CSAW'19 - PWN - Ret2libc w/ PWNTOOLS (baby

CSAW'19 - PWN - Ret2libc w/ PWNTOOLS (baby_boi)

Рет қаралды 26,162

Күн бұрын

Пікірлер

@bryanleong2846 3 жыл бұрын

thank you John, the "8byte & 16bytes problem that caused the payload not working on remote " explanation really helps me a lot! Keep it up John.

@Flangvik 5 жыл бұрын

This is great stuff! Love that you actually show how you approach the unknown!

@fatcatgaming695 4 жыл бұрын

at around 15mins it looked like the shadow of your mic was your beard. Man that had me fixated for far too long :D quality content as always!

@silentkiller1753 5 жыл бұрын

Good luck on the OSCP!

@90hijacked 5 жыл бұрын

So that's what fish style previews in zsh look like, fascinating :-) Thanks for the video btw

@_JohnHammond 5 жыл бұрын

Thanks for watching!

@vineethrajesh4654 5 жыл бұрын

Can you please make a video for the web challenges in the csaw 2019 ctf please

@wolfleader2 8 күн бұрын

Nice

@stevejobz7389 5 жыл бұрын

Please post writeup for Buyify csaw 2019 , thanks in advance

@xscorp382 5 жыл бұрын

Can anybody tell me what is that libc.symbols['printf'] and how substracting it from current "printf" addrss is giving us base address of libc. All I saw what that he substracted address of printf from

@xscorp382 5 жыл бұрын

nvm got it :-)

@project3149 5 жыл бұрын

good job man

@ChrisLeftBlank Жыл бұрын

Have you ever thought, about being on the other side of the screen?

@gantulgatuvdendorj 5 жыл бұрын

Oh many thanks dude i was trying to that :D

@DjilouSP 4 жыл бұрын

Hey john i have a question pls, what if there was no printf address being displayed by the program , how to proceed in that case ?

@namesurname201 4 жыл бұрын

There should be a leak, u can watch this kzbin.info/www/bejne/n2aQlIp_lK2JbtE

@khalidamro3950 4 жыл бұрын

Hello, I have a question regarding the pwn tools, when you specified the file location of libc how is it getting that address? Can you please explain?

@_JohnHammond 4 жыл бұрын

You can see the location of the libc library that a binary uses with the `ldd` command. They also give us the LIBC that his uses in the downloadable files offered by this challenge. Thanks for watching!

@ashutoshpanda4336 5 жыл бұрын

Heya man can you please make a. Video how did you make that zsh terminal.. I've tried several times but didn't work... Trust me everyone going to love the video please

@spectrum9734 5 жыл бұрын

Ashutosh Panda install oh-zsh

@silentkiller1753 5 жыл бұрын

Install zsh ( debian based ) : sudo apt install zsh (arch based): sudo pacman -S zsh Install oh-my-zsh: sh -c "$(curl -fsSL raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)" Change shell to zsh: chsh -s $(which zsh) Done. For more info: github.com/robbyrussell/oh-my-zsh

@AlexWMF 5 жыл бұрын

@@silentkiller1753 Do you know what is the semi-transparent autocompletion suggestion plugin is used at 0:49?

@silentkiller1753 5 жыл бұрын

@@AlexWMF github.com/zsh-users/zsh-autosuggestions one of the most useful plugins imo

@anishagrawal7068 5 жыл бұрын

long time no see

@abisrug4898 4 жыл бұрын

The final ret could have been a exit() which will make sure we exit properly ..this would be useful if u were working on gdb.....

@yung-yuchen1219 5 жыл бұрын

What if recv().strip() doesn’t return any value?

@_JohnHammond 5 жыл бұрын

You may have received just a newline character, or an empty line. Does it happen every time, are your "recv()"s in order? You can use `recvuntil` as needed to get to the specific portion of the stream you are looking for. Thanks for watching!

@gardedesombres3254 3 жыл бұрын

Why did u do "pop rdi " ?

@rowan2231 3 жыл бұрын

The pop rdi gadget is used to pop the value at the top of the stack into the rdi register. As this is a 64 bit binary, the calling convention says that the first argument is read from rdi, so the string "/bin/sh" needs popping into rdi before system is called.

@jaki99k10 5 жыл бұрын

Hi what's the Shell's name you are using?

@_JohnHammond 5 жыл бұрын

I use zsh, with the OhMyZsh configuration and the autosuggestions plugin. It's handy! Thanks for watching!

@jaki99k10 5 жыл бұрын

@@_JohnHammondFine, thanks you so much! Keep going!

@willlynas672 5 жыл бұрын

Ahhh I saw calling system in a 32 bit way

@testapp8394 5 жыл бұрын

Here should i look for pwn cyclic command

@_JohnHammond 5 жыл бұрын

You'll want to install pwntools. You should be able to do a `pip install pwntools` but there might be some other dependencies you'd need to work through. Let me know if you need a bit more guidance. Thanks for watching!

@omershalev1855 5 жыл бұрын

John , why didn't u use a one gadget? much more handy than building the system's ropchain by hand

@TheSxW 5 жыл бұрын

Try reverse EFT its very funny as i was told of :)

@MiguelAngel-iv3bq 5 жыл бұрын

One_gadget to speed up the process ;)

@Anonimbus 5 жыл бұрын

I haven't used one_gadget ever. Where can i find tutorial about it?

@MiguelAngel-iv3bq 5 жыл бұрын

@@Anonimbus if you have Kali distro you just have to call it in terminal: one_gadget libc_file and it will return the address of various unique gadgets to launch a shell. I recomend you to just search in Google :)

@Anonimbus 5 жыл бұрын

@@MiguelAngel-iv3bq Thanks :D

@monkeyspanksback 4 жыл бұрын

Please be my mentor

@chiko3603 5 жыл бұрын

Man plz do byte me

@isectech 5 жыл бұрын

Please we are not listening we need also to reproduce what we are watching unfortunately your speed doesn’t allowed, sometimes it became annoying.

@Sepkov 5 жыл бұрын

Nice video but I gave a dislike because you didn't talk about what's going behind. You just used some tools and went directly to solution. I was expecting much more like what is libc, how functions stays inside. It would be much more instructive I think.