Running a Buffer Overflow Attack

Running a Buffer Overflow Attack - Computerphile

Рет қаралды 2,093,931

Күн бұрын

Making yourself the all-powerful "Root" super-user on a computer using a buffer overflow attack. Assistant Professor Dr Mike Pound details how it's done.
Formerly titled "Buffer Overflow Attack" -Aug 2021
The Stack: • Reverse Polish Notatio...
Botnets: • Botnets - Computerphile
The Golden Key: iPhone Encryption: • The Golden Key: FBI vs...
3D Stereo Vision: • Stereo 3D Vision (How ...
Brain Scanner: • Brain Scanner - Comput...
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscom...
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com

Пікірлер: 1 200

@aadeshsalecha4951 9 жыл бұрын

This was by far the best video..... Normally Computerphile tries to address a wider audience, but I personally would like to see more of these kind of in-depth videos.

@kipchickensout 6 жыл бұрын

exactly

@CP-hd5cj 6 жыл бұрын

Check out liveoverflow if you like this. He has tons of similar stuff, and decently in-depth

@dvorak2676 5 жыл бұрын

this is an introduction

@iraianbu3388 5 жыл бұрын

May i know what content is on cat shell_code

@cheesescrust5399 4 жыл бұрын

Dvo rak yeah I learned how to do basic stack overflows and run stack overflows back in the XP days, but I never learned in depth, complex attacks. I learned enough to run a debugger, find the memory address, write a nopales, etc but I never got deep enough to learn heap spraying, etc. They can get really complex now to bypass ASLR and other measures. I am trying to revisit this and learn more!

@tristant9686 8 жыл бұрын

You can see he is very excited to tell this.

@mcx6-e9d 6 жыл бұрын

Tristan T I'm excited to learn this.

@germangamingvideos6069 6 жыл бұрын

@@mcx6-e9d Me too

@matze3596 6 жыл бұрын

Frist time he can show what i spend his time on...Most people would not listen maybe cause they dont understand or maybe because they believe its something illegal.

@buzifalus 5 жыл бұрын

Because people are usually not interested or afraid of complex computer stuff

@iraianbu3388 5 жыл бұрын

May i know what content is on cat shell_code

@MaxJNorman 8 жыл бұрын

I really like this guy

@TheCFJB 6 жыл бұрын

I'd 100% agree.

@gregoriysharapov1936 6 жыл бұрын

Absolutely, max!

@benchiang8235 5 жыл бұрын

Me too, he's cool.

@gentiorelon 5 жыл бұрын

It's refreshing to see positivity and enthusiasm towards typically dry subjects. This whole channel is great, but this guy in particular is probably their most enjoyable to watch.

@ashleybishton742 5 жыл бұрын

Dude can hack anything I bet lol. He could devastate a system lol

@ItsNotJustRice 3 жыл бұрын

I know this particular video was years ago, but this guy is actually fun to watch. I'm terrible at learning, but he makes sense of a lot of things without dragging on the boring part.

@Stopinvadingmyhardware Жыл бұрын

Are you that mad at someone you don’t even know?

@Soedmaelk Жыл бұрын

@@Stopinvadingmyhardware You replied to the wrong guy

@ElagabalusRex 9 жыл бұрын

I would love to see a series on micro-architectures, machine code, and assembly

@TheRomichou 9 жыл бұрын

+ElagabalusRex Agreed!

@Funderpanda 7 жыл бұрын

and micro-waves!

@akam9919 7 жыл бұрын

Yes!

@kanpitcha54 6 жыл бұрын

please!

@AbuDoujana 6 жыл бұрын

@stephen schneider it may be tricky but it is definitely not 'insanely hard'... U just need to know at least the basics of forward programming ( C programing for example) and you can start from there, i would say i love it more than any other field but everyone has an opinion

@colossalbreacker 5 жыл бұрын

I'm a cs major, but I don't normally like watching cs related youtube channels. These videos are awesome though, some of them are things I thought I had a decent grasp on and I end up learning something. I also love how happy Dr. Pound seems when he is talking about something, you can tell he really likes what he does.

@ButzPunk 9 жыл бұрын

This was brilliant. More like it, please!

@cloveramv 6 жыл бұрын

Powerrrrrrrrrrrrrrrrrrrrrrr BUHAHAHAHAHAAHAHA whoami . . I am root baby.

@iraianbu3388 5 жыл бұрын

May i know what content is on cat shell_code

@Triantalex 2 ай бұрын

false.

@jurepustoslemsek7882 5 жыл бұрын

I watched this a long time ago, but after taking an Assembly class in uni, I suddenly completely understand what he did and why it works! this is an absolutely amazing video as it actually gives an incentive to continue learning low-level programming and such.

@Elite7555 3 жыл бұрын

Absolutely brilliant demonstration. All universities that I know teach C/C++, but they don't teach the essence of software security, which should be pounded into every student's head right from the beginning.

@lawrencelim6890 2 жыл бұрын

@the_only_nguyen3826same. The info was taught in an intro to cyber course which made us do a lab that required us to attain root access using buffer overflow just like in the video.

@Triantalex 2 ай бұрын

false.

@dantesalighieri Жыл бұрын

The way this man explains things is absolutely DIAMOND.

@IrishH2 5 жыл бұрын

Fun fact, buffer overflows are where most of the famous glitches in the original Pokemon games come from. From Missingno. to fighting Professor Oak, to getting a Mew in Cerulean City. All done through buffer overflowing and putting numbers where they shouldn't be.

@williamdrum9899 Жыл бұрын

Interesting. Those games were coded directly in assembly though so I don't think they used stack-allocated buffers.

@JohnDoe-m8i 4 ай бұрын

@@williamdrum9899 How else are they meant to store information?

@williamdrum9899 4 ай бұрын

@@JohnDoe-m8i Back then it was easier to predefine your array sizes since you had complete control over the CPU and memory. The downside to this is that you had no segfaults or anything to stop a mistake like a buffer overrum

@smtkumar007 2 жыл бұрын

youtube algorithms are like now this guy has just finished watching bootstrap in 1 hours & that more than enough to recommend him buffer overflow attack videos

@qgysugfq3935 2 жыл бұрын

This hits especially hard since I just finished my assembly and computer systems class. Great video!

@TheMagAirsoft 4 жыл бұрын

Dr Mike Pound, i do not know if you know this but you are saving a lot of network security students with your videos on these subjects. They are incredibly informative and makes a whole subject comprehensible in the matter of minutes. A Great thank you.

@realeques 8 жыл бұрын

i love how he explains every topic like its the best in the world... i could use him as my personal coach !

@Triantalex 2 ай бұрын

false.

@fernandojackson7207 2 жыл бұрын

Ok, I was finally able to translate from Brit: "Buffalo, Buffalo at Work" =="Buffer Overflow Attack" Great video and explanation.

@Anvilshock 9 жыл бұрын

Nice presentation, thanks! It would be even nicer to have the stack video segment made clickable, given KZbin's tendency to "Suggest" everything but related videos.

@Computerphile 9 жыл бұрын

+Anvilshock I'll sort that! >Sean

@Anvilshock 9 жыл бұрын

***** Much obliged, thanks!

@zavvie809 9 жыл бұрын

+Computerphile I suggest heap sort for that. :)

@MamboBean343 9 жыл бұрын

+Computerphile Still not really fixed. It's currently neither a card or an annotation.

@ChaimS 8 жыл бұрын

+Anvilshock Also, it would be awesome if it was mentioned where in the video he talks about them, since we may not necessarily have 10-15 minutes to watch the whole video.

@ne12bot94 6 жыл бұрын

Excellent job on video, I still don't understand why ppl hate your video. Your is more detailed and professional , then the other I video saw on KZbin.look like they don't know what there talking about.

@DFX2KX 8 жыл бұрын

messing with, and forcibly messing with the stack is the source of a few old school console hacks if I recall, particularly on NES games. You write memory by doing very specific things to set certain memory values in an unusual way

@hamstsorkxxor 8 жыл бұрын

Pokemon! If I remember correctly, that missingno nonsense in Pokemon Red was a stack overflow.

@UmVtCg 8 жыл бұрын

The game genie does this

@ns2304 3 жыл бұрын

Think its how PS1 and onwards did it as well. Gameshark and Gamemaster ripped the values off the game corresponding to a particular attribute. Then you tweak the code to get outcome like inf items, inf health etc. Never knew this was the science behind it hah

@cyberwithtom7714 5 жыл бұрын

for years ive been reading and trying to work out the ins and outs of bufferoverflow i can honestly say this is one of the most simple and effective videos out there on BO well done and Kudos loved watching it (for the 100th time)

@geonerd 9 жыл бұрын

Mike has a certain Dr. Evil vibe in that he clearly enjoys writing "Malicious Code." :)

@Triantalex 2 ай бұрын

false.

@johnconnor7978 6 жыл бұрын

The only truly knowledgeable bunch of geeks on the internet that also know how to explain what they know. You sirs earned by EIP hi5

@__-xl1zi 5 жыл бұрын

Everyone else: *makes a 20 char buffer* Mike: "We allocate a buffer that's 500 characters long"

@username17234 5 жыл бұрын

You need the buffer to be big enough to be able to comfortably hold your machine code plus a hefty padding for memory address variations.

@dicksonZero 5 жыл бұрын

still wondering how he is going to type all 500 characters until he pulls out his python

@cheesescrust5399 4 жыл бұрын

Eduardo I didn’t think it matters. I thought even small buffers could be exploited because the exploit payload just overflows and gets thrown into the stack. As long as you nopsled is hit by the pointer it just keeps running until it hits the return address which jumps to the shell code? Is that not correct?

@rampage_sl 4 жыл бұрын

@@dicksonZero I see what you did there

@mu11668B 4 жыл бұрын

Well... If I'm not writing codes for dev boards that has memory capped at few KBs, I usually allocate a lot more, like 4096 bytes. It has hardly any drawback for machines with GBs of RAM and lowers the risks of writing data beyond the buffer zone.

@hypernova2906 Жыл бұрын

the stack content visualization and the no-op sled animation were really awesome

@x1g5dj7dh4 9 жыл бұрын

This was amazingly informative, especially for someone not using Linux. Well done!

@Triantalex 2 ай бұрын

false.

@jonahansen 6 жыл бұрын

Damn! Excellent presentation on how stack overflow exploits work! No hand-waving; a complete demonstration of how it's done, down to aligning the return address and the no-op sled mitigation.

@gassnake2004 9 жыл бұрын

Great video! There's a lot of virus "concept" videos that explain how they work, but not many that show the actual implementation and writing of specific attacks. More please!

@JaceLansing 4 жыл бұрын

Man! How am I only finding your channel now!? This was great. Thank you for taking the time to put this together.

@sivalley 9 жыл бұрын

To err is human, but to really foul things up requires the root password. -Unknown

@U014B 9 жыл бұрын

Love it.

@sophiacristina 5 жыл бұрын

It was Aristotle!

@kbs1212 4 жыл бұрын

sivalley Stealing-no, borrowing this

@xBZZZZyt 4 жыл бұрын

Or SUDOer's password.

@masonhunter2748 4 жыл бұрын

To err is human. -Grammarly

@anyonetube 9 ай бұрын

the first 3 minutes of video give me more efficient information than any other videos i watched about this title

@34521ful 6 жыл бұрын

Just a slight error for future viewers, at the 7:10 minute mark, he points from "a" to the start of "buffer". What he meant was that we are at "ebp" to the start of the buffer is what sub $0x1f4, %esp does :)

@mustafadurukan6893 5 жыл бұрын

So the buffer starts from esp minus 500 and the buffer progresses towards ebp, right?

@dingdong3021 4 жыл бұрын

Seriously im going all around youtube looking for perfect explanation of buffer overflow. I always ignore this video thinking that it wont explain it. But man i was wrong. the best video about buffer overflow explaining things like nopsled deym. Tyyyyy

@lolbajset 9 жыл бұрын

I absolutely love videos on things like malware, exploits and similar stuff, feel free to upload more of it if you can :D

@paladinpaterson5385 7 жыл бұрын

Been reading my textbook for a while wondering what the hell the author is talking about and you cleared it up in the first fifteen seconds. Thanks!

@JaisMathews 4 жыл бұрын

It would have been pleasure to sit in his classes. We need more professors like this.

@nikhilnarayanan5949 5 жыл бұрын

This channel is by far one of the best....I made a computer application similar to chain reaction using the swing framework of java....I got a stackOverFlow error because of infinite recursion....this video really sorted me out....thanks!!!😁😁😊

@xSCOOTERx2 9 жыл бұрын

Had this for a homework assignment. It was quite hard to understand how to manipulate the stack at first, but this video helped a lot.

@itissmallagain8002 3 жыл бұрын

currently have this as assignment

@ireacttoshit4861 4 ай бұрын

@@itissmallagain8002 same here in 2024

@jasonford2877 5 жыл бұрын

This video explains it better than a $2000 course I've been doing in Cyber Security (which goes into far more than just BOF) Drawing it tremendously helped me understand it!

@MrJoao6697 8 жыл бұрын

What a video! Great job on explaining this attack, I'll definitely be looking forward to learn more of this as I get into assembler at University!

@0noam 5 жыл бұрын

it has taken me at least 5 times the duration of the video and a lot of zapping around to understand most of it. but it was extremely instructive, so thank you.

@furetosan 9 жыл бұрын

Awesome video. Especially the bit about the no-op slope.

@Triantalex 2 ай бұрын

false.

@emrekantar5003 Жыл бұрын

Might be by far the best explanation i’ve ever watched

@HavelockBanana 9 жыл бұрын

yeah! A technical video :-) Nice to see some actual code on this channel (even though it's being explained in a simple way :) )

@lumin0l161 2 жыл бұрын

Best explanation of a buffer overflow I’ve ever seen.

@hellterminator 9 жыл бұрын

And this, kids, is why you should always sanitize your inputs.

@michaeltorres1263 9 жыл бұрын

+hellterminator HAHAHAHAAHA!

@SUFHolbek 9 жыл бұрын

+hellterminator Little Robby Drop Tables

@hellterminator 8 жыл бұрын

Simon WoodburyForget Interesting language. I'm probably gonna stick with C/C++, but Rust is definitely interesting.

@Triantalex 2 ай бұрын

false.

@PauloRondynele 3 жыл бұрын

I cant stop watching computerphile videos. Pls help, my brain gonna explode.

@tiannimyers1204 5 жыл бұрын

The more I learn about computers, the more I realize how easy they are. Great video.

@Tithis 6 жыл бұрын

Studying for a security certificate and was having a hard time understanding exactly what was going on with the way they explained it in their videos. Your video really helped me understand it better, mostly by visualizing how the memory is laid out.

@aidheiko 8 жыл бұрын

I like his playful manners and smiles. I think I have a crush.

@nofrag25 6 жыл бұрын

He s married bro

@firstnamelastname7319 6 жыл бұрын

I want him to overflow my buffer 😍

@jscorpio1987 5 жыл бұрын

Thibaud so? Are we supposed to intensively research a person’s personal life now to make sure they’re absolutely 100% single before we’re allowed to have an innocent crush on them? It’s not as if you can control such feelings and it’s not like OP was exactly sending the guy a marriage proposal.

@kbs1212 4 жыл бұрын

J T Maybe OP isn’t but I am. Marry me Mr. Pound

@untilted9126 4 жыл бұрын

I do as well

@panman101mw3 6 жыл бұрын

I don't know why, but this felt a lot more interesting than all the other topics he's talked about. Rock on!

@user-eh5wo8re3d 9 жыл бұрын

very nice Video. would love to See more of this sort in the future

@gegdim9307 9 жыл бұрын

Fear not my friend! Botnets and iPhone decryption coming soon!

@user-eh5wo8re3d 9 жыл бұрын

Well that is a truly marvelous thing to hear. Am looking forward to it!

@sweetspotendurance 9 жыл бұрын

I am a C++ programmer and this is an awesome easy-to-understand introduction to gdb. Thanks for this video, I love low level C, bash, and Linux commands (like the Heartbleed video, for example)

@JuddMan03 9 жыл бұрын

Gdb is damn good. Also try valgrind

@VaultRaider 9 жыл бұрын

These types of videos are better than the robots/drones stuff

@anujmchitale 5 жыл бұрын

Not for a person who isn't interested in SW security or programming in general.

@hannahwhitham3539 4 жыл бұрын

I'm so happy this channel exists

@eliausi9696 8 жыл бұрын

Welldone on explaining this so well

@MarcinKonarski 9 жыл бұрын

One of the best videos on Computerphile. Mike really knows his trade.

@MelBrooksKA 9 жыл бұрын

+Marcin Konarski *hobby

@MiSt3300 4 жыл бұрын

Apart from the attack, it's so interesting to see how the computer actually processes the programme... I mean, I never really thought about it, that all the functions and returns and variables have to be stored somewhere and that it has to know how to execute it... I really like to think of a computer as a human being XD

@timm9301 5 жыл бұрын

I have studied exploit dev for a number of years and this is by far one of the best explanations ever! Keep it up!

@GenGariczek 9 жыл бұрын

More on similar topics please :)

@ghnna 7 жыл бұрын

this guys is my favourite out of all others on Computerphile tbh

@Tommus1997 6 жыл бұрын

"I'm assuming you know what a stack is." *defines function*

@Juasml 5 жыл бұрын

When you know a lot about something, sometimes it's hard to tell when you're being overwhelming and when you're going too slow. I guess he just randomizes it to keep going.

@dderudito 5 жыл бұрын

Hahaha

@jag831 4 жыл бұрын

Haha that's why I love this kind of videos. "Look at this ebp register, for example. B stands for base and B is the second letter of the latin alphabet. It is allocated in 0x6404whatever5A in memory"

@fetchstixRHD 4 жыл бұрын

To be fair, there was the video on stacks which anyone who wasn't familiar with could go and watch, so there isn't [wasn't] much point of repeating what's been done already.

@shumakriss 9 жыл бұрын

Thank you! I've never seen this explained in its entirety and there are lots nuances that have always inhibited my own educational endeavors. Knowing GDB, assembler, endianness, no-op sleds, etc were all concepts I understood but could never completely tie together. Excellent video.

@navalkumarshukla9447 3 жыл бұрын

I really liked the way he taught, didn't get it,but liked it xD

@Denverse 4 жыл бұрын

Today is the day I finally exploited a full buffer overflow attack to gain shell. Thank you Mike. And the animation is so helpful.

@5upl1an 5 жыл бұрын

The real question is, how can someone be so damn motivated at 7 in the morning?!

@RonaldMcPaul 5 жыл бұрын

Eating healthy breakfast cereals and grains.

@xxxXXXCH04XXXxxx 3 жыл бұрын

@@RonaldMcPaul yummy

@Triantalex 2 ай бұрын

false.

@Aemilindore 8 жыл бұрын

I truly love the method Cumputerphine explains things. These are very advanced concepts explained so simply. Hats off for your effort. I am a researcher in the field of WSN. But I truly love this type of work. I would love to know what research field are related to this type of work. Once again. Great explanation. Love your videos!

@DrRChandra 9 жыл бұрын

On the original diagram: Functions do not (normally) go on the stack. The stack is only data (including return addresses). With architectures having hardware support for not executing data (often called an "NX" bit), such as a lot of the Intel processors, trying to execute a function on the stack with the NX bit set would cause an exception, which in Linux in turn would generate a signal (something like SIGSEGV), and without a signal handler would kill the process. (Yay, memory protection!) oh...and I think you mean backslash x ninety.

@Computerphile 9 жыл бұрын

+rchandraonline I've a feeling that's what Mike was talking about at the end.... >Sean

@DrRChandra 9 жыл бұрын

***** , oh, yeah... As Mike says (paraphrasing), there are so many things which would make great videos on what goes on in GDB and assembly...simply fascinating how all that stuff was developed over the years.

@JAN0L 9 жыл бұрын

+rchandraonline Function code doesn't, but all the local variables used by the function go on stack, otherwise recursive functions wouldn't be possible.

@NyanSten 9 жыл бұрын

+rchandraonline For running shell (or other simple tasks), NX bit is quite easy to workaround with return-to-libc attack. But that can be hardened with address randomization.

@GegoXaren 9 жыл бұрын

gcc -fstack-protector-strong -std=c11 foo.c -o foo

@mad7227 Жыл бұрын

His best yet IMO. Love the level of detail and honesty enthusiasm of the topic 😁

@harleyspeedthrust4013 7 жыл бұрын

Ignorant friend: "Why would you ever use Assembly?" Me: "..."

@AutoReflexAR 5 жыл бұрын

this man has the funniest thumbnails on the videos. 10/10 very informative video.

@woutervandenputte1356 6 жыл бұрын

at 13:40 which command exactly do you use to list those 200 registers at the stack pointer minus 550

@nahue345 5 жыл бұрын

x/200xg $rsp (i think)

@chaoluncai4300 Жыл бұрын

i dont get why stack ptr minus 550 but not just 508 if the program stopped at the return address, can anyone explain it please ?

@Zeldon567 3 жыл бұрын

As a frequent viewer of videogame speedruns, I know quite a bit about the uses of buffer overflow/underflow. Fun stuff.

@another-person-on-youtube 4 жыл бұрын

"Can't type while people are watching." I'm not the only one!

@Danny-fd3lf 13 күн бұрын

very interesting and easy way to understand buffer overflow with fun visualization

@Dusk-MTG 4 жыл бұрын

*Segmentation fault* Me: "Oh damn, I fcked up." Peter Parker: "That's exactly what we wanted."

@buhaytza2005 4 жыл бұрын

within the first 60 sec: "I'm a geek", "I just happen to have a Linux machine here" prompt reads "mike@kali" Love your stuff Dr Pound

@bluekeybo 7 жыл бұрын

How would the "hacker" get the correct return address? They'd have to run gdb and list the addresses like in the video? How'd they do it automatically without root access?

@aneeshjoshi6641 6 жыл бұрын

I think: Since every process works assuming it has the full RAM and in C you can get the address of anything using & you can probably get it.

@chasehiatt5595 4 жыл бұрын

Gdb doesn't require root access

@bluekeybo 4 жыл бұрын

@@chasehiatt5595 interesting

@rrestoring_faith 3 жыл бұрын

gdb is just a debugging tool. Can run it on any executable if you have permissions to execute that executable.

@mOczakowski 6 жыл бұрын

These type of guys gimme the chills, he's literally accessing chip register buffer memory, and it's making him giddy... YAIKS!

@timt.4040 6 жыл бұрын

Very helpful! What is the gdb command (not shown on screen) to list the 200 registers at the stack point of -550?

@jbrhsn8406 4 жыл бұрын

Google it Pal!

@abindieflasche100 4 жыл бұрын

@@jbrhsn8406 what is it

@zerozone1412 4 жыл бұрын

@Tim Thompson did you find out what the command was? I need it😫 ..... thanks

@jag831 4 жыл бұрын

Something like "x/500xw $esp -550" could work. I may be wrong

@DArnez-c5n 4 жыл бұрын

Very clearly explained... I have been looking for a tutorial like this for about ten years.

@ryanofarrell186 8 жыл бұрын

Video is 17:29 long. Mathematicians, unite!

@tennicktenstyl 8 жыл бұрын

What's so special about this? I'm not familiar with numbers and stuff

@Keithfert490 8 жыл бұрын

It's the smallest "taxi cab number": a positive integer expressible as the sum of two positive integer cubes in two different ways (1729=12^3+1^3=9^3+10^3).

@tennicktenstyl 8 жыл бұрын

Oh, that's nice.

@sadrien 8 жыл бұрын

Don't worry if you don't understand why that is important, because it really isn't.

@AndyChamberlainMusic 7 жыл бұрын

Keith its not the smallest taxi cab number lol it was just the number of a cab which some guy noticed was a boring number and then he told his even smarter friend that it was boring to which the smarter friend said na bro its the smallest number that you can get by adding two cubes in two different ways

@MeditatingDennis 3 жыл бұрын

I like how the guy gets excited and makes me excited aswell!!

@anirudhsarma4233 8 жыл бұрын

Can anyone explain why 10 duplicates of the return address was needed as "padding"?

@Areejms5 5 жыл бұрын

Thaaaaaank you soooo much, You don't know how much this video helped me understanding this topic for my finals !!!

@GegoXaren 9 жыл бұрын

and this, kids, is why strcpy is removed from C11. Many of the string functions were removed and replaced with safe versions in C11.

@GegoXaren 9 жыл бұрын

also use -fstack-protector, -fstack-protector-all or -fstack-protector-strong with gcc for non-time-critical stuff.

@anujmchitale 5 жыл бұрын

strncpy is the replacement. The n is a parameter asking how much to copy. If more than the buffer length being used, the function itself won't compile.

@stephana7785 5 жыл бұрын

Best explanation of shell code injection by far!

@umarsalmanrao5 5 жыл бұрын

13:53 which command did he use here? x/200x $(ebp-100) Was it this?

@pratheeps3972 5 жыл бұрын

Same doubt bro

@yuvalweber5946 5 жыл бұрын

i think he used this : x/200x $esp - 550

@ITRIEDEL 6 жыл бұрын

Finally a solid explanation of BO’s

@ttttt_ 8 жыл бұрын

"there is nothing you can't do as root" except makepkg on arch :(

@nik123true 8 жыл бұрын

nice one xD

@sauron1427 8 жыл бұрын

but you can create a user with whatever password you like, su into that user and run makepkg. you can still get ANYTHING done if you have root access.

@pedro.raimundo 7 жыл бұрын

I LOLed.

@cybrhckr 7 жыл бұрын

and some programmes does not allow you to run on root :D for security reasons

@Reth_Hard 6 жыл бұрын

You can't run VLC on root :( But you can patch it easily :)

@Edgewalker001 9 жыл бұрын

This is actually very interesting, because the noop sled trick actually reminds me of something we use when looking for things in genetic code. I guess there is a lot of overlap that isn't immediately apparent between programming and genetics.

@MrTridac 9 жыл бұрын

+Edgewalker001 I learned programming first and then genetics, and all I see when I look at DNA is program code. It's a state machine, a sequencer and self modifying code at the same time. Awesome!

@taubrafi 9 жыл бұрын

Kali!

@JT-xu1qd 7 жыл бұрын

its a good thing my parents never knew my interest in pokemon glitches would get me looking at vids like these some day

@Calin42 8 жыл бұрын

when a video on the ROP chains? with ASLR on and nX :p

@soccer7901 8 жыл бұрын

I learn more from Dr. Mike then i do from my profs at uni. You are an inspiration Sir :)

@marsgal42 9 жыл бұрын

I'm guess I'm showing my age when I mention that this was how the Morris worm back in 1988 infected systems. :-)

@jag831 4 жыл бұрын

Cool! I was wondering on actual, real cases in which this has happened

@15danie 7 жыл бұрын

Like how he not only talks about stuff but also demonstrates

@gabrielguedes6643 9 жыл бұрын

What was the command that he typed at 13:40 ?

@unforkableonion5081 9 жыл бұрын

+Gabriel Salles I think he used the function 'x' for examine memory, something like 'x/200xw $sp-500' which means examine 200 words in hex format starting at stack pointer minus 500 ;)

@Eveninn 5 жыл бұрын

@@unforkableonion5081 thank you :o