This was a great video, didn't even realize I had been watching for 30 minutes. You explain the topics in a way that is very interesting yet still very simple and I love it. Great work.
Thank you so much, I really appreciate the kind words! I was worried with a long 30 minute video it would draw some people away, but hopefully it's all still explained and not too fast and too slow. Thanks again!
John Hammond is very underrated! I recently discovered this channel and I've been binging CTF videos. But you gotta do more malware videos! Those are awesome!
Hi john 👋 please why you use boofuzz why not socket library i know is a dumb question but that all.. Any way …… i cannot use socket to exploit vulnserver and it is bad to use it ? Or socket is just basic ? And what is the Realy work of Boofuzz
Great video, John! Really good explanation. Is the buffer overflow part from OSCP exam similar to what you've showed us here? Do you need to do fuzzing as well?
Hey john, have you ever thought about doing a buffer overflow video bypassing dep and aslr with some ret2libc attack or a SEH overflow. Great video tho :)
I've shown a few ret2libc things on the Linux side of the house -- and I can certainly show a SEH overflow with some of the other Vulnserver functions. Thanks so much, and thanks for watching!
Hey how come you never shout out to me? I praise you, encourage, uplift, and how great you are, how far you've come, it's a big deal and your doing awesome. I've learned so much from you. I'm not mr. Popullar by any means. But a shout out here and there would be cool. I'd like to collaborate with you and a few others. I'm gonna talk to Paul asadorian from SecWeekly, an get you a segment on the show. You can use it in your portfolio. Make sure to take efficient notes, that a huge thing. ,I'm liking what your doimg on shellcoding. I got the book, it's pretty big, lol. But I'll get through it.
Hey brother -- ask and you shall receive! Next video, I'll be sure to give you a shout-out. :) (PS - if you do talk to Paul and can squeeze in that opportunity, I would be eternally grateful!! He does awesome stuff.)
@@_JohnHammond Hell yeah bro. Oh I was kidding about the shout out. I just realized by texting and messaging, you can't tell if someone's busting your chops or being sarcastic. That's something only human emotion can capture. Emojis just don't cut it. Lol.
what i didn't understand is that , to get remote access in the system , we used a debugger on that system, right? so we had prior access to it. ??? / Either way, thanks for the video !!
Well -- you are right, since I am debugging on the actual machine, yes, we have access -- though this is really for educational purposes and a setup you might find a certification exam... you would have a copy of the binary on a debugging server, and then after you have crafted your exploit against the debugging server, you can use it on the real "target" production server that you did not have otherwise access to. Thanks for watching!
I don't get it.... how do you see where it crashed from when it is remote? How do you run a debugger? If you could run the debugger wouldn't you already have access to the system?
You don't see where it crashed when it is remote -- you do have to run a debugger locally. Typically, in a challenge you would be given a binary to work with and test with, develop your exploit on a local debugging machine, separate from the target machine. In this case I just used the debugging machine and the target machine as the same box, for easy demonstration and infrastructure. Thanks for watching!
@@_JohnHammond I wasn't wrong after all. I knew it sounded like a laptop or Mac keyboard ha. I wish my mechanical keyboard sounded similar and not like a cheap piece of plastic, which it is lol
13:00 But the data is in ascii so a lot of "1" characters were sent but the number 1 in ascii corresponds to 0x31, but the eip shows 0x11? I think you made a mistake here. Edit: Oh. You realized it. Never mind.
No, yeah, that is the gimmick for this exploit. I may have fumbled a few words trying to explain that, since it is such an odd thing, but the issue IS that the literal 1's are being stored in EIP. Thanks for watching!
@@_JohnHammond Yeah. I wonder why they didn't just leave it like an A comes out as 0x41. That would have been a lot more realistic. Thanks for responding to my comment btw..
@@_JohnHammond i finished 95 Could not give my hundred percent because of time difference But i really want to learn osint as i could not solve a single challenge The ctf is still up if you want to try!!
I loved the video, and now you only filtered out the \x00 (null) but there could've been more bad chars than that, I think you skipped a step where you sent the entire ascii table (hexified) as a payload to check for any other bad characters.
11:10 "You must be a victim of software counterfeiting" -- someone is using a pirated copy of Windows, hah :) It's funny that M$FT can't just say, "Hey, bro, don't pirate our software!" and instead they have to go with politically correct, "Someone must have installed a pirated version of our software on your computer." Funny af.
This was a great video, didn't even realize I had been watching for 30 minutes. You explain the topics in a way that is very interesting yet still very simple and I love it. Great work.
Thank you so much, I really appreciate the kind words! I was worried with a long 30 minute video it would draw some people away, but hopefully it's all still explained and not too fast and too slow. Thanks again!
Doesnt surprise me that you know this..It surprises me how well you manage to explain it so we get it! Thanks a bunch!
Thanks so much for watching!
A) Awesome
B) Use less tools and more hand-crafted code
C) ❤
D) I liked and subscribed
love your videos. learning a lot. keep crushing it
John Hammond is very underrated! I recently discovered this channel and I've been binging CTF videos. But you gotta do more malware videos! Those are awesome!
Really enjoying the recent content John. Thank you for your time!
Thanks for the kind words, and thanks for watching! Guess I'll have to put out more Vulnserver super soon! :D
Thank you, this was very informative, and well presented.
Thank you so much!
awesome tutorial John.. Thank you !!
Awesome video John !!
Great work good sir. Thank you for the content!
Thank you! And thanks for watching!
Please make a video for OSCP preparation 2020 (self study guide before purchasing from them) . Thanks
This was amazing. Really loved your explanations!
Very happy to hear that, thank you so much for watching!
John Hammond Amazing Explanations
Excellent video and explanations of what you were doing. How would you modify this attack if data execution prevention was used by the target?
Was playing with this and spike. Your explanation of boofuzz is awesome.
Happy to hear that! Thanks so much!
Wonderful.
Wow, I learned a lot. Thanks you!
Thanks so much for watching!
thank you for video! it's just great!
Thanks so much, and thanks for watching!
Loved this video! Will you be making more videos for the other Vulnserver commands?
Please do a Q&A video.
Wow, this is awesome and crazy. :D I'd love to reverse shell into my brother pc in the other room and annoy him.. But I've no idea how to start. :D
Hey John great video . Where can i find the outro music
I life boofuzz, using that for my OSCP BO!!! Thanks John!
Happy to hear that, thank you so much! It might certainly come in handy for OSCE!! Thanks for watching!
underrated
Hi john 👋 please why you use boofuzz why not socket library i know is a dumb question but that all..
Any way …… i cannot use socket to exploit vulnserver and it is bad to use it ?
Or socket is just basic ? And what is the Realy work of Boofuzz
Great video, John! Really good explanation. Is the buffer overflow part from OSCP exam similar to what you've showed us here? Do you need to do fuzzing as well?
how did you get that cli pwn tool? been trying their installation docs but to no avail
Hey john, have you ever thought about doing a buffer overflow video bypassing dep and aslr with some ret2libc attack or a SEH overflow. Great video tho :)
I've shown a few ret2libc things on the Linux side of the house -- and I can certainly show a SEH overflow with some of the other Vulnserver functions. Thanks so much, and thanks for watching!
Right on, right on.😜
Instantly purchased 0verfl0w's beginner malware course. Ty! And that walkthrough was amazing, i learned a lot thank you John!
Hell yeah! Very happy to hear that, thank you so much! I am sure 0verfl0w is very pleased as well! Thanks for watching!
Hey how come you never shout out to me? I praise you, encourage, uplift, and how great you are, how far you've come, it's a big deal and your doing awesome. I've learned so much from you. I'm not mr. Popullar by any means. But a shout out here and there would be cool. I'd like to collaborate with you and a few others. I'm gonna talk to Paul asadorian from SecWeekly, an get you a segment on the show. You can use it in your portfolio. Make sure to take efficient notes, that a huge thing. ,I'm liking what your doimg on shellcoding. I got the book, it's pretty big, lol. But I'll get through it.
Hey brother -- ask and you shall receive! Next video, I'll be sure to give you a shout-out. :)
(PS - if you do talk to Paul and can squeeze in that opportunity, I would be eternally grateful!! He does awesome stuff.)
@@_JohnHammond Hell yeah bro. Oh I was kidding about the shout out. I just realized by texting and messaging, you can't tell if someone's busting your chops or being sarcastic. That's something only human emotion can capture. Emojis just don't cut it. Lol.
@@bugr33d0_hunter8 Pfft, I gotchu anyway ;)
Awesome
what i didn't understand is that , to get remote access in the system , we used a debugger on that system, right? so we had prior access to it. ??? / Either way, thanks for the video !!
Well -- you are right, since I am debugging on the actual machine, yes, we have access -- though this is really for educational purposes and a setup you might find a certification exam... you would have a copy of the binary on a debugging server, and then after you have crafted your exploit against the debugging server, you can use it on the real "target" production server that you did not have otherwise access to. Thanks for watching!
@@_JohnHammond Thanks for the reply,, appreciated !!! :)
I don't get it.... how do you see where it crashed from when it is remote? How do you run a debugger? If you could run the debugger wouldn't you already have access to the system?
You don't see where it crashed when it is remote -- you do have to run a debugger locally. Typically, in a challenge you would be given a binary to work with and test with, develop your exploit on a local debugging machine, separate from the target machine. In this case I just used the debugging machine and the target machine as the same box, for easy demonstration and infrastructure. Thanks for watching!
What keyboard do you use, John? I like the sound of it.
I'm just on my DELL XPS 15 laptop ahaha. Thanks for watching!
@@_JohnHammond I wasn't wrong after all. I knew it sounded like a laptop or Mac keyboard ha. I wish my mechanical keyboard sounded similar and not like a cheap piece of plastic, which it is lol
13:00 But the data is in ascii so a lot of "1" characters were sent but the number 1 in ascii corresponds to 0x31, but the eip shows 0x11? I think you made a mistake here.
Edit: Oh. You realized it. Never mind.
No, yeah, that is the gimmick for this exploit. I may have fumbled a few words trying to explain that, since it is such an odd thing, but the issue IS that the literal 1's are being stored in EIP. Thanks for watching!
@@_JohnHammond Yeah. I wonder why they didn't just leave it like an A comes out as 0x41. That would have been a lot more realistic. Thanks for responding to my comment btw..
which version off ubuntu are you using ?
Just try to get the overflow course where do I put the promocode
Are you participating in the sec army ctf 2020 ?
Admittedly I had not been, no -- how was the CTF? :D
@@_JohnHammond i finished 95
Could not give my hundred percent because of time difference
But i really want to learn osint as i could not solve a single challenge
The ctf is still up if you want to try!!
@@dxsp1d3r Ooooh, I will have to give it a try! Thanks for letting me know!
Very awsome
Thank you so much!
🔥🔥
Thanks for watching Matt!
I loved the video, and now you only filtered out the \x00 (null) but there could've been more bad chars than that, I think you skipped a step where you sent the entire ascii table (hexified) as a payload to check for any other bad characters.
Can you show it with Character Server? ;)
Is Overflow the same as Live Overflow?
Nope, sorry, 0verfl0w and Live Overflow are different people!
Thanks for watching!
Bro can you share discord link , it is expired link
11:10 "You must be a victim of software counterfeiting" -- someone is using a pirated copy of Windows, hah :)
It's funny that M$FT can't just say, "Hey, bro, don't pirate our software!" and instead they have to go with politically correct, "Someone must have installed a pirated version of our software on your computer." Funny af.
Who pays for windows lil
Grate! Looks easy:) What is about ROP ?
I'll have to try to do some ROPemporium, that is a great resource and would be good to showcase! Thanks for watching!
why don't you make your own courses like cryptography,assembly language, malware analysis, reverse engineering ?
A lot of people are asking for this lately -- I'll see what I can do! Thanks for watching!
Indicator how to galaxy cAlychin
thx for the 15% off ;) (u must think about the time difference US/EU when u r doing these cool giveaways please)
another great Video nur how to buffer overflow when you dont have access to the Server? Sorry im a noob in hacking
can you go a little slower? Don't get me wrong the info is great but if you could go a little slower, that would help alot!
Hey can I get it for free