Another awesome walkthrough!! This video series is one of the most professional I have ever seen...truly impressive! Thank you again for investing your time for our benefit.
I have a problem, I just downloaded the binary from THM. But there is no __libc_csu? the value is just 0 when printing it out Anybody got this problem?
thank you so much once again, I've been doing 1-2 of the PWN101 tasks per day. By the way what would you rate the difficulty of pwn108, pwn109, and pwn110?
You are welcome :) Difficulty is something very hard to estimate. It is relative and subject to each one of us. However, I can tell you they're harder than a simple BOF. Specially pwn107, that requires you to know and understand what GOT and PLT are, and how do they work. (I have a video on that topic as well).
really good video, i don't know if you will answer but some weird things happened to me, the first thing is that when debugging the binary locally I couldn't find the libc library using radare2 in its place was another gnu lib, but i still tried the exploit remotely and I seem to find the libc but what I don't really understand is why the position of the libc was in the 14 place so my payload was like this: "%14$lX.%13$lX", the 13 is the canary but it doesn't make sense, because i've learn from you that the canary is before the rbp and the 14 place should be the rbp not the libc. (sorry for the long comment )
The canary is always "before" the rbp, yes. "Before" in this context means at a lower memory address. If rbp is at, for example, 0x400, the canary is at 0x400-8
@@RazviOverflow sorry for bothering the conversation, but why when i debug it locally, using radare2 or gdb, but there is no __libc_csu? the value is just 0, why happening?
@@RazviOverflow when i tried i locally there's no a __csu, the value of %10 is 0, but when i tried it remotely, it have a value on the %10 address, im use the binary that tryhackme given, so thats why im not understand what happening
Another awesome walkthrough!! This video series is one of the most professional I have ever seen...truly impressive! Thank you again for investing your time for our benefit.
Thank you! I appreciate your words.
Completely agreed. I have met few people who are capable of tackling such a complicated subject! Really high quality content right here!
@@marcovalentinoalvarado3290 Thank you!
Thanks!
I'm happy you liked the video :) And thank you very much for the super!
I have a problem, I just downloaded the binary from THM. But there is no __libc_csu? the value is just 0 when printing it out
Anybody got this problem?
ye got the same problem, but there was .text main address which could be used as a dynamic base address. idk why it didn't show __libc_csu_init.
As always, great job mate :).
Thank you for your support :)
Man these are great! Please make more.
Thank you :)
wow you deserve a lot more subscribers and views
Thank you
Awstruck i am bro, u r truly legend.
Thanks :) Glad you like the video.
thank you so much once again, I've been doing 1-2 of the PWN101 tasks per day. By the way what would you rate the difficulty of pwn108, pwn109, and pwn110?
You are welcome :)
Difficulty is something very hard to estimate. It is relative and subject to each one of us. However, I can tell you they're harder than a simple BOF. Specially pwn107, that requires you to know and understand what GOT and PLT are, and how do they work. (I have a video on that topic as well).
when i run the binary, there is no __libc_csu? the value is just 0
I really thank you.. great job!
You are most welcome! More videos coming soon :)
@@RazviOverflow subscribed
@@MM-by6qq Thank you :) 💪
really good video, i don't know if you will answer but some weird things happened to me, the first thing is that when debugging the binary locally I couldn't find the libc library using radare2 in its place was another gnu lib, but i still tried the exploit remotely and I seem to find the libc but what I don't really understand is why the position of the libc was in the 14 place so my payload was like this: "%14$lX.%13$lX", the 13 is the canary but it doesn't make sense, because i've learn from you that the canary is before the rbp and the 14 place should be the rbp not the libc. (sorry for the long comment )
i have the same issue too, how can u exploit it locally?
The canary is always "before" the rbp, yes. "Before" in this context means at a lower memory address. If rbp is at, for example, 0x400, the canary is at 0x400-8
@@RazviOverflow sorry for bothering the conversation, but why when i debug it locally, using radare2 or gdb, but there is no __libc_csu? the value is just 0, why happening?
@@neverclick6520 if you are using the same binary as I did in the video, there should definitely be a __csu.
@@RazviOverflow when i tried i locally there's no a __csu, the value of %10 is 0, but when i tried it remotely, it have a value on the %10 address, im use the binary that tryhackme given, so thats why im not understand what happening
Great video
Thank you :)
At some point you found an address that persist over multiple execution. But i tried and cant find it. What am i missing😢
You should be able to replicate the video, that's weird.
when ever im in the shell and i type it kicks me out
same
take another heart
Glad to receive it (again)
take a heart
Glad to receive it :)
It's hard. But thanx.
I know it is, but it's worth the effort.