DANGEROUS C Functions gets & strcpy (PicoCTF 2022 #04 buffer-overflow0)

I was at that part in my Security+ chapter about buffer-overflow and I was looking for an example of what it really did in C. Thanks man !! :)

Maybe putting -fstack-protector when compiling would have worked? Not sure

Thank you John, every time I watch one of your videos I always learn something new :)

it seems to be a kali linux thing having no stack-protector when building with gcc, as it works on my machine (ubuntu)

Dude, following along right with you, even going ahead now until I get stuck! Please keep going, this is great and I appreciate you so much!

Thanks John. We appreciate how you thoroughly explain everything and keep it simple at the same time. You're a rockstar!!

These videos are so awesome. Thanks so much John

Great series! Keep it coming!

Super cool series, always a pleasure to watch them! Keep it up!

Haha I'm a noob at these CTF challenges and had troubles solving this one for some reason. Looking through it with your guidance I'm like "Wow I'm an idiot, it was so simple" lol

This was fun! Please more John. :)

Loving this series, John. Please finish it!

3 ways to fail the computer systems course I did ~20 years ago: 1) cheat 2) do way too little adequate work 3) use gets()

You the best John, thanks a lot for these material and your explanations,
You are a master mind my friend

you already know it but let me tell you one more time YOU ARE AWESOME.

Enjoyed the video. Keep them coming.

Done Watching Cool Thanks John

I wanted to subscribe, but I've completely forgotten that I already was. Anyway, thanks for another informative video!

Thank you for all the beginner-friendly content
A question as an absolute newbie into binary: only an input of length>=20 causes the SIGSEGV, i.e. it doesn’t happen with say 17. Is there a way to know or estimate how many more bytes I need?

Awesome

i think the stack smashing wasnt detected probably the way gcc was compiled, its default could have been -fno-stack-protector, so default build task will never include a canary

sigsegv stands for signal segmentation violation

Oh the days I coded in C/C++, flush of output buffer is not guaranteed without the flush

I think strcpy is the most used function to demonstrate bufferoverflows.

6:34 a minor correction: the char array buf1 is 100*sizeof(char) Bytes long

If this is training wheels, I am still at the crawling phase XD. I'll get there one day :')

I don't understand how just adding a few extra characters causes the flag to magically appear. Is it because added the extra characters causes some specific code to execute? If so which part?

This is rust will dominated the c language 😂😂 but hey nice reverse engineer 😀 😉

I gave the 69th like 😁

09:00 laughs in format string vulnerability and return-to-libc

Nice'n'easy :)

you don’t explain how the buffer overflow even works though..?

What is the version of Sublime text you are using?? Please answer

Do you have references / explanation about the {,_COMPLETE}, i searched all day long on Shell expansion and no one say a thing about this tips :)

Is overflow on this the same as overflow on Hacknet?

👍

you made a 64bit version, so there more buffers i think.

How can this be dangerous?

2nd?

NVIDIA should be tried for unfair profit and hoarding...

1st?