29:26 pwntools generated ROP does't have a `ret` instruction for "stack alignment issue". Could you please elaborate more about the stack alignment issue? How and why it was case in your chain but pwntools generated on (same) works perfectly
great question!! you are correct @ 29:26 we don't have the ret gadget in the first payload, the reason is that the it's already 16 byte aligned e.g. we have 4 x 8 byte addresses in our payload. the second payload (system("/bin/sh")) is 3 x 8 bytes (not a multiple of 16) so we need to align it, more info on that here: stackoverflow.com/questions/4175281/what-does-it-mean-to-align-the-stack you can compare the two scripts here: github.com/Crypto-Cat/CTF/tree/main/ctf_events/htb_synack_redteamfive_21/pwn/library - both the original and pwntools generated ROP versions needed the adjustment to alignment in the second payload in order to succeed on the server. hope that helps! let me know if any more questions 🥰
Would love to get an in depth explanation of how you reverse engineered the mission function on the air supply chal! I imagine that it had a low rate of solves because of it hahahah
haha tbh i barely reversed it at all! i just recognised the format from some previous challenges as being "what do you want to write and where do you want to write it" 😆
Another great video! Looks like we ran into the same problem with Recruitment. I wasn't able to get it working with pwntools but didn't try sending in the payload using nc.
ahhh i think that must of gotten a lot of people because i was surprised to see a ret2win challenge with less solves than the shellcode injection + ret2libc challs 😆 i wonder what the reason for it was 🤔
I'm new and have some problems and questions while developing some exploits for tasks in HTB or PicoCTF etc, Is there a forum or a place where people discus about these topics and can help?
there's probably a lot of great places but discord.gg/hackthebox helped me a lot when i was learning, there's a channel for binexp/reversing and also for challenges so you can get help there. there is also a pico CTF discord which has a #binexp channel: picoctf.org/discord honestly there's so many discords i don't know how to keep track of them 😅 subreddits like ExploitDev, ReverseEngineering etc also worth checking 😊
heyyy 🥰 i don't think HTB/Synack will release these challenge files publicly, but most of the challenges are very, very similar to active/retired challenges already on HackTheBox which you can work away at 😉
![Format String Vulnerability - "Floor Mat Store" [INTIGRITI 1337UP LIVE CTF 2023]](/img/n.gif)
Your videos are addictive. Keep it up!
thanks mate! 🥰
Thanks for the incredible content!
thanks mate 🥰
Thanks for video!!
🥰🥰🥰
29:26 pwntools generated ROP does't have a `ret` instruction for "stack alignment issue".
Could you please elaborate more about the stack alignment issue?
How and why it was case in your chain but pwntools generated on (same) works perfectly
great question!! you are correct @ 29:26 we don't have the ret gadget in the first payload, the reason is that the it's already 16 byte aligned e.g. we have 4 x 8 byte addresses in our payload.
the second payload (system("/bin/sh")) is 3 x 8 bytes (not a multiple of 16) so we need to align it, more info on that here: stackoverflow.com/questions/4175281/what-does-it-mean-to-align-the-stack
you can compare the two scripts here: github.com/Crypto-Cat/CTF/tree/main/ctf_events/htb_synack_redteamfive_21/pwn/library - both the original and pwntools generated ROP versions needed the adjustment to alignment in the second payload in order to succeed on the server.
hope that helps! let me know if any more questions 🥰
Would love to get an in depth explanation of how you reverse engineered the mission function on the air supply chal! I imagine that it had a low rate of solves because of it hahahah
haha tbh i barely reversed it at all! i just recognised the format from some previous challenges as being "what do you want to write and where do you want to write it" 😆
Another great video! Looks like we ran into the same problem with Recruitment. I wasn't able to get it working with pwntools but didn't try sending in the payload using nc.
ahhh i think that must of gotten a lot of people because i was surprised to see a ret2win challenge with less solves than the shellcode injection + ret2libc challs 😆 i wonder what the reason for it was 🤔
Pie executable means you hafto eat pies while it executes
lmao 👌🤣
I'm new and have some problems and questions while developing some exploits for tasks in HTB or PicoCTF etc,
Is there a forum or a place where people discus about these topics and can help?
there's probably a lot of great places but discord.gg/hackthebox helped me a lot when i was learning, there's a channel for binexp/reversing and also for challenges so you can get help there.
there is also a pico CTF discord which has a #binexp channel: picoctf.org/discord
honestly there's so many discords i don't know how to keep track of them 😅 subreddits like ExploitDev, ReverseEngineering etc also worth checking 😊
Hey Cryptocat, how can we download this challenges?
heyyy 🥰 i don't think HTB/Synack will release these challenge files publicly, but most of the challenges are very, very similar to active/retired challenges already on HackTheBox which you can work away at 😉
@@_CryptoCat oh ok thanks, btw I love ur channel contents
@@franciscolucarini8761 thank you! really appreciated 🥰🥰🥰
Can you suggest some resources to get started in binary exploitation
yes mate! check out some of these resources: github.com/Crypto-Cat/CTF#readme - i personally recommend HackTheBox Pwn challenges and ROP Emporium 😉