DUUUUUDE WTF THIS WAS SOOO AWESOME! EVEN THE PWK PDF COULDNT EXPLAIN IT AS CLEARLY AS YOU DID! REALLY GLAD YOU DID THIS FOR FREE. YOU DEFINITELY DESERVE EVERYTHING MAN!
DUDE YOU ARE AMAZING!!! been trying to learn buffer overflow for months.... with your videos i learned it in under 24 hours. WOW! please dont stop posting new shit..... i will share the hell outta ur vids!
The best, easiest, amazing course in Buffer Overflow Thanks a lot. I gained a lot form this course and I hope that you continue with same momentum and clarity
Easily one of the best if not the best content creators in general, and in the cyber security genre specifically. Thanks for all the value you provide, we really appreciate it ❤️
Dude you are awesome. I always skipped the buffer overflow part in any tutorial. But you made video so much simple that i watched the whole series in one go at mid-night. Simply Amazing.....
Watching this series has made the whole buffer overflow concept just click now. Definitely subscribed, and looking forward to more material in the future!
Prepping for OSCP. Binary exploitation has always intimidated me (and still). Followed this mini-course, then tried brainpan and got it in about an hour. You explained it very well (compliment from one teacher to another). I especially liked the fact you didn't over complicate the subject with too many (in-depth) technicalities. Save that for later. Great introduction into the subject. What worked well for me was to copy the python script to a new file at every step before making changes. This way you can clearly and instantly see what each step is responsible for. Made it easier for me to reproduce.
Wow, just wow. I know I'm late to the game in commenting on the "Buffer Overflows" series but let me tell you...your explanation of it all is simply amazing! I just started dabbling in the whole virtual box world as a noob and I really appreciate they way you break things down. Subbed and hoping to further this little hobby of mine.
wow man great video and very helpful. I cant believe you dont have more views/subs. It was easy for me to understand most of it as i have a basic understanding of assembly & how memory works, I also like how you split the videos into parts so i can go back and understand what i need rather than having to skip through a long video. Nice work from the UK
Thank you very much, you helped me to put together all picture about buffer overflow, now some puzzles from book "Hacking: The Art of Exploitation" fits on place!
Seriously your video made me understand the concept and ways to exploit buffer overflow in so easy way. Thanks you for the awesome videos. Spread the love!!!.
I can't explain my happiness. I am a beginner in the field of hacking and understanding this cool concept was my dream and you made it come TRUE with your videos. Thanks a lot.
Wow! I was about to break my PC when reading over buffer overflow for the eCPPT it all clicks now!!! Thank you so much. BTW your privilege escalation udemy videos taught me alot.... soon the cyber mentor certificate will be the golden standard, move out of the way eCPPT and OSCP
Thank you so much for putting this course together. I was have issue understanding the concept. After this course, I can really say that i get it. Thank you!
Thank you for the class/videos, the videos were the BEST I've seen about buffer overflow. I been trying to learn buffer overflow for sometimes now, but everything I read just add confusion. Your videos were great, clear and simple. I now understand buffer overflow. THANK you. Great work.
Congratulations, Sir. Your channel is going to be massive, I can guarantee. Subscribed and Notified. :-) THANKs for this series and please, keep on doing more videos on OSCP! Lots of success!
Thanks. I am looking to start an entry IT job and it was fun following through this lesson. I also have been going through your 15 hour course on pentesting. Thanks.
Sir, simply you are awesome!!! i have been following your channel, specially the pentesting for noobs, completed this series, it was really awesome!! many of my friends also follow your content, i introduced you to them, and we just love the way that you teach complicated stuff in such a simplistic manner.. thank you again ❤❤
I AM FROM SRI LANKA AND THESE YS I AM RESEARCHING ABOUT EXPLOITS,BUFFEROVERFLAW ETC..../YOU VIDEO I REALY INTERESTING....I T MADE ME SENSE ABOUT THIS TOPIC....KEEP UP YOUR WORK BROTHER....DO SOME MORE VIDEOS.....I LOVE YOU
Late to the party but I made some notes for this series with some additional stuff from other videos and resources. For those confused [like me] about how the JUMP ESP interaction works and the inclusion of NOP-sleds in the payload I attempt to explain this as I understand it from my research. Notes here: github.com/ghostinthefibers/SecSheets/blob/master/Binary%20Exploitation/Overflows/Buffer%20Overflows/Buffer%20Overflows.md
Good series but what's really missing in my opinion is an explanation of why the JMP ESP in EIP results in the program jumping to the shellcode that we appended to our string. You also didn't really explain in detail why the NOP sled was needed. Some graphical display of the stack during this exploitation process would really help visualize what's actually happening.
Thanks for the video man. I was not getting the reverse shell but in the end, it was just '\' missing on the shellcode. Finally got the shell and thank you for the amazing explanation.
YES, finally got a root shell! Thanks for that. Amazing tutorial! If someone has also trouble to get a root shell and your program just crashes like in the first step: Check the IP address and the firewall! The firewall must be turned off and on top of that, you have to use the IP address of the Kali machine, not of the windows machine. Seems very obvious lol :-)
I am facing the issue - In my case, I have disabled the firewall, the LHOST IP belongs to kali. Each time I run, the vulnserver.exe gets crashed and I dont get a shell :(. I tried with both Win7 and Win10 OS
@@kiranvijay1952 If vulnserver.exe crashes, it means you can hit the windows machine. To get a root shell you need the correct piece of code. Re-write your python script and be careful to type it correctly as mentioned in the video. I would bet it's something simple like a wrong special character
I've shared it quite a bit and subbed. I will definitely chip in on the patreon as well. I was wondering if you planned on doing a buffer overflow course on something with memory protection that would be amazing because the information that is out there just isn't very relevant a lot of times. You are God tier at explaining the process although I already knew everything up until this point it has helped a ton of my friends. So I definitely wanted to ask.
This is awesome! I recently purchased my elearnsecurity PTP exam package, trust me I really struggled to understand how buffer overflow works compared to yours which is clear and concise. With the victim machine, how do I get access to and also, am I to install immunity debugger on it, please a bit of explanation will help. Thanks. Please, point me to your Paetron page.
Wow, thank you very much these eight parts made me feel confident as I had a really hard time understanding the buffer flow and actually implementing a simple one, As a beginner can you provide me some additional resources on the same to understand bufferoverflows in more detail.
Just a note for anyone who isn't getting the reverse shell. If you're on VirtualBox and using NAT allocation you need to forward your listening port. Just go to Settings > Network > Advanced > PortForwarding and put 4444 in the Host and Guest port :)
Hey! i am still stuck and not getting root. The python script runs completely, i can see that vulnserver receives a connection from kali in the terminal but i dont get a root. I enabled port forwarding too but it did not work. Is there any other solution you have for this? Thanks
I change it and nothing :/ AV/ FW disabled everywhere. All predvious steps were correct as I get the same values, responses as in Cyber mentor's video.
AMAZING! I'm currently on my OCSP training I'm in the Buffer overflows module and I cant understand hahaha. But in your module its just easy like I open my pc!
Hey TCM, I am stuck at this part which should be the easiest but I can't seem to get a shell. The connection closes immediately and my netcat is not getting a shell. Any where I am wrong? I've tried to change to x64 for the msfvenom since my PC is x64 architecture.
Hey! i am stuck there too. The python script runs completely but i am not getting shell. Did you find a solution to it? I would be more than grateful if you could help me out with this. Thanks.
I really enjoyed your work! Clear and to the point. I was wondering if you have any good resources for me to learn privilege escalation or if you could create a tutorial on privilege escalation? Thanks and keep up the hard work
great series thank you. Is everything that you have done in this video applicable to the OSCP? I saw you used some metasploit ruby scripts, is that allowed? I know msfvenom is allowed. Thanks for the series.
Great videos, you have the ability to deliver the clear information, easy to follow. However, I have a question, as I see that I need to control windows machine besides my Kali machine to do buffer overflow? while in real-life pen-test you have no control on the windows machine! which makes the difference.
First of all, this is awesome. Great job. I loved every second of this series. Second: maybe I've missed something (and I'll rewatch them all) but... we're trying to BOF a server. In this situation we can use the debugger and see what happens. So if they target is using a know server application, we can download it and try offline. But... what if a target is using an unknown server application (maybe a custom application) and we can't use the debugger? Is there a way to find a valid offset to point the EIP? Or we can do BOF only if we can actually use the debugger? Thanks.
Thank you for the amazing course experience, the explanation is very clear to follow. yesterday i bought your udemy course because i think that is better than others and i liked the topics. I have a question, do you have any advice for the OSCP exam?
Thanks for this Video. I have one question Please. where would "\x90" * 32 + overflow be written? in Which place in the Memory? in the top of the Stack?
Hi, everything goes perfect till I run the reverse shell script and the vulnserver crashes. Firewall and realtime protection are off. I do get a reply after listening on netcat that a connection is made and shortly after the vulnserver crashes. any thoughts?. Thanks
Ok, so we got shell access of the victim now. What attacks can we perform and can we also have a persistence backdoor for this if I'm saying it correctly.
So here's a weird one. I manage to get a reverse shell but then the program still crashes like in the initial Fuzzing exercise and so too does my shell... any ideas how I keep the shell alive after hitting the offset?
I hope you enjoyed this video! If so, please consider dropping a like and subscribing.
DUUUUUDE WTF THIS WAS SOOO AWESOME! EVEN THE PWK PDF COULDNT EXPLAIN IT AS CLEARLY AS YOU DID! REALLY GLAD YOU DID THIS FOR FREE. YOU DEFINITELY DESERVE EVERYTHING MAN!
DUDE YOU ARE AMAZING!!! been trying to learn buffer overflow for months.... with your videos i learned it in under 24 hours. WOW! please dont stop posting new shit..... i will share the hell outta ur vids!
Thanks for all the nice comments :)
@@TCMSecurityAcademy really amazing video and easy to understand :)
This was such a good course to work through. Thanks a ton, I am writing my OSCP in 3 weeks, and this just filled in so many gaps. thanks.
Thank you. Best of luck on your exam!
Yooo fellow metal head/guitarist. How'd you do on the OSCP?? I'm taking it this year. Also nice vids bro. Heath's been awesome for learning.
THIS IS THE BEST BOF EXPLAINED ON TH-cam
The best, easiest, amazing course in Buffer Overflow
Thanks a lot.
I gained a lot form this course and I hope that you continue with same momentum and clarity
Thank you for the great feedback and motivation!
Loved the entire series man! Went from having zero clue on buffer overflows to knowing this entire series inside out now, cheers Heath :)
That's awesome man!! Really great to hear :)
What a ride dude!!!! Now i got it!!! Thank you very much this course is incredible hahaha, you are the man, I owe you some beers
Easily one of the best if not the best content creators in general, and in the cyber security genre specifically. Thanks for all the value you provide, we really appreciate it ❤️
Dude you are awesome. I always skipped the buffer overflow part in any tutorial. But you made video so much simple that i watched the whole series in one go at mid-night. Simply Amazing.....
Thank you! I'm really glad you enjoyed it :)
Watching this series has made the whole buffer overflow concept just click now. Definitely subscribed, and looking forward to more material in the future!
Glad you enjoyed it!
Prepping for OSCP. Binary exploitation has always intimidated me (and still). Followed this mini-course, then tried brainpan and got it in about an hour. You explained it very well (compliment from one teacher to another). I especially liked the fact you didn't over complicate the subject with too many (in-depth) technicalities. Save that for later. Great introduction into the subject. What worked well for me was to copy the python script to a new file at every step before making changes. This way you can clearly and instantly see what each step is responsible for. Made it easier for me to reproduce.
Wow, just wow. I know I'm late to the game in commenting on the "Buffer Overflows" series but let me tell you...your explanation of it all is simply amazing! I just started dabbling in the whole virtual box world as a noob and I really appreciate they way you break things down. Subbed and hoping to further this little hobby of mine.
wow man great video and very helpful. I cant believe you dont have more views/subs. It was easy for me to understand most of it as i have a basic understanding of assembly & how memory works, I also like how you split the videos into parts so i can go back and understand what i need rather than having to skip through a long video. Nice work from the UK
Thanks for the kind words! I'm glad you enjoyed the videos
Thank you very much, you helped me to put together all picture about buffer overflow, now some puzzles from book "Hacking: The Art of Exploitation" fits on place!
Seriously your video made me understand the concept and ways to exploit buffer overflow in so easy way. Thanks you for the awesome videos. Spread the love!!!.
Glad you enjoyed it!
This is epic...I have never seen Buffer Overflow work through made this easy before...weldon!!! Appreciate you good work...
I'm so glad you got everything resolved and enjoyed the course!
You are in real sense a mentor !
I can't explain my happiness. I am a beginner in the field of hacking and understanding this cool concept was my dream and you made it come TRUE with your videos. Thanks a lot.
Can you suggest some books on hacking for beginners.
Fantastic video brother. Very good supplement to the OSCP. Easy to digest, concise and to the point. Thanks again!
Wow! I was about to break my PC when reading over buffer overflow for the eCPPT it all clicks now!!! Thank you so much. BTW your privilege escalation udemy videos taught me alot.... soon the cyber mentor certificate will be the golden standard, move out of the way eCPPT and OSCP
Thank you for this awesome series of videos. It's better than what some people are charging for online.
I'm glad you like them!
Thank you so much for putting this course together. I was have issue understanding the concept. After this course, I can really say that i get it. Thank you!
Thank you for the class/videos, the videos were the BEST I've seen about buffer overflow. I been trying to learn buffer overflow for sometimes now, but everything I read just add confusion. Your videos were great, clear and simple. I now understand buffer overflow. THANK you. Great work.
Thank you so much! I'm glad that I was able to help you understand it clearly! Your kind words mean a lot :)
Congratulations, Sir. Your channel is going to be massive, I can guarantee. Subscribed and Notified. :-) THANKs for this series and please, keep on doing more videos on OSCP! Lots of success!
Agreed. Unreal video course thank you! Keep it up. Followed on Twitter, subscribed.
Thanks man, people like u makes this world better🥳
Thanks. I am looking to start an entry IT job and it was fun following through this lesson. I also have been going through your 15 hour course on pentesting. Thanks.
Thank you very much. I appreciate the way you broke everything down in plain language.
This series is awesome . Made BOF understandable. Thanks Heath
Sir, simply you are awesome!!! i have been following your channel, specially the pentesting for noobs, completed this series, it was really awesome!!
many of my friends also follow your content, i introduced you to them, and we just love the way that you teach complicated stuff in such a simplistic manner..
thank you again ❤❤
Thank you! I'm so glad that you're enjoying the content and spreading the channel!
You are most welcome sir 😊❤️
I AM FROM SRI LANKA AND THESE YS I AM RESEARCHING ABOUT EXPLOITS,BUFFEROVERFLAW ETC..../YOU VIDEO I REALY INTERESTING....I T MADE ME SENSE ABOUT THIS TOPIC....KEEP UP YOUR WORK BROTHER....DO SOME MORE VIDEOS.....I LOVE YOU
You have made an excellent course and helped a lot of people...
@The Cyber Mentor Thank you so much for creating this tutorial. You have explained this topic in very
accessible way. Once again, thank you :)
You're welcome! Glad you enjoyed it
Late to the party but I made some notes for this series with some additional stuff from other videos and resources. For those confused [like me] about how the JUMP ESP interaction works and the inclusion of NOP-sleds in the payload I attempt to explain this as I understand it from my research. Notes here: github.com/ghostinthefibers/SecSheets/blob/master/Binary%20Exploitation/Overflows/Buffer%20Overflows/Buffer%20Overflows.md
Good series but what's really missing in my opinion is an explanation of why the JMP ESP in EIP results in the program jumping to the shellcode that we appended to our string. You also didn't really explain in detail why the NOP sled was needed. Some graphical display of the stack during this exploitation process would really help visualize what's actually happening.
Nop sled is just to increment to next instructions. But i also don't know about jmp esp did you get your answer
Thanks for the video man. I was not getting the reverse shell but in the end, it was just '\' missing on the shellcode. Finally got the shell and thank you for the amazing explanation.
This is pure gold! Thanks for the huge help!
Thank you!
Appreciate all of your lessons 👍
Thanks for the course, it was very helpful. Hope you continue creating content on more advanced topics.
I will be I promise
Great series, I enjoyed everything.
Thank you!
Thank you very much cyber mentor sir you cleared my doubts of buffer overflow like no one else did
YES, finally got a root shell! Thanks for that. Amazing tutorial!
If someone has also trouble to get a root shell and your program just crashes like in the first step: Check the IP address and the firewall! The firewall must be turned off and on top of that, you have to use the IP address of the Kali machine, not of the windows machine. Seems very obvious lol :-)
I am facing the issue - In my case, I have disabled the firewall, the LHOST IP belongs to kali. Each time I run, the vulnserver.exe gets crashed and I dont get a shell :(. I tried with both Win7 and Win10 OS
@@kiranvijay1952 If vulnserver.exe crashes, it means you can hit the windows machine. To get a root shell you need the correct piece of code. Re-write your python script and be careful to type it correctly as mentioned in the video. I would bet it's something simple like a wrong special character
Thank you! This helped me. I am still a beginner and whilst it was so obvious, I was using the IP of windows machine :p
@@joshk8554 you are welcome, we all have to go through the mistakes smh
What a great tutorial! Thanks so much for this work. Excellent !!!!
Glad it was helpful!
Best-One So Far!! Thanks
its awesome. ..All videos are great ... I watched all videos privilege escalation as well... Its superb...thank you so much
I've shared it quite a bit and subbed. I will definitely chip in on the patreon as well. I was wondering if you planned on doing a buffer overflow course on something with memory protection that would be amazing because the information that is out there just isn't very relevant a lot of times. You are God tier at explaining the process although I already knew everything up until this point it has helped a ton of my friends. So I definitely wanted to ask.
At some point yes. Every time I poll Twitter/TH-cam, I provide it as an option, but something else always gets picked.
Thank You for the series!!
fantastic course - thank you!
Amazing Video! It's really easy to understand and valuable! Thank you so much Heat Adams!
thanks thanks, i started with no idea, now i really felt I've make a progress.
You’re the best thanks for the detailed info and the time you spent.
I subed.😇
THANK YOU SO MUCH. I finally understand. FINALLY.
Excelente tus videos son los mejores cuando se trata de comprender el desbordamiento de buffer
This is awesome! I recently purchased my elearnsecurity PTP exam package, trust me I really struggled to understand how buffer overflow works compared to yours which is clear and concise. With the victim machine, how do I get access to and also, am I to install immunity debugger on it, please a bit of explanation will help. Thanks. Please, point me to your Paetron page.
Simple and clear but need practice ... give u a big like !
Thank you
Thank you so much for your lesson.
Thanks for this tutorial! Amazing work, I'm now subscribed!
TCM, thank you very much. Cheers
Thx. This video is very great.😁😁😁
your videos are really great. thanks
very easy to understand, thank you so much !
You're welcome
u were simply amazing bro thanku so much for making this video series
You're welcome!
Excellent Tutorial
Thank you so much :)
This is really helpful . Thanks a lot
Wow, thank you very much these eight parts made me feel confident as I had a really hard time understanding the buffer flow and actually implementing a simple one, As a beginner can you provide me some additional resources on the same to understand bufferoverflows in more detail.
Thank you for the great tutorial
What if the vulnserver is crashed and stop working? I cannot receive the shell. What should I do to fix that?
Love the tutorial!!! Thanks
Just a note for anyone who isn't getting the reverse shell. If you're on VirtualBox and using NAT allocation you need to forward your listening port. Just go to Settings > Network > Advanced > PortForwarding and put 4444 in the Host and Guest port :)
Hey! i am still stuck and not getting root. The python script runs completely, i can see that vulnserver receives a connection from kali in the terminal but i dont get a root. I enabled port forwarding too but it did not work. Is there any other solution you have for this? Thanks
I change it and nothing :/ AV/ FW disabled everywhere. All predvious steps were correct as I get the same values, responses as in Cyber mentor's video.
You are awesome,bro.😁😁😁
AMAZING! I'm currently on my OCSP training I'm in the Buffer overflows module and I cant understand hahaha. But in your module its just easy like I open my pc!
Awesome awesome!
Thanks and thanks!!! You rock man!
Thankyou Very much TCM !!!!!!!
Loved it Thankyou TCM !!!!!!
Awesome, clap clap clap. Amazing job.
My vulnserver keep getting crashed. Not able to get reverse shell. I checked again and again... the code is same. please help.
Hey man, do you have more videos on exploit dev or like a patreon or something. Would like to see more from you
check out his TCM Security website courses
Extremely helpful.
thank you.. god bless you..
Hey TCM, I am stuck at this part which should be the easiest but I can't seem to get a shell. The connection closes immediately and my netcat is not getting a shell. Any where I am wrong? I've tried to change to x64 for the msfvenom since my PC is x64 architecture.
Hey! i am stuck there too. The python script runs completely but i am not getting shell. Did you find a solution to it? I would be more than grateful if you could help me out with this. Thanks.
I am also facing the same problem. Python script runs, but VulnServer closes, and I don't receive the shell in my netcat.
I really enjoyed your work! Clear and to the point. I was wondering if you have any good resources for me to learn privilege escalation or if you could create a tutorial on privilege escalation? Thanks and keep up the hard work
Fuzzy security guide for Windows. G0tm1lk guide for Linux.
great series thank you. Is everything that you have done in this video applicable to the OSCP? I saw you used some metasploit ruby scripts, is that allowed? I know msfvenom is allowed.
Thanks for the series.
These aren't automated attacks, so yes.
Amazing video series
Great videos, you have the ability to deliver the clear information, easy to follow.
However, I have a question, as I see that I need to control windows machine besides my Kali machine to do buffer overflow? while in real-life pen-test you have no control on the windows machine! which makes the difference.
First of all, this is awesome. Great job. I loved every second of this series.
Second: maybe I've missed something (and I'll rewatch them all) but... we're trying to BOF a server. In this situation we can use the debugger and see what happens.
So if they target is using a know server application, we can download it and try offline.
But... what if a target is using an unknown server application (maybe a custom application) and we can't use the debugger?
Is there a way to find a valid offset to point the EIP?
Or we can do BOF only if we can actually use the debugger?
Thanks.
Thank you for the amazing course experience, the explanation is very clear to follow. yesterday i bought your udemy course because i think that is better than others and i liked the topics.
I have a question, do you have any advice for the OSCP exam?
Thanks for this Video. I have one question Please. where would "\x90" * 32 + overflow be written? in Which place in the Memory? in the top of the Stack?
Hi, everything goes perfect till I run the reverse shell script and the vulnserver crashes. Firewall and realtime protection are off. I do get a reply after listening on netcat that a connection is made and shortly after the vulnserver crashes. any thoughts?. Thanks
I got it , had one extra space in the script which cause the whole issue. Thanks worked perfectly
awesome awesome. nice. thanks
Great Demo
Ok, so we got shell access of the victim now. What attacks can we perform and can we also have a persistence backdoor for this if I'm saying it correctly.
Tune in to episode 11 of zero to hero :)
So here's a weird one. I manage to get a reverse shell but then the program still crashes like in the initial Fuzzing exercise and so too does my shell... any ideas how I keep the shell alive after hitting the offset?
nicely done
So I see how we got the shell but how did we get root? Is that just part of msfvenom?
Process was running as administrator :)
Cool videos! Try in future to use bigger fonts,it is hard to watch,change dpi to zoom on ui
YOU ARE THE GOAT
thank you for this
Thank you.
hey!! im not getting a reverse shell in the end.. i got an error in vulnserver as "recv failed with error : 10054"... plz help
My fave cyber-security teacher! #twothumbsup