Binary Exploitation Deep Dive: Return to LIBC (with Matt)

  Рет қаралды 181,495

John Hammond

John Hammond

2 жыл бұрын

If you would like to support the channel and I, check out Kite! Kite is a coding assistant that helps you code faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link)
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: johnhammond010@gmail.com
Discord: johnhammond.org/discord
Twitter: / _johnhammond
GitHub: github.com/JohnHammond

Пікірлер: 191
@praetorprime
@praetorprime 2 жыл бұрын
My C/ASM is rusty, but Matt is doing a great job at refreshing my memory as you go along. John, too, is an intuitive pair-programmer. I've always wanted to know how to turn a "buffer overflow" vulnerability into an exploit, mostly out of frustration at hearing so much about them in college but never actually being shown how one works. Such a great video!
@apjohnite1302
@apjohnite1302 2 жыл бұрын
Great watch for anyone who is new to ret2lib. On getting the address of /bin/sh string (1:07:46) Loading the libc.so.6 into Ghidra will work, but it was imported with a base address of 0x100000, which John didn’t subtract from the address of the string, (a mistake he attributes to a typo later). An easier approach would be to use strings -tx libc.so.6 | grep /bin/sh
@CMorlandBassist
@CMorlandBassist 2 жыл бұрын
Thanks for explaining this. I also noticed it wasn't a typo, but wasn't sure how ghidra could say it's address started at 0x2B when it was really 0x1B. Do you know why it had a base address of 0x100000?
@apjohnite1302
@apjohnite1302 2 жыл бұрын
@@CMorlandBassist No idea, but it usually defaults to that for an executable with PIE set. There is an option to override the base address when you import.
@jmiguelhernandez1640
@jmiguelhernandez1640 Жыл бұрын
thanks, i was wondering if string had an option for that. i found the memory map window in ghidra not only makes clear what base is used but it lets modify it as well.
@aarondinesh3657
@aarondinesh3657 2 жыл бұрын
I would love to see you and Matt do more colabs in the future!
@Hyuntube996
@Hyuntube996 2 жыл бұрын
Yeah man 🙃
@charlesmctavish5188
@charlesmctavish5188 2 жыл бұрын
Yeah very knowledgeable and has clear explanations. Great teacher
@jmiguelhernandez1640
@jmiguelhernandez1640 Жыл бұрын
in case anyone is wondering, the offset error for "/bin/sh" string wasn't a typo. When it was taken from ghidra, ghidra loaded the lib with a base address of 0x100000 so it was off by that much. 0x2B40FA-0x100000 = 0x1B40FA
@robertwouda
@robertwouda 2 жыл бұрын
Ngl that was 2 hours and 12 minutes well spend. Very interesting and cool
@potatoonastick2239
@potatoonastick2239 2 жыл бұрын
Yes please do more of this! Amazing learning content, even more so than usual IMO. Great stuff!
@GameOnBeast
@GameOnBeast 2 жыл бұрын
It's been ages since I last subscribed to someone. But if you make a video this awesome, it can't be help. Thanks for making this you guys! Would love to see more
@joeymelo2882
@joeymelo2882 2 жыл бұрын
What an incredible video. I've been meaning to watch for this for days and finally set up a time for that. Everything in detail, amazing. Thanks for the content.
@AbandonRule
@AbandonRule Жыл бұрын
I was watching this on the TV so I really appreciate that you strive to make sure everything was large enough. Thank you! Amazing video. Want to see more with Matt!!
@Raxnub
@Raxnub 2 жыл бұрын
Loved this John, definitely consider doing more of these please. I kept up with what was going on probably up until about 1hr 25 mins. I can feel a rewatch coming on!
@snakebarber
@snakebarber Жыл бұрын
Thanks for this! I still can't do what was shown on my own, but I'm about 4 steps closer than before I watched it. Learned a ton.
@Meow-meow421
@Meow-meow421 Жыл бұрын
You're the gold mine fr thank you so much for the content we all appreciate your hard work❤❤🎉😊
@PaulzePirate
@PaulzePirate 2 жыл бұрын
Amazing content, really hope there is more like this. Would also love to see some of the more advanced stuff. As Matt said, it's very difficult to find unless you are paying for it.
@maxpowell3528
@maxpowell3528 2 жыл бұрын
This was absolutely great, thanks John and Matt !
@george___43
@george___43 2 жыл бұрын
These guys are awesome, surprisingly I understand every step!!! Great video.
@ienze
@ienze 2 жыл бұрын
I am actually grateful that you didn't capture audio at the beginning because the setup of tools isn't so important and we could still enjoy it in a sped up version.
@jmprcunha
@jmprcunha 2 жыл бұрын
I always learn or recall something. I'm "hooked" on Your videos! Thank You for sharing!
@claymoody
@claymoody 2 жыл бұрын
Great video, Matt and John. Thanks for putting that together. Go Tigers!
@DickSvensson
@DickSvensson 2 жыл бұрын
Awesome aspect of the videos, like the format and the dialog!
@jkobain
@jkobain 2 жыл бұрын
Setting up the tools may often become the most interesting part of the event. Whatever, I'm ten minutes in, and I'm so excited!
@markgentry8675
@markgentry8675 2 жыл бұрын
This was gold. Its always so useful seeing mistakes and debugging. I still don't understand everything that was discussed, esp stack alignment, but i know more than i did when i started watching. thanks guys! Oh one thing. Who is Matt? would be good to get a link to any content he has :)
@n00b-hax0r9
@n00b-hax0r9 2 жыл бұрын
There was a lot in this one. Will have to come back to this multiple times. Thanks a lot for this!
@rbxdev4626
@rbxdev4626 2 жыл бұрын
Hey John rbx here, glad you are taking the journey with binary exploitation quick tip for finding that "/bin/sh" address using strings itself strings -a -t x path2libc | grep "/bin/sh"
@Bearded_1
@Bearded_1 2 жыл бұрын
Amazing video! I learned a ton. Please, please, please make more of these!!!
@trucotrecaxbox2904
@trucotrecaxbox2904 2 жыл бұрын
Really good video to start. I really wanna more of this videos, better with Matt, he explains really good.I am gonna re-see a lot of times, get notes and search throught internet all of this.
@mikewajda9912
@mikewajda9912 2 жыл бұрын
This was amazing and so informative! Please do more binary exploitation videos with Matt
@user-jm8kd2kr9l
@user-jm8kd2kr9l 2 жыл бұрын
You helped me through my night shift at McD, never enjoyed them more! (:❤️
@christopherboisvert6902
@christopherboisvert6902 2 жыл бұрын
Matt is one of the most brilliant person I have ever heard in computer science field yet x)
@Venom-ne4ox
@Venom-ne4ox Жыл бұрын
Great video. So much foundational stuff, please bring this guy back!
@TheBrutaline
@TheBrutaline 2 жыл бұрын
I found my video for the weekend. Thanks John.
@vibhavtiwari7260
@vibhavtiwari7260 2 жыл бұрын
yes sir more video like this and you just do a fab work again! thanks is all i just got for you sir. Thank You !!!.
@maxmusterspace6037
@maxmusterspace6037 Жыл бұрын
That was the best tutorial on rop and ret2libc I have ever seen. By far!
@cXedis
@cXedis Жыл бұрын
13 months later, still amazing. It's funny that when this released none of it made sense to me but it's been a crazy year. Matt and John thanks for taking the time to explain in such awesome detail.
@biblemansings
@biblemansings Жыл бұрын
Did you learn at school?
@biblemansings
@biblemansings Жыл бұрын
I’m just starting my Cyber Security courses
@cXedis
@cXedis Жыл бұрын
@@biblemansings not exactly? 20 years in IT, also BHIS has "Pay What You Can" classes you take for free. I have no formal edjumication in the field beyond those classes. I make my way by googlfu and a head that's sturdy enough to eventually break thru most walls...eventually.
@andresjoelrodgers
@andresjoelrodgers Жыл бұрын
@@biblemansings ❤
@andresjoelrodgers
@andresjoelrodgers Жыл бұрын
🎉
@saketsrv9068
@saketsrv9068 2 жыл бұрын
Thanks to both of you legends
@Handskemager
@Handskemager 2 жыл бұрын
Such a morale boost to see better people than me screws up and have to hunt down bugs, great video ! :)
@nicooolai
@nicooolai 2 жыл бұрын
This was an incredible video. VERY educational. More of these, please :) Now I want to be Matt when I grow up..
@marcovalentinoalvarado3290
@marcovalentinoalvarado3290 2 жыл бұрын
Also I recommend you another hacker with a youtube channel called "Kindred Security" he teaches as well how to bypass security measures for binary exploitation
@entheo_christ2223
@entheo_christ2223 2 жыл бұрын
John Hammond is one of the most likeable people on the internet. Great work man.
@REktSigMa
@REktSigMa Күн бұрын
1:48:37 its the "relative path vs absolute path. this is that move back path. Sort a like when your properly referencing folders in your program, like a header file.
@mossdem
@mossdem 2 жыл бұрын
This guys really good at breaking stuff down! It was still a little advanced for me but still really enjoyed it
@kuperrr6776
@kuperrr6776 2 жыл бұрын
I honestly didn't understand a shit but I loved the amount of structural content I learned, and how the channel works in general, thanks for the information! Im learning a lot :D
@WhatTheWeb
@WhatTheWeb 2 жыл бұрын
Awesome video as always. Just wanted to note that the /bin/sh address bug came from the fact that you copied the address offset from ghidra which, by default, will not load in binaries with a default base address of 0x00000000. You didn't typo! :p
@jcs0984
@jcs0984 Жыл бұрын
Holy crap that was a ride for a noob like me. Thanks so much!
@zeroows
@zeroows 2 жыл бұрын
Thank you guys. That was great.
@inhhaile7495
@inhhaile7495 2 жыл бұрын
This saved my day, and could be a few more days reading into more confusions
@utkarshrai9727
@utkarshrai9727 11 ай бұрын
How did I miss this goldmine of a video before? Got here from the new vid of Binary Exploits :3
@HAGSLAB
@HAGSLAB 2 жыл бұрын
This is a gem John!
@shadymorra9939
@shadymorra9939 2 жыл бұрын
Yes! more of this please John!
@SRGamingYT
@SRGamingYT 2 жыл бұрын
you have to keep going with this, AMAZING video learned so much and i solved this ctf by my own yesterday tho lol.. STILL learned a lot !!
@davidcopenhaver5583
@davidcopenhaver5583 2 жыл бұрын
Really great! A+ I would definitely watch more like this
@ernestoo8313
@ernestoo8313 Жыл бұрын
So good! Thanks very much!
@gsfare1
@gsfare1 2 жыл бұрын
That was awesome! I learned a lot, thank you. Very helpful how you went through the full debugging process and also prompted some really great questions. Nice work.
@alvinkhamron7430
@alvinkhamron7430 2 жыл бұрын
Greate video John very big fan hope to see more videos like this soon.
@orgozlan323
@orgozlan323 2 жыл бұрын
Thank you matt and john!!!
@znation4434
@znation4434 2 жыл бұрын
Very interesting, please do more!
@nekkrokvlt
@nekkrokvlt 7 ай бұрын
Awesome video guys !
@lennyaltamura2009
@lennyaltamura2009 Жыл бұрын
Thank you for sharing.
@omarjarkas2175
@omarjarkas2175 2 жыл бұрын
Very educational, amazing video!!
@AshokKumar-bu2gk
@AshokKumar-bu2gk 2 жыл бұрын
Awesome work guys !!
@mithileshmaheep1715
@mithileshmaheep1715 2 жыл бұрын
Had been waiting for this
@oneloveafrica8860
@oneloveafrica8860 Ай бұрын
he knows everything about that he's smart on revers engineering I like it wooow
@seanvinsick5271
@seanvinsick5271 2 жыл бұрын
I loved this. Btw readelf -W won't truncate the symbol names.
@PatrickHener
@PatrickHener 2 жыл бұрын
This was hell of a good video. Do that again with a more complex binary exploitation!
@ahmedmani1051
@ahmedmani1051 2 жыл бұрын
please when you do one of this videos make both persons voice equal i had to keep my hand on the volumes key entire time and add subtitles other than that thank you so much
@Thiago1337
@Thiago1337 2 жыл бұрын
Yes, more of these!
@AFchump78
@AFchump78 2 жыл бұрын
Any good reading material on the why I need to use pop_rdi and specifics? Replicating the success of this but Im kind of wondering about the why. Only have done shell code ones on windows(ecppt).
@walidantaki3026
@walidantaki3026 Жыл бұрын
wow amazing content learned a lot
@toastom
@toastom 2 жыл бұрын
Super interested in binary exploitation and the lower-level hacking that's more closely related to hardware elements of hacking. I'm happy this exists.
@pwndumb2903
@pwndumb2903 2 жыл бұрын
Amazing explanation !!!
@aaaron19
@aaaron19 2 жыл бұрын
Awesome video!! Please do more RE
@genezisdj
@genezisdj 2 жыл бұрын
i really liking you stoff btw so i can learn more
@wandersmut6326
@wandersmut6326 Жыл бұрын
How has a genius like this gone his entire career without anyone around him having the heart to tell him how to pronounce 'canary' or the origin of the metaphor?
@greob
@greob 2 жыл бұрын
That was very insightful and interesting. Too bad the sound levels were very uneven. Still, thanks for sharing!
@points7824
@points7824 2 жыл бұрын
ret2libc ctfs is where i struggle so thank you so much for this. I will be using this for practise so i would be so happy if you could catogorize the video so i could jump places that would be AWESOME
@kartibok001
@kartibok001 2 жыл бұрын
Really enjoyed the video and picked up some good notes, however if that was "basic", I think I need to search for the "ba" lessons :)
@noneofbusiness9764
@noneofbusiness9764 Жыл бұрын
Thank you
@samyepthatsme
@samyepthatsme 2 жыл бұрын
This is such a cool video! Could you just make a video tutorial on every section of the ShellCoder’s Handbook? 😂
@tvathome562
@tvathome562 Жыл бұрын
Wow this was fun, reminds me of stepping through softIce in 1990's to crack hobbled programs, sitting down with reems of printer print out and a pen, working through by hand. Oh things were so much simpler back then.. And ida pro was freeware.. The only Advantage now is you don't have to go to library or wait an eternity to download a program
@coffeedata7107
@coffeedata7107 2 жыл бұрын
This is gold mate
@overflow_and_programming5215
@overflow_and_programming5215 2 жыл бұрын
Thank you bro
@everybot-it
@everybot-it Жыл бұрын
I've just watched through an entire video where I understood most of the terminology, but almost none of what's actually going on. Complete repeat experience of 7-8 ys ago when I was watching HTML / CSS tutorials.... so let's not get too depressed here.... :D Immersion -> patterns -> copy-pasting -> failing -> following expert discussions way above my level -> another course on fundamentals -> suddenly things are familiar....
@MrGuardianX
@MrGuardianX 2 жыл бұрын
Very cool video thank you! Although if you don’t mind, could you please edit the audio a little. You were really load while the speaker is almost indistinguishable. So when he talks I increase my volume, but then your comment comes in and my ears start bleeding. Otherwise very cool content!!
@Johnstuart2023
@Johnstuart2023 Жыл бұрын
thanks bro
@johnsonkxks5835
@johnsonkxks5835 Жыл бұрын
congrats on 420k
@TracerPortable
@TracerPortable 2 жыл бұрын
That was great but I feel like Matt was too quiet compared to you, and when I heard you loud and clear sometimes I had problems with Matt. But overall love the vid. I feel like I'm going to return to it frequently
@aizen310
@aizen310 2 жыл бұрын
thanks fot your hard work! this videos are gold! just hope to technology used for the good of humanity...
@dontdishfish5861
@dontdishfish5861 Жыл бұрын
Great video! You and Matt make a great pair of teachers. I wanted to join your discord server but I don't think the link is working. The rest of your website works though :)
@00eunderscore70
@00eunderscore70 Жыл бұрын
Hi John, im just getting into Binary Exploitation and I would like to ask about the terminologies and how they work. For now what does the off-set do? I have seen it beeing used multiple times in different avenues of the video. Awesome educational video! Cheers
@user-my5cu7oy5i
@user-my5cu7oy5i 2 жыл бұрын
Friday night in lockdown…. COVID is getting me into hacking. Your videos are amazing!
@chsovi7164
@chsovi7164 2 жыл бұрын
A very nice video, but you guys made some comments that I didn't really understand. Why do null bites spook you, for example?
@miinyoo
@miinyoo Жыл бұрын
I watch Hammond because it's a world I find entertaining if rather incomprehensible most of the time, but through osmosis I can follow along. This. I have absolutely no idea what's going on. This is so far in a different universe, the only reference point I understand is Memory Address. Everything else is greek.
@user-td4pf6rr2t
@user-td4pf6rr2t 15 күн бұрын
6:39 This is like chroot jail? 10:08 wasn't configuring the chroot jail to work with dynamic linker reverse engineering and exploiting the vulnerability. Or like if any other script would have been the demo but since scope was vulnerable script is said differently? Cause that config make was rather epic. 12:12 Again very good information. That is pretty much the whole show - isn't it? Can libc be used to create a static chat history for interacting with generative ai? like how its stateless could pointer be created and just redirected to libc iteratively?
@AFchump78
@AFchump78 2 жыл бұрын
Morning all.
@AngryMarkFPV
@AngryMarkFPV Жыл бұрын
What is your OS of choice John?
@Majkieboy
@Majkieboy 2 жыл бұрын
Super hype!
@ReubenSammut
@ReubenSammut 2 жыл бұрын
Well done John and Matt. Although I've been doing these for a while, I still managed to learn new things. For next time, try to add one gadgets ;)
@gstud210
@gstud210 2 жыл бұрын
Do more videos with him!!
@cuishencheng
@cuishencheng 3 ай бұрын
Really really cool
@guyunknown226
@guyunknown226 2 жыл бұрын
dude when are u going to take us on your room tour it would be short exiting
@jaopredoramires
@jaopredoramires 2 жыл бұрын
why do we need to use /bin/sh that's inside libc? and why _is there_ that string inside it?
@robertsteffler5155
@robertsteffler5155 2 жыл бұрын
Basically the whole goal here is to get the binary *itself* to give us shell (that's what /bin/sh) is, and the binary, being an ELF file written in C comes prepackaged with a collection of built-in functions called libc (basically the library of all *c* in-built functions, hence *libc*). Inside of libc is at least one /bin/sh call, because that's what the *system* library uses to actually perform system operations. All we're doing is stealing that functionality and calling it without any other arguments to tell the vuln executable, essentially "Hey, once you're done doing what you're doing right now, I want you to use the system function from libc, and have it just dump us into a shell". The reason we do this at all is because once we have a shell.. we're in. We're jumping around on their system.
@jaopredoramires
@jaopredoramires 2 жыл бұрын
wow, thank you so much for the explanation
@redsimple5584
@redsimple5584 2 жыл бұрын
Binge watching some jhams. These videos are going to be called classics reference for data screens and action screens. Binge- all.
Mozi Malware - Finding Breadcrumbs...
50:16
John Hammond
Рет қаралды 196 М.
I forgot to make a video about this $150,000 server
18:54
Linus Tech Tips
Рет қаралды 906 М.
Sigma Girl Past #sigmagirl #funny #viral
00:22
CRAZY GREAPA
Рет қаралды 15 МЛН
MILLION JAMOASI 10 YILLIK YUBILEY 2023
3:00:06
Million Jamoasi ™
Рет қаралды 20 МЛН
Өнер Қырандары - Мешіт 2024
34:59
ONER KYRANDARY
Рет қаралды 698 М.
Uncovering NETWIRE Malware - Discovery & Deobfuscation
59:46
John Hammond
Рет қаралды 89 М.
Github Copilot Made My Code More Vulnerable
22:19
John Hammond
Рет қаралды 9 М.
Python Pwntools Hacking: ret2libc GOT & PLT
44:49
John Hammond
Рет қаралды 44 М.
Google CTF - BEGINNER Reverse Engineering w/ ANGR
39:47
John Hammond
Рет қаралды 274 М.
Discord Malware - "i hacked MYSELF??"
58:21
John Hammond
Рет қаралды 191 М.
Malware Analysis & Threat Intel: UAC Bypasses
33:00
John Hammond
Рет қаралды 20 М.
Coding a Web Server in 25 Lines - Computerphile
17:49
Computerphile
Рет қаралды 279 М.
everything is open source if you can reverse engineer (try it RIGHT NOW!)
13:56
Low Level Learning
Рет қаралды 1,1 МЛН
Finding WEIRD Typosquatting Websites
24:26
John Hammond
Рет қаралды 95 М.
Unraveling the IcedID Malware Stager & Phishing Email
33:34
John Hammond
Рет қаралды 77 М.