I can’t believe this is not a known video. I have been researching GOT overwriting, but all the videos are vague or don’t explain enough. This is EXACTLY what I was looking for to complete a CTF.
trying to understand how to make the payload was the roughest part for me tbh. but after a couple of hours, I managed to understand it entirely. alhamdulillah Thanks, brother
I love your content and it is by far the best explanations and practical analysis out there compared to any other videos I have seen (including liveoverflow) your videos have taught me important concepts and helped me apply them to challenges I come across during CTFs. Hope you keep it up!
Thank you so much! I looked at so many documents about GOT overwrite, yours was the one that helped me solve it. I'm doing MBE, and when I saw your video I learned how to correctly use %hn and what to overwrite.
please do more videos on binary exploitation and reverse engineering challenges so that beginners like me can learn. btw thanks for making these videos ;)
@@RazviOverflow I was able to solve a CTF challenge on picoCTF 2022 all by myself using pwntools and GDB-PEDA thanks to you, I really really appreciate your effort!
@@marcovalentinoalvarado3290 Me alegro de que mis vídeos te sean de ayuda :), which translates into "I'm glad my videos are useful for you" from Spanish.
There are plenty of other concepts and techniques to learn in PWN, we are far from done. When the pwn101 room series ends, we will continue using other binaries :)
what do you do if you need to write a larger value, what would you do if you needed to split the write three times? im doing a ctf and it requires me to overwrite a variable with a very large value because whenever i try to pad it with to be eight byte aligned two it just EOFs right off the bat.
You can split the write using %hn, which will write just 2 bytes. Or even %hhn, which will write just one. Regarding the values, just consider the bytes you have to write. Imagine you have printed so far 0xDEAD bytes, and you are using %hhn so write into any address. It will write just the 'AD'. If you need to write a lower value, just "overvflow" the sum, like 0xDF01 will wite only the '01'.
yeah, thanks i didnt know that, i'm overwriting the got with a libc address because puts is called right after format string vuln with /bin/sh as argument meaning if i get the system address in got where puts is i will get a shell, simple right, the address is a 48 bit value rather than a 32 bit, what should i do if its a 48 bit value, because im running into troubles getting that into got address. is there a way to debug these exploits? @@RazviOverflow
So when I ran this same payload, it turned out that somehow, someway, a period would sneak its way with my payload, throwing everything off by one. I had to reduce to 63X and remove an 'A' character. Anyway you'd know why that period was popping up?
Hard to diagnose just by reading a comment on youtube, sorry. If your behavior is different than the one shown in the video, something is wrong with either your payload or the debugger.
@@RazviOverflow I completely understand and appreciate the comment. But I don’t think it’s my debugger because the new payload actually works when I run the exploit on my local machine.
I can’t believe this is not a known video. I have been researching GOT overwriting, but all the videos are vague or don’t explain enough. This is EXACTLY what I was looking for to complete a CTF.
It's nice to know the video helped you :)
trying to understand how to make the payload was the roughest part for me tbh. but after a couple of hours, I managed to understand it entirely. alhamdulillah
Thanks, brother
You're welcome :)
I love your content and it is by far the best explanations and practical analysis out there compared to any other videos I have seen (including liveoverflow) your videos have taught me important concepts and helped me apply them to challenges I come across during CTFs. Hope you keep it up!
Thank you! Gald you like them. That's the main purpose. I will sure keep uploading!
Understood thanks for teaching PWNING I was lucky while searching contents to learn binary exploitation and you were the first I found
Glad my videos help you learning :)
Thank you so much! I looked at so many documents about GOT overwrite, yours was the one that helped me solve it. I'm doing MBE, and when I saw your video I learned how to correctly use %hn and what to overwrite.
Glad it helped! What does MBE stand for?
@@RazviOverflow Modern binary exploitation, it's a wargame by RPIsec
Hello from france
Super nice video as always, very well explained Keep going we wants more.
Thank you. Glad you like it! Soon I will upload more :)
Great video man, I really learned a lot.
We pwners need MORE!!!
please do more videos on binary exploitation and reverse engineering challenges so that beginners like me can learn. btw thanks for making these videos ;)
You are welcome :) I will upload more videos pretty soon. At the moment I'm taking a break, but will come back to activity soon
@@RazviOverflow I was able to solve a CTF challenge on picoCTF 2022 all by myself using pwntools and GDB-PEDA thanks to you, I really really appreciate your effort!
@@marcovalentinoalvarado3290 Me alegro de que mis vídeos te sean de ayuda :), which translates into "I'm glad my videos are useful for you" from Spanish.
Very good explanation, thanks a lot!
You are welcome :)
Kudos mate. Nice one. Kinda sad the series will end soon. What's next ? :)
There are plenty of other concepts and techniques to learn in PWN, we are far from done. When the pwn101 room series ends, we will continue using other binaries :)
@@RazviOverflow Noice ... Looking forward to it
what do you do if you need to write a larger value, what would you do if you needed to split the write three times? im doing a ctf and it requires me to overwrite a variable with a very large value because whenever i try to pad it with to be eight byte aligned two it just EOFs right off the bat.
You can split the write using %hn, which will write just 2 bytes. Or even %hhn, which will write just one.
Regarding the values, just consider the bytes you have to write. Imagine you have printed so far 0xDEAD bytes, and you are using %hhn so write into any address. It will write just the 'AD'. If you need to write a lower value, just "overvflow" the sum, like 0xDF01 will wite only the '01'.
yeah, thanks i didnt know that, i'm overwriting the got with a libc address because puts is called right after format string vuln with /bin/sh as argument meaning if i get the system address in got where puts is i will get a shell, simple right, the address is a 48 bit value rather than a 32 bit, what should i do if its a 48 bit value, because im running into troubles getting that into got address. is there a way to debug these exploits? @@RazviOverflow
So when I ran this same payload, it turned out that somehow, someway, a period would sneak its way with my payload, throwing everything off by one. I had to reduce to 63X and remove an 'A' character. Anyway you'd know why that period was popping up?
Hard to diagnose just by reading a comment on youtube, sorry. If your behavior is different than the one shown in the video, something is wrong with either your payload or the debugger.
@@RazviOverflow I completely understand and appreciate the comment. But I don’t think it’s my debugger because the new payload actually works when I run the exploit on my local machine.
Try to add a return address in your payload (main's ret) and then execute it. It worked for me. I think it's about stack alignment
@@aminemanai5773 That's related with Ubuntu's stack alignment issues ropemporium.com/guide.html Read the Common Pitfalls section.