information smooth. May I know what OS you're using? It looks really cool. Thanks again for the video, expected to see a lot more on technical/niche cyber topics.
@@crr0ww thanks mate, in all seriousness, I really enjoyed your video. Got me in the mood to try this out. Good balance of e entertainment and education
Amazing video! tltr - can you tell me which programs you have been using to making your videos? I have been thinking about making videos like yours, but in Portuguese (I’m from Brazil), and with a defensive approach/perspective. But I have no idea how to do it, I just have the content knowledge and some digital notes. What kind of programs I have to learn about, to make an animated video like this
Hey, somehow I am facing "not found in pattern buffer" when trying to find an EIP offset. What could be the reason and do you have some guidelines where I can look deeper in this EIP process? thanks!
Nice video! Stack Based BoFs are cool, but an idea, what do you think about ROP BoFs? I think those are the most triky ones ahahahahah Anyways, very cool video!!
thank you so much! ROP is definitely one of my favourite techniques, there are also some variants of ROP itself XD (sROP, etc.), I'll be sure to cover it :>
so we were given a task in university where we should exploit a program with a buffer overflow as we were learning about assemly at that time. Didn't understand shit so that's why i'm here. BUT: Can you actually expect to face programs where you can use buffer overflows or is software secure enough for that?
Hey crow just curious - first time learning about some of this stuff. What if their are no functions "worth exploiting" if that makes any sense. I guess the idea is that it gives you access to return any function within the program itself and that's beneficial but seems like it could be pointless if their is nothing worth exploiting? Can you do any function "injection"? That might not make any sense haha.
hey, that's actually more common than what you might think! : ) in that scenario, it's a bit trickier but it can still definitely be done. that's when you'd want to look at something like using ROP for your exploit(s) :) hope that helps
So even if there is an exploitable buffer in someone code, if you don't have access to a function that is also useful, then it doesn't really matter? Assuming RX/DEP is present?
Hello! I am actually learning these stuffs and also about cybersecurity in general as a newbie, and I want to ask something. If you come across this comment, please feel free to answer :3 I have been getting SIGABRT error instead of SIGESEV error as mentioned in the video, been facing some problems for that. Can anyone explain why and how is this happening? and also, how to bring sigesev error as demonstrated?
I have had the same issue. I tried writing more characters into the buffer (for example, 5000 worked for me in the sense that it gave me SIGSEV error, but the contents of my EIP (RIP in my case) register are not repeating 'A's but (vmovdqa ymm1,YMMWORD PTR [rdi+0x1]) instead. I would like to know what the issue is as well. Edit: I just thought of this, but could the issue be with the CPU architecture, since I have an AMD CPU? Could the difference between Intel and AMD CPUs be causing the difference in behavior?
thank you so much for commenting! :D ahhh as much as i love the mother/earthbound games and music, I didn't use it here : ( I used music from a game called "old school runescape" : )
hey! just using kali that i riced up a bit : ) I might make a dedicated repository with my config files, but here's what I'm working with rn: OS: kali WM: bspwm bar: polybar compositor: picom launcher: rofi notifs: dunst terminal : alacritty colourscheme: catpuccin mocha font: iosevka hope that helps
sure : ), i might put the config files up eventually but for now, here's what I'm working with: OS: kali WM: bspwm bar: polybar compositor: picom launcher: rofi notifs: dunst terminal : alacritty colourscheme: catpuccin mocha font: iosevka hope that helps! :)
Could've been made more easier if explained slowly while typing and doing instead of explaining first and doing it practically, later in which we miss some points which are not effectively described. But good stuff if you already know ASM and have a basic idea what buffer is..
@@crr0ww Of course! I'm always happy to hand out credit where it's due (and it's definitely due here). Your art style is cute and your videos are informative. Keep it up! Have a nice day, cheers from Canada!
100% it's definitely possible to have buffer overflows occur in rust binaries; albeit it's a bit harder because rust is definitely one of the more "memory-safe" languages out there (from what i've seen/heard, i've yet to actually program in rust) thank you for commenting : ) !
from what I know about rust (not a rust programmer unfortunately xD), it's a very "memory-safe" language that has a really good garbage collector, a borrow checker, and other mechanisms to prevent attacks like this. Although, you could 1000% still force this vulnerability to occur within rust code
Now this is the content I wanted to see
>:)
Seeing 41414141 in your hex output after throwing random shit at a suspected vulnerability for hours is so satisfying
Honestly, I know basically nothing about hacking, yet this was so digestible and entertaining!
AH ❤️ tysm that’s the plan!! :)
PLEASE I BEG YOU KEEP SHARING YOUR KNOWLEDGE IN THAT WAY, THAT'S A BANGER
AAAA THANK YOU SO MUCH :"))!! , AND WILL DO :D
That is the most comprehensive example of how a buffer overflow works that I have ever seen in a video. I have only seen it explained in books on the subject. That was a well done video and most programmers have no idea how important it is to check buffers because most don't know anything about how the processor actually works. This would be a good video for all programmers to see. I am not a professional programmer, it is a hobby interest for me but it is also a hobby interest to learn how the circuitry in the computer at the logic level actually works so it naturally makes since to me how the overflow attack works. Well done.
Todd, I wanted to take a moment to write out a special message for you. Something about your message really pulled on some heartstrings for some reason, so number 1, thank you so much for the kind words, seriously it means so much to me. Secondly, I completely get what you're saying. It's inherently a pretty technical subject to cover, I mean there are so many moving parts and most of them are seriously pretty low-level in relation to the CPU; and the 1s and 0s therein. As you were saying, most programmers have probably heard of these kinds of attacks but since they typically use such a high-level/highly-abstracted language that handles memory management and does garbage collecting for them, it can very easily slip their minds which, 100% downplays the severity of it. It's because of this reason that I decided to make a video so that ALL of us, as a community - hackers, programmers, infantile water lizards, etc. could learn about these kinds of vulnerabilities :) Thank you so much for commenting, Todd. Keep up the great work as well! I hope you stick around! :D
This is literally the only video about buffer overflow which made it so simple, i could understand.
Love the way this was put together, very entertaining as well as informative!!
thank you so much! :)))
I thought TH-cam is very poor when we talk about this type of content until I found your channel 🤩🤩
thank you so much for the kind words :’)
Easily the best video on buffer overflows I've seen. Thanks!
thank you so much for watching
Great video! One thing about the secure example, although that specific version is not insecure, it's important to note that dependent on the size of your buffer (even if you only read the buffer size in) can become insecure.
When taking input into a buffer with read, it's usually pretty smart to only read untill the 2nd to last byte.
Eg. if you have a buffer of size 200, you read in 199 bytes, this is because read does not supply a NULL byte or anything to terminate the string for you.
Why is this an issue?
If you're for example printing a string where input is supplied with read, and you're printing using the %s modifier. Printf will print untill a NULL byte is hit.
If your buffer happens to be 8 byte aligned the user may fill up the 8 byte buffer completely, without a NULL byte. The printf will subsequently print those 8 bytes and whatever is found in memory afterwards, if whatever is found happens to not be a NULL byte. This is a leak primitive.
As an example I took your secure program and changed the buffer size to 256 and the read size to 256. So char buf[256] and read(0,buf,256).
Output looked as follows:
AAAAA..
:O that was fascinating... (you really DO learn something new everyday xD)!! seriously, thank you so much for such a detailed explanation; I had a blast reading this and will definitely try to tinker with this soon (right now, I'm following the malloc maleficarum and working on the house of force - really exciting stuff!) :D!! AND THANK YOU SO MUCH for subscribing and the kind words, Jens! :')
@@crr0ww heap stuff is where it gets really exciting! Looking forward to see what videos you might make on it!
If you're diving into heap stuff I can recommend using pwndbg instead of peda for debugging btw. As it has bindings for checking the heap and free bins. This makes it a lot easier to keep track of what's going on instead of having to manually parse the heap to figure out what's going on 👌
@@jensnielsen8612 I 100% agree; this heap stuff is insanely intriguing (oh and you best believe I'm going to make a video on heap exploitation :))
I've already got pwndbg running and have been using it religiously recently xD, and MAN is it magnificent :D tysm for having this little interaction with me, jens! you really made my day :)
LMAO IVE REWATCHED THIS LIKE 10 TIMES NOW AND JUST NOTICED THE OSRS MUSIC IN THE BACKGROUND
BRO LMAO
amazing vid, love the osrs music!!
you can return to a function thats never called in a program ------> *brain implodes*
bro im invested in this channel
AA THANK YOU SO MUCH, that's so nice 🥲❤
Really loved this masterpiece, you deserve billion subs
😂 thank you so much, i really appreciate it!
@@crr0ww glad you did
It is as if all the brain of the internet condensed into this channel
Hello Crow, I love your content and I just stumbled on it yesterday. One other thing caught my attention, please can you make a mini series showing how you mod(riced) your operating system, and the fonts and zsh shells and theme you are using? It looks so good!
thank you so much!! that means so much to me :') and of course! i have a ricing/modding series already planned for the future, stay tuned! :D
every time i hear that runescape music, all i can think of is waiting literal hours to play the game, just on that menu...
trust me, i feel you. there is no game like runescape : ') just hearing the music and editing it brought me back straight to lumbridge.
those were the days :')
this video made me giggle as well as taught me something
i'm so glad!! thank you :)
Love the content and loving the background RuneScape music
thank you!
0x41414141
Happened to stumble upon your channel recently, and quite happy I did. As a very seasoned (old) IT guy, I find your videos highly educational, and I love your sense of humor and all the little drawings and such! Keep up the great work!
thank you so much! : ) im so glad you enjoyed it, that's very kind of you
0x41414141
Loved the video, I never really understood buffer overflows even though I have been exposed to it for a while. The video is well structured and the comedy makes the digesting of such technical information smooth.
May I know what OS you're using? It looks really cool. Thanks again for the video, expected to see a lot more on technical/niche cyber topics.
0x41414141 🫡
Thank you so much for the comment, I'm so glad you enjoyed it; that makes all of this super worth it
This video is awesome! Thank you for putting the effort!
i love it just needed a reminder
This is so refreshing, in a sea of lame-ass videos of dudes with Guy Fawkes masks talking about "hacking like Mr. Robot."
I love your videos.
Time to write every program in rust 😅
YES, Harry Potter hacking mad. The videos that I need in MY BLOOD
😂😂 LET’S GOOO tysm for commenting xD
Broooooooooooooo!!!! please continue manking videos like this one pleasseeeee!. that was really fun
thank you so much, that's so nice!! :"D there are some videos planned right now just hold on a littttttle longer ;)
im your 99th subscriber, keep going to 100!
thank you so so much!! we made it to 100!! :D
@@crr0ww man you have 344 subs now
@@originalni_popisovac it's so crazy!! i know the channel has been growing so fast : )
Love the video. Amazing. Despiste about all usefull explanation I cant stop think about your teminal theme. Keep going and thanks for your time.
Best video made on buffer exploitation
Damn the algorithm is in your favor man
looks like my sacrifice to the youtube gods actually paid off >:)
Thank you man this vid show me the whole pic and and imporve my understanding thank you again
This video is kinda interesting... although I also find it super scary that I find this video interesting.
ahhh balanced as all things should be >:) thank you so much!
awesome! Fun to watch and listen!
Loved the format! Keep at it man! :)
thank you so much, enrique 🥹❤️ will do ! : )
Thank you father log. Great video, in gonna go overflow some buffers now
of course my son, thou shall floweth over any buffer thou shall see ❤️🥹
@@crr0ww father is it biblical cannon to tattoo 0xDEADBEEF on my arm?
@@raphaelradespiel9970 if the necro-cow calleth to you, let thine deadbeef in >: )
@@crr0ww thanks mate, in all seriousness, I really enjoyed your video. Got me in the mood to try this out. Good balance of e entertainment and education
@@raphaelradespiel9970 thank you so much that means so much 😭❤️❤️
i love your content Crow!
appreciate 'cha, thank you so much
This is the channel I've been looking for for aaaaaages
The Runescape music was confusing since I'm playing it while watching this vid but the music doesn't match the area where I am in the game
LMAOOO mb XDD
39 seconds into the video
*Subbed cos good animation
thank you so much!! :D
Osrs music made this video 10x better, gg
Cool video, hope you go viral soon.
i REALLY appreciate that, thank you so much! :)
join our official discord: dsc.gg/crow-academy
especially if you're a femboy :3
This is an amazing video. Thank you!
thank you so much
best quality channel
This is my jam
0x43434343
15:34
You just dissed all the Indians in all tech comment sections😈😈😂
Amazing video!
tltr - can you tell me which programs you have been using to making your videos?
I have been thinking about making videos like yours, but in Portuguese (I’m from Brazil), and with a defensive approach/perspective. But I have no idea how to do it, I just have the content knowledge and some digital notes. What kind of programs I have to learn about, to make an animated video like this
I'm happy I ran into this video.
thank you so much : D!!
@@crr0ww :) Subscribed, I’ll be following your content
@@Mauzy0x00 YOU'RE THE BEST TYSM 😭♥
Love your stuff man. I want to be like you when I grow up :)👍
i swear your so entertaining how do you evencome up w this
Hey, somehow I am facing "not found in pattern buffer" when trying to find an EIP offset. What could be the reason and do you have some guidelines where I can look deeper in this EIP process? thanks!
nice video! i am now hacker boy 9000
glad to be of service, hacker boy 9000!
I logged in my Google account just to liked and say that I enjoyed all your content!
i appreciate that so much, thank you! : )
Hey, at 12:24 the command r < pattern.txt, when r is some kind of alias (as i got it). What is the full command?
hi, the "r < pattern.txt" is the same thing as running "run < pattern.txt" : ) hope that helps
Nice video! Stack Based BoFs are cool, but an idea, what do you think about ROP BoFs? I think those are the most triky ones ahahahahah
Anyways, very cool video!!
thank you so much! ROP is definitely one of my favourite techniques, there are also some variants of ROP itself XD (sROP, etc.), I'll be sure to cover it :>
Awesome!
you’re awesome
in fucking love with ur channel such good content thx
If you have a FreeBSD router, with 1024 rx and tx descriptors is it more or less safe to give windows 1023 rx/tx buffers or 1025 rx/tx buffers?
so we were given a task in university where we should exploit a program with a buffer overflow as we were learning about assemly at that time.
Didn't understand shit so that's why i'm here.
BUT: Can you actually expect to face programs where you can use buffer overflows or is software secure enough for that?
How's your xxd printing ascii on the right? my one only shows hex values in output
Hey crow just curious - first time learning about some of this stuff.
What if their are no functions "worth exploiting" if that makes any sense. I guess the idea is that it gives you access to return any function within the program itself and that's beneficial but seems like it could be pointless if their is nothing worth exploiting?
Can you do any function "injection"? That might not make any sense haha.
hey, that's actually more common than what you might think! : ) in that scenario, it's a bit trickier but it can still definitely be done. that's when you'd want to look at something like using ROP for your exploit(s) :) hope that helps
oh hey what status bar or whatnot are you using here? almost looks like a tmux bar but not quite has the date and such shown? starship maybe?
So even if there is an exploitable buffer in someone code, if you don't have access to a function that is also useful, then it doesn't really matter? Assuming RX/DEP is present?
Hello! I am actually learning these stuffs and also about cybersecurity in general as a newbie, and I want to ask something. If you come across this comment, please feel free to answer :3
I have been getting SIGABRT error instead of SIGESEV error as mentioned in the video, been facing some problems for that. Can anyone explain why and how is this happening? and also, how to bring sigesev error as demonstrated?
I have had the same issue. I tried writing more characters into the buffer (for example, 5000 worked for me in the sense that it gave me SIGSEV error, but the contents of my EIP (RIP in my case) register are not repeating 'A's but (vmovdqa ymm1,YMMWORD PTR [rdi+0x1]) instead. I would like to know what the issue is as well.
Edit: I just thought of this, but could the issue be with the CPU architecture, since I have an AMD CPU? Could the difference between Intel and AMD CPUs be causing the difference in behavior?
This was an awesome video!
thank you so much! that’s so kind of you :) i’m glad you enjoyed it
Hmmm your voice sounds familiar but didnt recognize old channel
Great explanations! Just curious, does that background music use the Mother 3 soundfont?
thank you so much for commenting! :D ahhh as much as i love the mother/earthbound games and music, I didn't use it here : ( I used music from a game called "old school runescape" : )
@@crr0ww ah i thought the timpani and the high hat sounded familiar but ig not. :)
LOVE your way man. +1 sub
thank you so much! :D
Hi, amazing video about the basics! what is the poffset tool used at 13:51? 0x41414141 :)
hi thank you so much for the sweet comment! oh, and 0x41414141 🫡
@@crr0ww oh, so tools from metasploit. Thanks!
first video? this is great!
thank you so much!! that means so much to me :'D
you should make a video about heap exploitation, or maby a series??
what os is this?
and thanks for the great content!
thank you so much
Hello Guys! Does anyone know what distro is he using and also the customization on it? Would help me a lot! Thanks :) Great vid!
hey! just using kali that i riced up a bit : ) I might make a dedicated repository with my config files, but here's what I'm working with rn:
OS: kali
WM: bspwm
bar: polybar
compositor: picom
launcher: rofi
notifs: dunst
terminal : alacritty
colourscheme: catpuccin mocha
font: iosevka
hope that helps
Thanks @@crr0ww for your reply! still lovin' your content!
Nice work buddy, keep it up!
thank you so so much!! :D
Heeyyyy!! Mama Murphy approves this channel!! Much love buddy!!
AAAA THANK YOU SO MUCH!
What'd you use to make this video? It looks great
tysm : ) i used davinci resolve to make this (& all my other vids)
Nice desktop environment. Could you please share your desktop environment configuration details
sure : ), i might put the config files up eventually but for now, here's what I'm working with:
OS: kali
WM: bspwm
bar: polybar
compositor: picom
launcher: rofi
notifs: dunst
terminal : alacritty
colourscheme: catpuccin mocha
font: iosevka
hope that helps! :)
High quality
thank you
Great content. Subscribed!
thank you so much, yassine! :D
@@crr0ww thank you for producing such an informative and entertaining content. Keep up ♡
what is that WM/shell/terminal? looks cool
amazing video
appreciate you
pretty cool
what version of gdb are you using?
in this video, i was using gdb-peda: github.com/longld/peda
This sounds like Chicago or LA
Could've been made more easier if explained slowly while typing and doing instead of explaining first and doing it practically, later in which we miss some points which are not effectively described. But good stuff if you already know ASM and have a basic idea what buffer is..
What kind of shell are you using?
ZSH : ) the terminal is alacritty with a cattpuccin mocha colourscheme hope that helps
@@crr0ww Thank you very much
Hey, What linux distro you using?
what color scheme you are using ?
cattpuccin mocha! : )
mouse!!!
where??? kill it!!
Noice what i was thinking of making that kind of video but a bit dumb er way.
you should do it!! :) thank you so much for commenting
Cool video!
thank you so much! : )
@@crr0ww Of course! I'm always happy to hand out credit where it's due (and it's definitely due here). Your art style is cute and your videos are informative. Keep it up!
Have a nice day, cheers from Canada!
Οh thats some good content. I guess im your 47th sub hahah keep it up
i will always remember you, lil skeleton >:) thank you so much
@@crr0ww ❤️
Amazing 🔥
hehe tysm bro! :D
What font are you using?
hi, it's "iosevka" hope that helps : P
Wait it’s RuneScape!
What about rust binaries? Is it possible?
100% it's definitely possible to have buffer overflows occur in rust binaries; albeit it's a bit harder because rust is definitely one of the more "memory-safe" languages out there (from what i've seen/heard, i've yet to actually program in rust) thank you for commenting : ) !
Does rust stop this?
from what I know about rust (not a rust programmer unfortunately xD), it's a very "memory-safe" language that has a really good garbage collector, a borrow checker, and other mechanisms to prevent attacks like this. Although, you could 1000% still force this vulnerability to occur within rust code
which os are u using mate?
just a simple little kali vm :)
i have seen computerphile video