Never thought to consider that I may overwrite my exploit when using an overflow. Very informative video, thank you so much for sharing all you've learned with us newbies!

What kind of monster doesnt use A's for buffer overflow exploitation

Hello! I never comment on your videos but Im following you for years now, you do an amazing job and I learn so much from this channel, keep up the good work!, anyway I want to let you know that im studying for a certification focus on exploitation, and this is very good on explaining why EIP should not be close to ESP, also could be a good intro to stack alignment, something that was very frustrating for me and there's not good tutorials about it, maybe you should try to do one :) Again, amazing job, congrats!

Oh gosh i remember having the same problem too but never figured how makes so much sense now

I get the feeling this is the exact issue I've been having while trying to write custom shellcode for a picoCTF 2019 challenge... I'll have to fire it up after I get off work tomorrow morning. Thank you for the amazing videos!

Another solution for shellcode overwriting problem that worked for me was to add "add rsp,0x50" before the start of the actual shellcode. That way the stack moves far away from the RIP. The bytes representation of that instruction is \x48\x83\xc4\x50, compiled with rasm2 -a x86 -b 64 "add rsp,0x50" (for linux 64-bit). So the payload looks like: nopslide + add rsp,0x50 + shellcode + padding + RIP. I also like to remove the padding, because this shellcode will never overwrite the RIP and the longer the nopslide, the better.

Love the part when he says "Then my CAF will block it." 2:15

Man , You're Awesome with your magic explanation ! Debug FTW !

Another pitfall can happen is when exploiting gets on an x86 machine and it writes its returnvalue on the stack also corrupting your shellcode

This is really a great explanation and example, I'm really starting to understand a bit better thanks to your great explanations. I hope you feel better so you can get the rest of your videos done without feeling too Ill.

Hi man, really cool video as usual ! ;) Yet I wonder.. Did you use pure gdb for "minimalistic look = more meaning to what's shown" or just forgot to enable a enhancer? Imho, gef or peda are way more pleasant to use + more pedagodic for newcomers.. :D

Love the effort you’re putting in these videos!

@LiveOverflow So to be clear, it’s because there’s different ret opcode(0xC3, 0xCB) used for near return & far return that cause the “ret pitfall” ?

This is absolutely brilliant content. Thank you!

Hope u feel better soon!

For the program execution redirection problem, it won't work because gets() shouldn't be in main, it should be something like : #include void vuln() { char buffer[64]; gets(buffer); } int main() { vuln(); }

Keep up the good work man! I love your vids :)

Coming back around to this cause I think I'm hitting this problem xD

3:53 sagste zweimal das gleiche direkt nacheinander :D

Nice vid, love to see a video on rop and how it can be Turing complete. Anyone else here watched all the c3 console hacking videos?

I had a similar issue, where the shellcode got corrupted. Adding sub $40,$rsp (bytes: \x48\x83\xec\x40) to the start of shellcode does also solve the issue, basically moving the stackpointer out of the way.

Question, how does this (self modifying code) interact with cache coherency? Was my understanding, some or most CPUs won't respond to modified code within some number of instructions before execution. (Maybe that was true of, say, P4 era CPUs, and modern ones are more correct?)

Nice Demo, well done!

Aaaaw that really sucks when happens, specially if you have a small length to put a shellcode into(it happened when I was trying to use a an egg hunter). Nop slides always save the day :)

Hi LiveOverflow, I will really appreciate it if you could put all your code snippets into a GitHub repo which will be really helpful to practice !!

I just had the overwritten/corrupted shellcode problem yesterday and guess what video is uploaded right after I fixed it? :D

8:36 right now im thinking "oh it pushed to the shellcode and overwrote the pop" id probably put a nop slide here or maybe do mov ax, sp add ax, 300 mov sp, ax

What is your opinion about Offensive Security's OSCE training course? Majority of its content is devoted to exploit development. But it's old and maybe doesn't worth it. Your opinion? :)

8:25 well, obviously you assumed wrong register values or the code modified itself. I guess movabs is the culprit. 10:04 Nowaaay... I never would have thought of the possibility that the stack could be this close to the code :D

Why would someone use A's instead of any other char when doing a buffer overflow, what's the difference? I'm just getting into this stuff

Idk its so dry and forced humor but still I didn't cringe and actually enjoyed it xxD

Why is it a SEGV and not a SIGILL, is the signal Handler crashing?

even if you had used fgets or something like that there is still a format string vuln in the code

Nice haircut :)

Awesome 👍

I once used \xeb\x10 to jump forward after some byte that would always get corrupted for some reasons so my payload was \xeb\x10 + nop padding + actual shellcode

How to compile py file elf binary danayamic link.

He's obviously joking about the "wep application firewall" for c programs lol

Is it really necessary to write a "firewall" for buffer overflows in gets, when you should always just use fgets instead or am I missing something here? Let me quote from the man page: "BUGS Never use gets(). Because it is impossible to tell without knowing the data in advance how many characters gets() will read, and because gets() will continue to store characters past the end of the buffer, it is extremely dangerous to use. It has been used to break computer security. Use fgets() instead." Is it still that common to encounter gets() in the wild?

Hi :)

Hi sir can you please share some web pen testing resources with me.

The hacker caught a bug.. 🤢

Is it only me that the video (face) doesn't match with audio?

You should have saved this for april 1rst

who uses lowercase "a"?

please do a hacker meme review

Please put to open and closing brackets on the same vertical or horizontal (most likely vertical) line. It is very hard otherwise.

I use a's for padding XD

Lol jokes at 1:45

16:06 Gesundheit

Self modifying shellcode, anyone?

666 likes (iluminaty)

Someone disliked already

This intro is sketchy AF lol

first here \o/

Sigfault I think its your mic. No seriously