Awesome!! Sounds like we've got a new member to the CTF addict club 😁 Glad you enjoyed this one, stick with it mate, this is the best (and most fun) way to learn 😉
Thanks a ton, I am planning to take a eCPPT exam where BO will brobably be in place and your video just explains all the proccess in very clean way. Will for sure subscribe to you man)
thanks mate 🥰 unfortunately I didn't get much time to check the other categories as time was short. it's a shame because all the challs i did check were good, i would of liked more time for web 😆
AFAIK shellcraft is part of pwntools so you should be able to setup with "pip install pwntools". Check this if stuck: github.com/Gallopsled/pwntools#installation 😉
Thanks! I'm using TerminatorX in ParrotOS with a custom colour scheme. You can check it here: imgur.com/a/gCnvq8A - beware that some tools really benefit from a standard colour profile though, e.g. linpeas, so it's good to create a separate profile that you can easily swap between 🙂
Very nice video! thanks! Can you please explain why you did the shellcraft.popad()? It's not very clear from the video. Also, what do you do when the binary is i386? this command only exists for shellcraft.amd.
Good question! I rememered the popad() technique from a very similar challenge (HTB: bat computer) but honestly i'm not 100% sure why it's required 🤔 I know it's something to do with the shellcraft payload, because other shellcodes work without popad() for the same challenge. However, i'm not sure whether it's clearing the registers which solves the issue or moving the ESP forward, since popad will do both: (6) - www.abatchy.com/2017/05/jumping-to-shellcode.html - I can't find a solid explanation anywhere though and don't have time to debug right now, if you (or any other viewers) find a concrete answer, please do leave it here! 😁 As for i386, shellcraft has payloads for this as well, e.g. docs.pwntools.com/en/stable/shellcraft/i386.html - if you set the binary context in pwntools, it will select the relevant architecture automagically 😉
Thanks (💜) and good question! If a register points to your shellcode, you might be able to find a JMP/CALL gadget for that e.g. ir0nstone.gitbook.io/notes/types/stack/reliable-shellcode/ret2reg/using-ret2reg
Thanks mate 😊 Since the CTF was only 24 hours I focused 90% of my time on Pwn. I briefly checked a few other challs (web mostly) but left them to my team to solve xD
I tried shellcode injection on a binary I tried using shellcraft but i kept on getting EOF I then eventually had to use the shellcode from where i got the sample binary Any reason why shellcraft didn't work or does it work always?
Hmmm could be some different reasons, can't know exactly why without debugging but it could be to do with the size. I remember I had issues with shellcraft on a HTB challenge and had to use a shorter one from online: th-cam.com/video/NZfqLFuffYY/w-d-xo.html
Ghidra auto script available here: gist.github.com/liba2k/d522b4f20632c4581af728b286028f8f and pwntools template here: github.com/Crypto-Cat/CTF/blob/main/pwn/official_template.py 😉
Sure! Ghidra auto script available here: gist.github.com/liba2k/d522b4f20632c4581af728b286028f8f - I changed the auto-analysis time in mine to 1 second for an extra speed boost 😊
hey bro,is there any BBS(or telegram group...something like that)? I have lots of question to ask and I'm wonder if you could create a fan base or something so that guys can discuss problems(forgive my broken English...)
damn😔 i missed the flag when i confused the leak address to be the base address of the binary and now i was subtracting some values to get to my nopsled😪
![Bypassing Basic PHP WAF to Read Files - "para-code" Web Challenge [DefCamp CTF 2022]](http://i.ytimg.com/vi/vt71JJLmaVY/mqdefault.jpg)
![Bypassing Basic PHP WAF to Read Files - "para-code" Web Challenge [DefCamp CTF 2022]](/img/tr.png)
![Bypassing Stack Canaries and NX/DEP (Ret2Lib-C) - Bird - [Intigriti 1337UP LIVE CTF 2022]](http://i.ytimg.com/vi/XaWlKYgmEDs/mqdefault.jpg)
![[Bad] - YouTube ВСЁ? (победа VK и прощание с подписчиками)](/img/n.gif)
Really cool video! I also played the Intigriti 1337UP, it was my first ever ctf event. Already looking forward to the next one ahah
Awesome!! Sounds like we've got a new member to the CTF addict club 😁 Glad you enjoyed this one, stick with it mate, this is the best (and most fun) way to learn 😉
Nice explanation! Keep up the great work 😎👍
ayyyy cheers, you too mate 🥰
Thanks a ton, I am planning to take a eCPPT exam where BO will brobably be in place and your video just explains all the proccess in very clean way.
Will for sure subscribe to you man)
tyty 💜
Great, explained very clearly 👏👏👏
🥰🥰🥰
Love the way you explain bro❤. I also took part in CTF but wasn't able to solve much. It was really difficult for me.
Thanks mate 💜 There was some tough challenges for sure (and a lot of them considering the time). Hope you enjoyed and learnt some new stuff anyway 🥰
Great video!, will you submit the solution of the web challenges?
thanks mate 🥰 unfortunately I didn't get much time to check the other categories as time was short. it's a shame because all the challs i did check were good, i would of liked more time for web 😆
Please make a video with about installing pwn tools and shellcraft
AFAIK shellcraft is part of pwntools so you should be able to setup with "pip install pwntools". Check this if stuck: github.com/Gallopsled/pwntools#installation 😉
@@_CryptoCat Thx this worked pip install pwntools
how can you chain the payload, does the padding have a fixed pattern like in the video?
Can you elaborate the question a little? It's been a while since I made this video 😅
What is that terminal theme/desktop environment you are using here? It looks really cool
Thanks! I'm using TerminatorX in ParrotOS with a custom colour scheme. You can check it here: imgur.com/a/gCnvq8A - beware that some tools really benefit from a standard colour profile though, e.g. linpeas, so it's good to create a separate profile that you can easily swap between 🙂
Very nice video! thanks!
Can you please explain why you did the shellcraft.popad()? It's not very clear from the video. Also, what do you do when the binary is i386? this command only exists for shellcraft.amd.
Good question! I rememered the popad() technique from a very similar challenge (HTB: bat computer) but honestly i'm not 100% sure why it's required 🤔 I know it's something to do with the shellcraft payload, because other shellcodes work without popad() for the same challenge. However, i'm not sure whether it's clearing the registers which solves the issue or moving the ESP forward, since popad will do both: (6) - www.abatchy.com/2017/05/jumping-to-shellcode.html - I can't find a solid explanation anywhere though and don't have time to debug right now, if you (or any other viewers) find a concrete answer, please do leave it here! 😁 As for i386, shellcraft has payloads for this as well, e.g. docs.pwntools.com/en/stable/shellcraft/i386.html - if you set the binary context in pwntools, it will select the relevant architecture automagically 😉
nandri 🥰🥰🥰
good video ❤
but what if the binary don't us about the stack buffer address what can we do in that situation and with no "jmp rsp" gadget
Thanks (💜) and good question! If a register points to your shellcode, you might be able to find a JMP/CALL gadget for that e.g. ir0nstone.gitbook.io/notes/types/stack/reliable-shellcode/ret2reg/using-ret2reg
Nice explanation bro. Did you tried other categories challenges like OSINT, Cloud or Mobile?
Thanks mate 😊 Since the CTF was only 24 hours I focused 90% of my time on Pwn. I briefly checked a few other challs (web mostly) but left them to my team to solve xD
I tried shellcode injection on a binary
I tried using shellcraft but i kept on getting EOF
I then eventually had to use the shellcode from where i got the sample binary
Any reason why shellcraft didn't work or does it work always?
Hmmm could be some different reasons, can't know exactly why without debugging but it could be to do with the size. I remember I had issues with shellcraft on a HTB challenge and had to use a shorter one from online: th-cam.com/video/NZfqLFuffYY/w-d-xo.html
@@_CryptoCat Thanks it worked
how to install ghidra_auto? and how can i get the pwntools script? I am new to pwn. Btw thank you for amazing videos.
Ghidra auto script available here: gist.github.com/liba2k/d522b4f20632c4581af728b286028f8f and pwntools template here: github.com/Crypto-Cat/CTF/blob/main/pwn/official_template.py 😉
How can I install ghidra_auto? can you share this script/Resource
Sure! Ghidra auto script available here: gist.github.com/liba2k/d522b4f20632c4581af728b286028f8f - I changed the auto-analysis time in mine to 1 second for an extra speed boost 😊
@@_CryptoCat thanks🖤
hey bro,is there any BBS(or telegram group...something like that)? I have lots of question to ask and I'm wonder if you could create a fan base or something so that guys can discuss problems(forgive my broken English...)
Sure, here's my discord: discord.gg/qHbAN3wfRK
@@_CryptoCat alright, thanks man. Love watching ur videos, awesome work!😀
damn😔 i missed the flag when i confused the leak address to be the base address of the binary and now i was subtracting some values to get to my nopsled😪
Unfortunate! Sounds like you were on the right track though 🥰