That was a pretty cool one. Never though of printf as being an exploit to walk through the stack like that, being able to see and -even better- write to env variables…. seems like it could be useful in a future challenge.
I laughed hard when I saw that "vuln" vomited garbage data and other variables. I know it could be dangerous in production environment, but that was fun! :'D
Hey John I found a CVE in an email provider, tried to inform them about it so that I could help them fix it for some cash but they didn't care and they still haven't fixed it months later 😬 what would you do in this scenario 🤔
i look forward to these videos every day and I'm not even signed-up for the CTF. hearing how you think through these challenges is priceless.
Cool challenge and a great video. Keep them coming sir.
Cool, didnt know a simple printf can be weaponize
That was a pretty cool one. Never though of printf as being an exploit to walk through the stack like that, being able to see and -even better- write to env variables…. seems like it could be useful in a future challenge.
My favorite Vulnerability
That was cool! This world needs more hackers like you John:)
Could the missing "pico" and "john" be an alignment thing? Both are 4 bytes long... 🤔
I think so
thank you as always for you incredible video.
I laughed hard when I saw that "vuln" vomited garbage data and other variables. I know it could be dangerous in production environment, but that was fun! :'D
So how do you capture the whole flag, including 'pico'?
Format strings vulns is my favourite, pity its pretty rare at IRL - stil I did found one exploitable in the wild once ))
thank you for making this ♥️♥️
Hey John I found a CVE in an email provider, tried to inform them about it so that I could help them fix it for some cash but they didn't care and they still haven't fixed it months later 😬 what would you do in this scenario 🤔
Public it.
Okay if they dont care. then its not your fault.
Let’s roll !!
Just imagine if the memory was filled with a sensitive information!! All of them will be leaked!!?
Shark window opening how to repair
hello ..would it be possible to put subtitles in portuguese ?? because we follow here in Brazil!!🇧🇷
Early gang
I'm wondering if %23$s.%24$s works well🙄
no, %23$s was empty or maybe a newline
just use single or double quotes
Hello!
cool
Cool
👍!
Red desinr
second
First
there’s a literal man page function in the terminal cmon man