Really great walk-through and content. This really helped me as I was looking for how to use gdb and debug with my pwntools scripts! You can also specify the endianness as a parameter for the p64 packing function which can help a lot if ur data isnt hardcoded and cant compute it manually.
In christmas holiday going on, I took a break from Bug Bounty as I felt burn out and so wanted to focus on pwn challenges of CTFs'. Man, this video and the playlist is so much fun. Thanks for making my holiday awsome bro. Cheers
I didn't know about recvlines! Thank you. In the rest of the video is use recvuntil and sendlineafter but I just want to keep it very basic there, so people wouldn't get confused 😀
would u continue this series ? i wonder cuz ur video kinda nice for someone new to this stuff like me. Anyway, i love this series, hope you can continue it !
I think you might be confusing terms. Least significant bit describes numbering on bit level. I think you meant little endian in this case. Also, the shebang is not processed by bash but the exec* family system calls process it. Forgot the most important part, great video! :)
Hi! Thanks for your comments. I indeed switched those terms up there. I must've meant least significant byte (LSB) there, since afaik, that is the same as little-endian. I'm by far no expert in anything I'm saying here. I've been doing binary exploitation in CTFs for a couple of years now, but wanted to use this series to get everything I've learned down for others to use. So thank you for allowing me to get this concept straight in my head again. As for the shebang line, same thing. My bad :) It's these small things that you've seen thousands of times over the years and then mistakenly use in a wrong way. Thanks for correcting me there! Appreciate it!
Pwntools won't work with GUI applications, and that's a bit by design I guess. A very big focus in binary exploitation is to target applications running on remote hosts (As seen in CTFs) and you can't have a remote application spawn a GUI on your end. I hope that makes sense :)
@@PinkDraconian It does, thanks. So this brings me another question: What advantages does Pwntools have over, for example, intel pin software where you can fuzz any kind of application?
@@nobackupkiwi Pwntools has a bunch of advantages catered towards binary exploitation. This video was just the basics, but we will be going into way more depth in the future. Automating ROP chain creation / Format string vulns, ... much more is present there. Pwntools isn't a fuzzer, so with pwntools you can also easily switch between a program you're debugging locally, versus one running on a remote that you're actually trying to exploit.
As far as I'm aware, this should be possible, but I've never experimented with gdbserver, so I don't think I'm qualified to try and help here :) Good luck!
Really great walk-through and content. This really helped me as I was looking for how to use gdb and debug with my pwntools scripts!
You can also specify the endianness as a parameter for the p64 packing function which can help a lot if ur data isnt hardcoded and cant compute it manually.
Thank you!
Thank u so much for the material
My pleasure!
thank you very much
Thank you for watching!
This is beautiful content man. I feel motivated to deep dive into pwning.
Thank you! Happy to fuel that pwning fire within you! 🔥
Legend
So are you for watching!
In christmas holiday going on, I took a break from Bug Bounty as I felt burn out and so wanted to focus on pwn challenges of CTFs'. Man, this video and the playlist is so much fun. Thanks for making my holiday awsome bro. Cheers
Glad I could help! Happy holidays!
Superb quality as usual! 💜 5:50 could also do "print(io.recvlines(6))" to save some space
I didn't know about recvlines! Thank you. In the rest of the video is use recvuntil and sendlineafter but I just want to keep it very basic there, so people wouldn't get confused 😀
Thanks, I've been looking forward to the next episode ! 👏👏
More to come! Very happy I finally got my foot down and made this one!
I actually love classic Python slicing so the code can be very straightforward =)
Me too! Once you understand it, it results in such clean ways of getting what you need!
@@PinkDraconian exactly!
this helps me a lot to get the basics fast RESPECT
Thank you! Let's become a hero in pwn!
Awesome video! Thank you.
Glad you liked it!
cool stuff
Thank you!
would u continue this series ? i wonder cuz ur video kinda nice for someone new to this stuff like me. Anyway, i love this series, hope you can continue it !
Hiya, sadly, I do not have the energy or resources to continue this series. Best of luck on your journey!
For a manual way you could use mkfifo. And in another terminal do this `echo -e "\xde\xad\xbe\xef" > mypipe`
Thank you!
I think you might be confusing terms. Least significant bit describes numbering on bit level. I think you meant little endian in this case.
Also, the shebang is not processed by bash but the exec* family system calls process it.
Forgot the most important part, great video! :)
Hi! Thanks for your comments.
I indeed switched those terms up there. I must've meant least significant byte (LSB) there, since afaik, that is the same as little-endian. I'm by far no expert in anything I'm saying here. I've been doing binary exploitation in CTFs for a couple of years now, but wanted to use this series to get everything I've learned down for others to use. So thank you for allowing me to get this concept straight in my head again.
As for the shebang line, same thing. My bad :) It's these small things that you've seen thousands of times over the years and then mistakenly use in a wrong way. Thanks for correcting me there! Appreciate it!
Will you continue the series ? Amazing work ! Love your content
I wish I had the time
Amazing video, but could you please put the binary challenge file in your github
I should do that!
can you please attach the challenge.c file in the github rep or anywhere else?
You can find all of that here: guyinatuxedo.github.io/01-intro_assembly/reversing_assembly/index.html
@@PinkDraconian The ./challenge binary is not present either in your or tuxedo's github!!!! Why is it that you cannot make the binary available?
@@sloughpacman At this point, I genuinely don't know where that file is anymore 😅
Looooking forward to it, thank you soo much
You're so welcome!
Perhaps I'm going blind, but where's the challenge binary to download?
Sorry for the late reply. You can find them here: github.com/PinkDraconian/PwnZeroToHero-0x05-labs
Link is also in the description.
@@PinkDraconian Sorry to say that ./challenge binary is nowhere to be seen!
Does it work for GUI applications?
Pwntools won't work with GUI applications, and that's a bit by design I guess. A very big focus in binary exploitation is to target applications running on remote hosts (As seen in CTFs) and you can't have a remote application spawn a GUI on your end. I hope that makes sense :)
@@PinkDraconian It does, thanks. So this brings me another question: What advantages does Pwntools have over, for example, intel pin software where you can fuzz any kind of application?
@@nobackupkiwi Pwntools has a bunch of advantages catered towards binary exploitation. This video was just the basics, but we will be going into way more depth in the future. Automating ROP chain creation / Format string vulns, ... much more is present there. Pwntools isn't a fuzzer, so with pwntools you can also easily switch between a program you're debugging locally, versus one running on a remote that you're actually trying to exploit.
If i not wrong then you are intigriti member ??
That is true! I work for Intigriti indeed :)
Can i use pwntools to connect gdbserver? I tried 'pwn.gdb.attach((ip,port))' but it was not work
As far as I'm aware, this should be possible, but I've never experimented with gdbserver, so I don't think I'm qualified to try and help here :) Good luck!
@@PinkDraconian thank you :)))