Hello again, CryptoCat. so at 5:00 you're saying printf("%s", buf); would fix the vulnerability? I''ve tested a similar code on my machine and the binary's still vulnerable.
@@_CryptoCat Thanks for testing it on your end. I have changed the line of code from "printf(teste);" to "printf("%s", teste);", compiled the code with "gcc main_fixed.c -o main_fixed -m32", but the binary still prints an address if I enter %p :(
Sir , I have a question ,how does great black hackers just hack into company and how can I learn more advance binary exploitaion and is know about x64 assembly is enough for binary exploit
Some of my favourite binary exploitation resources: github.com/Crypto-Cat/CTF/tree/main/pwn/binary_exploitation_101#additional-resources-for-learning-pwn
Ermm not really tbh 😆 I have a lot of old books around pen-testing and malware analysis but unless you want some material for when you don't have access to a computer, i'd recommend just getting stuck into HackTheBox, TryHackMe etc - my favourite resources here: github.com/Crypto-Cat/CTF#readme "The web application hackers handbook" used to be the goto book for web pentesting (bug bounty) but since the makers of the book realised interactice, practical learning is better, they replaced it with Portswigger's Web Security Academy (again, highly recommended) 😁
hehehe, This one was a bit confusing xD but that's because I didn't understand the format string thingy when you used code arcane or the pwntools to explain but I'll get the hang of it My question now is, The fuzzer script is there a template for it somewhere or do we write our own script ? Just asking for future purpose
Honestly, manual format string exploits are something I feel like I have to re-learn all the time. It's definitely tricky to get your head around. Here's the fuzzing script from the video: github.com/Crypto-Cat/CTF/blob/main/pwn/binary_exploitation_101/07-format_string_vulns/fuzz.py - I have a few of these scattered around the repo so normally just go and grab one when solving a new chall 🙂
@@_CryptoCat hehe First thing I did was clone your repo I've been holding my teammates back alot in ctfs so decided to be good at binary exploitation and yh I love it too
An example of printf() format vuln being used to leak flag in CTF: th-cam.com/video/BekVaShD9HE/w-d-xo.html
Nice! I've been wanting to dive into format string vulnerabilities.
Awesome! Hope you stick around for the next couple of vids, we'll take full advantage of these vulns 😈
Hello again, CryptoCat. so at 5:00 you're saying printf("%s", buf); would fix the vulnerability? I''ve tested a similar code on my machine and the binary's still vulnerable.
Hey, that's right! Fixes it OK on my end. If I enter %p after patching the code, it just prints "%p" instead of an address.
@@_CryptoCat Thanks for testing it on your end. I have changed the line of code from "printf(teste);" to "printf("%s", teste);", compiled the code with "gcc main_fixed.c -o main_fixed -m32", but the binary still prints an address if I enter %p :(
@@AUBCodeII That's super weird lol. I made the same change and it fixed it 😕 Let me know if you work out the issue!
Hello, what is the difference with the 64bit version? I cannot print the string even if I know the offset, it always print null
Hmmm been a while since I did pwn but should be similar, obviously with 64 bit addresses instead of 32-bit.
What did u do to make the "checksec" command to display in that table format?
My checksec command only display in one line which is so hard to see.
Hmmm did you provide it in the same way, e.g. "checksec --file [filename]"? Does it seem to be up to date?
been waiting for this one 😍
Thanks mate! Will be putting these format string vulns to good use in the next few videos 😉
Sir , I have a question ,how does great black hackers just hack into company
and how can I learn more advance binary exploitaion
and is know about x64 assembly is enough for binary exploit
Some of my favourite binary exploitation resources: github.com/Crypto-Cat/CTF/tree/main/pwn/binary_exploitation_101#additional-resources-for-learning-pwn
Great Video 👊👏
Thank you 🙌
Hey, do you recommend any book's to learn pentesting?
Ermm not really tbh 😆 I have a lot of old books around pen-testing and malware analysis but unless you want some material for when you don't have access to a computer, i'd recommend just getting stuck into HackTheBox, TryHackMe etc - my favourite resources here: github.com/Crypto-Cat/CTF#readme
"The web application hackers handbook" used to be the goto book for web pentesting (bug bounty) but since the makers of the book realised interactice, practical learning is better, they replaced it with Portswigger's Web Security Academy (again, highly recommended) 😁
@@_CryptoCat Yes, i have been doing some labs apreciated the help tho, keep the good content :)
@@L9Zodiac thanks mate 🥰
Thank you som much, it was very helpful.
Can you please upload the last three videos?
Thanks mate 🥰 Going to release the last few videos next week, after some pico CTF videos 😇
Another awesome video 👊👏
cheers mate! 👊
Another awesome video mate! Keep it up
Cheers bro! 💜
hehehe, This one was a bit confusing xD but that's because I didn't understand the format string thingy when you used code arcane or the pwntools to explain but I'll get the hang of it
My question now is, The fuzzer script is there a template for it somewhere or do we write our own script ?
Just asking for future purpose
Honestly, manual format string exploits are something I feel like I have to re-learn all the time. It's definitely tricky to get your head around.
Here's the fuzzing script from the video: github.com/Crypto-Cat/CTF/blob/main/pwn/binary_exploitation_101/07-format_string_vulns/fuzz.py - I have a few of these scattered around the repo so normally just go and grab one when solving a new chall 🙂
@@_CryptoCat hehe First thing I did was clone your repo
I've been holding my teammates back alot in ctfs so decided to be good at binary exploitation and yh I love it too