How They Hack: Buffer Overflow & GDB Analysis - James Lyne

  Рет қаралды 93,654

James Lyne

James Lyne

Күн бұрын

Пікірлер: 89
@mrbangkockney
@mrbangkockney 6 жыл бұрын
Seems you’ve stopped posting vids...but this is by far the best intro to BO and gdp our there. I salute you good sir, and please come back!
@TechinalBibek
@TechinalBibek 3 жыл бұрын
True
@TheRealKitWalker
@TheRealKitWalker 3 жыл бұрын
I agree. This was so much fun watching a BO practical example. I quite enjoyed it. 🤟✌️👏👏👏
@segintendorocks
@segintendorocks 7 жыл бұрын
This guy is freaking awesome. He explains it so much better than my professor :D.
@OVVAISNAB
@OVVAISNAB 3 жыл бұрын
Best video explanation of this seemingly complicated topic, thank you!
@muhammadkashif4216
@muhammadkashif4216 5 ай бұрын
This is literally some of the best and practical explaination conveyed so nicely, a low level stuff (pun intended :D), great respect
@rj-nj3uk
@rj-nj3uk 5 жыл бұрын
Hi James, very nice video. I am interested in system programming, and it is so difficult to find a tutorial video like this. Please don't stop.
@alexis-nicole
@alexis-nicole 13 күн бұрын
Extremely well explained! 😊
@bjarkismari
@bjarkismari 2 жыл бұрын
How did you find the return pointer just by looking at the stack?
@BeSharpInCSharp
@BeSharpInCSharp 5 жыл бұрын
The only thing that is NOT CLEAR from this video is how you guessed the return address? How did you know exactly which address should be replaced by B ascii values?
@christiansanchez4883
@christiansanchez4883 9 ай бұрын
“x/1x $sp” should work
@trishaatluri
@trishaatluri 7 жыл бұрын
sooo helpful - would have been up all night doing my pset if it weren't for this video
@shyngyskerimbekov2514
@shyngyskerimbekov2514 6 жыл бұрын
I am delighted, acquire so much understandable infromations , TY man!
@manojamrutharaj9071
@manojamrutharaj9071 2 жыл бұрын
Thanks for this wonderful analysis video....
@GURUYATHI
@GURUYATHI 6 жыл бұрын
I understood properly, thank you sir for the video
@anoopjohn9062
@anoopjohn9062 6 жыл бұрын
Could you explain how do we identify the return address?
@adityashrest5886
@adityashrest5886 6 жыл бұрын
anoop john by radarex
@cursedfox4942
@cursedfox4942 Ай бұрын
Love this gdb stuff very little missing I assume after access granted on a real system the operating system or private code would still run or would you have to point to it
@kooners6961
@kooners6961 5 жыл бұрын
8:50 I'm really confused on how he can tell it's the return pointer
@tlehloba
@tlehloba 5 жыл бұрын
Exactly my point. how do u determine the return pointer
@rootabeta9015
@rootabeta9015 5 жыл бұрын
@@tlehloba Usually, trial and error
@kraken_norse
@kraken_norse 4 жыл бұрын
You can find it out by checking push/pop instructions, which push items onto the stack frame or pop from it , in the disassembled function. The return pointer of a function is pushed on the stack when it's called,.
@enesozdemir9973
@enesozdemir9973 4 жыл бұрын
@@kraken_norse thank you mann you saved the day
@ca7986
@ca7986 3 жыл бұрын
This video is really high quality content!
@nnamdyjunior
@nnamdyjunior 9 жыл бұрын
beautiful!!! just what I was after!
@JannisAdmek
@JannisAdmek 3 жыл бұрын
This video was so helpful, I watched it twice :)
@etienneboutet7193
@etienneboutet7193 5 жыл бұрын
Amazing explanation. Thanks a lot
@stevecross9159
@stevecross9159 3 жыл бұрын
James- great video
@rootdev8106
@rootdev8106 6 жыл бұрын
Thank you for your awesome how-to!
@mohammadahmedragab837
@mohammadahmedragab837 2 жыл бұрын
thank you so much for clear explanation. Please where can I find a full course of your courses ?
@TekiZZ
@TekiZZ 3 ай бұрын
such a nice video
@surajkushwah3221
@surajkushwah3221 6 жыл бұрын
awesome video explained so much
@quaxiscorporationforresear5557
@quaxiscorporationforresear5557 8 жыл бұрын
Great video sir!
@aragon5956
@aragon5956 10 ай бұрын
If i want to put a shellcode , the return address is the bottom of the stacj ,isn't it ?
@Thanatos5712
@Thanatos5712 Жыл бұрын
I do the same exact step but i only have seg fault. Can It be because the Memory region of my eip( return pointer) Is only readable?
@pwn0x80
@pwn0x80 6 жыл бұрын
Your legends sir your best ... You rock ..
@User-cv4ee
@User-cv4ee 5 жыл бұрын
Why does the stack store new data towards the return pointer? Wouldn't going the opposite way ensure rp is never touched?
@amjadhammoudeh7954
@amjadhammoudeh7954 6 жыл бұрын
much appreciation mate
@ahmedlimam2241
@ahmedlimam2241 4 жыл бұрын
Thank youuuuu I have a little problem, saying that I can write into the buffer through an argv[1] once I figure how much character I need and I figute what the return pointer address is, if I execute ./program my payload + p32(address I need in hex) when I check gdb the return address changed but not to the address I need it to be, as if it read the "\" and the "x" of the little endian p32 as a value on their own, how can I change that?
@omarAhmed-wt8kx
@omarAhmed-wt8kx 7 жыл бұрын
Another good one keep up you have good representation way
@evilmulle4228
@evilmulle4228 5 жыл бұрын
When you print the stack with x/##x $esp, the first address that you call the offset, is that just the first address of the following 4 * 4 bytes?
@mantas9826
@mantas9826 5 жыл бұрын
Well explained. I got the flag I was looking for.
@anoopjohn9062
@anoopjohn9062 6 жыл бұрын
How to identify the return pointer?
@breakingcode92
@breakingcode92 6 жыл бұрын
first you do break main, then when you run and it hits the first break point at main you can do info frame and it will give you the rbp/ebp (depending on whether you run on 64 or 32 bit architecture). It will also give you the eip/rip this is the location of the return pointer.
@tlehloba
@tlehloba 5 жыл бұрын
@@breakingcode92 How do you determine eip/rip?
@tj6193
@tj6193 5 жыл бұрын
I'm finally getting it!!! 🎉
@new_contents_all_day
@new_contents_all_day 5 жыл бұрын
More videos plzz .. Is it possible to exploit packet buffer overflow due to slow data rate
@yungrolex1992
@yungrolex1992 7 жыл бұрын
how do i ignore the gcc errors because of the implicit declarations of the "gets" function
@SuperWhatusername
@SuperWhatusername 3 жыл бұрын
Superb
@sandeepbaldawa9146
@sandeepbaldawa9146 4 жыл бұрын
V well explained
@prakashshiv2586
@prakashshiv2586 9 жыл бұрын
This is awesome
@new_contents_all_day
@new_contents_all_day 5 жыл бұрын
Thank you sooo much
@harishkhattar6009
@harishkhattar6009 6 жыл бұрын
Which software is this?
@stefeyes9819
@stefeyes9819 6 жыл бұрын
You do know u used the same superman lone in both buffer videos right? Haha just teasing thank you for answering questions that nobody else could
@madimy
@madimy 8 жыл бұрын
what if we do not have an $esp register after the gets function? instead I have $rax register
@portgas3
@portgas3 8 жыл бұрын
its 64-bit application,you will find $rsp instead of $esp
@sharpspoon2
@sharpspoon2 4 жыл бұрын
good stuff
@kooners6961
@kooners6961 4 ай бұрын
Everything was great, but I just couldn't get access granted
@kathiravankathir3089
@kathiravankathir3089 4 жыл бұрын
awesome
@siddharthpandey3417
@siddharthpandey3417 5 жыл бұрын
Anybody else getting a cannot access memory address error after setting breakpoints?
@new_contents_all_day
@new_contents_all_day 5 жыл бұрын
The code is not compiling
@GiQQ
@GiQQ 7 жыл бұрын
Why does the address of the granted function needs to be written down in little endian?
@breakingcode92
@breakingcode92 6 жыл бұрын
because the value we are storing at a particular memory address must be stored in hex. Little endian specifies that it is already in hex otherwise we would not be able to differentiate between python string or python reference to hex value
@modelfreak125
@modelfreak125 Жыл бұрын
This does not work! maybe it did on what ever system you used ? But it doesn't work on unbuntu 20.04, cannot over write return of gets, no matter what I try!
@ruslanlion1999
@ruslanlion1999 6 жыл бұрын
Кто сделал лабу? В лс скиньте плез)
@ibrahimgambo4904
@ibrahimgambo4904 7 ай бұрын
@mustaphachakiri3407
@mustaphachakiri3407 5 жыл бұрын
>>Thank U so much
@keerthikumark.g2135
@keerthikumark.g2135 7 жыл бұрын
teach me more about hacking an android device
@abayzhunus5085
@abayzhunus5085 8 жыл бұрын
ne och
@Аширметова
@Аширметова 8 жыл бұрын
+Abay Zhunus главное дедлайн продлили)
@diegrootam
@diegrootam 7 жыл бұрын
ai dento
@MRX-xe3qf
@MRX-xe3qf 5 жыл бұрын
Instead of 0x41414141 I get 0x565561f5 which is my ret address.
@leesmith1609
@leesmith1609 3 жыл бұрын
I got the address working when I used the example code from kuafu1994.github.io/HackWithGDB/ASM.html
@-makhmutov-
@-makhmutov- 7 жыл бұрын
Че там 8 лабка ма? ахахахахха
@CorpOfHack
@CorpOfHack 6 жыл бұрын
Какая ? )
@ruslanlion1999
@ruslanlion1999 6 жыл бұрын
В будущем это уже 7я лаба)😂
@tsunningwah3471
@tsunningwah3471 8 ай бұрын
nbbbbbnbnbnkjbjkbjkbjkbjkbjkbjkbjkbjkbkjbjkb
@olzhaskairzhanov8090
@olzhaskairzhanov8090 6 жыл бұрын
Тем временем до дедлайна 47 минут
@starboy832
@starboy832 9 жыл бұрын
Has anyone really been far even as decided to use even go want to do look more like?
@sheamus69
@sheamus69 9 жыл бұрын
Oatify Er... take a deep breath and then try again...
@anthonyparra9553
@anthonyparra9553 5 жыл бұрын
you don't use nano? I can't watch this.
@sohaibesohaib2914
@sohaibesohaib2914 2 жыл бұрын
can I have your linkedin account i've a challnge for u
@santoshkumarpanda1180
@santoshkumarpanda1180 6 жыл бұрын
How to identify the return pointer?
@breakingcode92
@breakingcode92 6 жыл бұрын
first you do break main, then when you run and it hits the first break point at main you can do info frame and it will give you the rbp/ebp (depending on whether you run on 64 or 32 bit architecture). It will also give you the eip/rip this is the location of the return pointer
Buffer Overflow Hacking Tutorial (Bypass Passwords)
55:39
David Bombal
Рет қаралды 76 М.
Will A Basketball Boat Hold My Weight?
00:30
MrBeast
Рет қаралды 131 МЛН
Человек паук уже не тот
00:32
Miracle
Рет қаралды 2,9 МЛН
Cool Parenting Gadget Against Mosquitos! 🦟👶 #gen
00:21
TheSoul Music Family
Рет қаралды 33 МЛН
Running a Buffer Overflow Attack - Computerphile
17:30
Computerphile
Рет қаралды 2 МЛН
GDB Tutorial
55:12
CS 246
Рет қаралды 71 М.
WHY IS THE HEAP SO SLOW?
17:53
Core Dumped
Рет қаралды 261 М.
Just enough assembly to blow your mind
29:31
Kay Lack
Рет қаралды 118 М.
How They Hack: Simple Buffer Overflow
7:37
James Lyne
Рет қаралды 41 М.
Malware Development: Processes, Threads, and Handles
31:29
Basic Buffer Overflow - VulnServer TRUN
1:03:04
John Hammond
Рет қаралды 196 М.
HACKED!  How a Buffer Overflow Exploit works, plus Code Red!
25:50
Dave's Garage
Рет қаралды 196 М.
Hacker Techniques  Introduction to Buffer Overflows
51:56
Off By One Security
Рет қаралды 11 М.
Will A Basketball Boat Hold My Weight?
00:30
MrBeast
Рет қаралды 131 МЛН