What do you mean?

You are welcome, glad I could help :)

I'm not doing -shellcode, I'm doing - len(shellcode). That's because I want to pad with A's 0x50 minus the bytes of the shellcode, and I don't want to manually count them. So I use 0x50 - len(shellcode)

@@RazviOverflow Oh ok what is the purpose of subtracting 0x50 from the length of the shellcode ?

ignore me I think I figured it out.

@@davidmohan2698 No worries at all. If you still have any doubt ask me, I'll do my best to clarify it.

You are welcome

Thank you :)

I wish -.-'

Hello. I'm using Cutter. Here's a video of its configuration: kzbin.info/www/bejne/sKO7cmZ3eMRpa5o

@@RazviOverflow 🙏 Thank you! And you videos are great I am finally understanding binary ex/rev!😀

@@Fiona-hs2ys Glad to help!

@@Fiona-hs2ys Glad to help. There's no money that can buy the feeling of progress, specially in the field of rev/pwn! :)

You are the first one (so far) pointing out the context is missing. Please tell me why and how the video could be improved.

@@RazviOverflow Just look at the illustration at 12:30, it may be not even your fault, just assembly is ... insane, everything goes everywhere all the time and i fail to map this in my brain

@@ragnarlothbrok367 Ok, then the problem is not the video. Have you tried watching easier videos?

Glad you liked the video :)

You are more than welcome. I'm happy you like my videos and they help in any way :)

I'm happy you liked the video :) And thank you very much for the super!

You are welcome

You are welcome :)

I don't think I will... Why don't you try using VS2019?

@@RazviOverflow It's done, thank you. Is it also valid for Cryptlib and not for others, for example, when I look on the internet, they import the Cryptopp library. Can you post videos for others? Again, health to your hands, labor and mouth. You are a life saver <3

@@kinezi7898 I don't think I will record videos on this topic, but I will sure do in the areas of binary exploitation and reverse engineering. Glad my video helped you. Cheers :)

@@RazviOverflow Can I ask two more questions? I've been trying to download OpenSSL lately and I'm getting errors, maybe it's because of what the guy did or maybe it's outdated because I'm typing exactly what he said in the terminal. Can you make a separate openssl installation video? Also, you made the Cryptlib library in this video, can you make others like Cryptopp Cryptest?

Hi there! I will consider getting into heap exploitation once I'm done with all the stack stuff I got in mind :) Thank you

🫂

Glad it helped, that's the main purpose of my videos :)

I did not stop, nor do I plan to stop... only that making videos takes some time. Time that I do not always have. Thank you for your support :)

Regarding reversing, it's something that has been on my mind for some time now. If so, what would you like to see?

@@RazviOverflow awesome. I’d like to see how you would approach reversing both Linux and PE files and how you would translate the assembly instructions back to C pseudo code to understand overall program logic. Maybe also do some Windows Keygen challenges where you write Key generators for various executables. I’m sure many others like myself would like to improve their overall reversing skills so a clear cut methodology on how to approach different challenges would be really cool to see and learn from. Thanks Razvi.

@@theviralhub245 Thank you for your ideas, I'll definitely give it a thought. Although I cannot promise any specific video (at least in the short team), there is nevertheless a video I'd like to do anytime soon, reversing related.

@@RazviOverflow sure. at the end of the day the video choice is all yours. Make do with it as you please and please take your time. 🙏🏾💯. This is top tier content

@@theviralhub245 Thank you for your support :)

You are welcome :) I'm happy my videos helped you

You are welcome :)

You are welcome, thank you :)

You can split the write using %hn, which will write just 2 bytes. Or even %hhn, which will write just one. Regarding the values, just consider the bytes you have to write. Imagine you have printed so far 0xDEAD bytes, and you are using %hhn so write into any address. It will write just the 'AD'. If you need to write a lower value, just "overvflow" the sum, like 0xDF01 will wite only the '01'.

yeah, thanks i didnt know that, i'm overwriting the got with a libc address because puts is called right after format string vuln with /bin/sh as argument meaning if i get the system address in got where puts is i will get a shell, simple right, the address is a 48 bit value rather than a 32 bit, what should i do if its a 48 bit value, because im running into troubles getting that into got address. is there a way to debug these exploits? @@RazviOverflow

Hello, take a look at this question: reverseengineering.stackexchange.com/questions/32317/cutter-shows-addresses-relative-to-stack-but-not-rbp-how-to-change-it

By enabling the debugging settings of Cutter. There are several checks you can enable/disable, and one of them is adding comments next to each instruction.

Glad to help :)

You are welcome :)

No, the "interactive" function from pwntool just pipes the stdin to the stdout of the process, so I can interact with it. Hence its name. Around 5:15 lies the vulnerability and its corresponding explanation, that's how and why you get a shell.

I think I've mentioned it in another video, not sure... You just have to "enable" several of its debugging options. They are pretty easy to spot if you try to configure your Cutter instance.

I was wondering the same as well, especially the variables arent highlighted which makes them a little bit harder to spot@@RazviOverflow

Glad to help!

Around 7:50 lies the explanation, it is because writing into memory happens from lower towards higher memory addresses, whereas the stack grows from higher towards lower addresses. Writing into memory happens in the fashion of: rbp-0x70, rbp-0x6F, rbp-0x6E, rbp-0x6D, and so on... so you are first overwriting rbp-0x8 and then rbp-0x4.

Me alegro de que te sea útil :)

You are most welcome :)

Glad it helped!

Don't cheat, learn the concepts :)

I'm happy it helped you :)

Glad it helped :) You are more than welcome

I recommend you reading about "lazy binding" syst3mfailure.io/ret2dl_resolve/

Glad to help :) You are welcome

No, because writing into memory always happens from lower towards higher addresses.

Glad you liked it!