How They Hack: Buffer Overflow & GDB Analysis

How They Hack: Buffer Overflow & GDB Analysis - James Lyne

Рет қаралды 89,026

9 жыл бұрын

Following on from the simple buffer overflow demonstration this shows a more focused use of the ability to overwrite data enabling an attacker to control the return pointer and have the computer execute alternative code. We step through a simple binary, identify the flaw and then exploit it. This video will likely raise more security and exploitation questions than answer them (it is a big topic) but I hope that it inspires interest and enhances your understanding a little.

Пікірлер: 85

@muhammadkashif4216 4 күн бұрын

This is literally some of the best and practical explaination conveyed so nicely, a low level stuff (pun intended :D), great respect

@mrbangkockney 6 жыл бұрын

Seems you’ve stopped posting vids...but this is by far the best intro to BO and gdp our there. I salute you good sir, and please come back!

@TechinalBibek 3 жыл бұрын

True

@TheRealKitWalker 2 жыл бұрын

I agree. This was so much fun watching a BO practical example. I quite enjoyed it. 🤟✌️👏👏👏

@bjarkismari Жыл бұрын

How did you find the return pointer just by looking at the stack?

@OVVAISNAB 2 жыл бұрын

Best video explanation of this seemingly complicated topic, thank you!

@shyngyskerimbekov2514 5 жыл бұрын

I am delighted, acquire so much understandable infromations , TY man!

@segintendorocks 6 жыл бұрын

This guy is freaking awesome. He explains it so much better than my professor :D.

@BeSharpInCSharp 4 жыл бұрын

The only thing that is NOT CLEAR from this video is how you guessed the return address? How did you know exactly which address should be replaced by B ascii values?

@christiansanchez4883 4 ай бұрын

“x/1x $sp” should work

@rj-nj3uk 5 жыл бұрын

Hi James, very nice video. I am interested in system programming, and it is so difficult to find a tutorial video like this. Please don't stop.

@JannisAdmek 3 жыл бұрын

This video was so helpful, I watched it twice :)

@trishaatluri 6 жыл бұрын

sooo helpful - would have been up all night doing my pset if it weren't for this video

@etienneboutet7193 5 жыл бұрын

Amazing explanation. Thanks a lot

@ca7986 3 жыл бұрын

This video is really high quality content!

@evilmulle4228 5 жыл бұрын

When you print the stack with x/##x $esp, the first address that you call the offset, is that just the first address of the following 4 * 4 bytes?

@rootdev8106 5 жыл бұрын

Thank you for your awesome how-to!

@manojamrutharaj9071 2 жыл бұрын

Thanks for this wonderful analysis video....

@nnamdyjunior 8 жыл бұрын

beautiful!!! just what I was after!

@ahmedlimam2241 4 жыл бұрын

Thank youuuuu I have a little problem, saying that I can write into the buffer through an argv[1] once I figure how much character I need and I figute what the return pointer address is, if I execute ./program my payload + p32(address I need in hex) when I check gdb the return address changed but not to the address I need it to be, as if it read the "\" and the "x" of the little endian p32 as a value on their own, how can I change that?

@quaxiscorporationforresear5557 7 жыл бұрын

Great video sir!

@User-cv4ee 4 жыл бұрын

Why does the stack store new data towards the return pointer? Wouldn't going the opposite way ensure rp is never touched?

@stevecross9159 2 жыл бұрын

James- great video

@mohammadahmedragab837 2 жыл бұрын

thank you so much for clear explanation. Please where can I find a full course of your courses ?

@surajkushwah3221 5 жыл бұрын

awesome video explained so much

@GURUYATHI 6 жыл бұрын

I understood properly, thank you sir for the video

@anoopjohn9062 6 жыл бұрын

Could you explain how do we identify the return address?

@adityashrest5886 5 жыл бұрын

anoop john by radarex

@yungrolex1992 7 жыл бұрын

how do i ignore the gcc errors because of the implicit declarations of the "gets" function

@tj6193 5 жыл бұрын

I'm finally getting it!!! 🎉

@omarAhmed-wt8kx 6 жыл бұрын

Another good one keep up you have good representation way

@amjadhammoudeh7954 5 жыл бұрын

much appreciation mate

@pwn0x80 6 жыл бұрын

Your legends sir your best ... You rock ..

@prakashshiv2586 8 жыл бұрын

This is awesome

@mantas9826 5 жыл бұрын

Well explained. I got the flag I was looking for.

@theashmedai007 5 жыл бұрын

Thank you sooo much

@claudiocostanzo2140 10 ай бұрын

I do the same exact step but i only have seg fault. Can It be because the Memory region of my eip( return pointer) Is only readable?

@alex595659 5 ай бұрын

If i want to put a shellcode , the return address is the bottom of the stacj ,isn't it ?

@SuperWhatusername 3 жыл бұрын

Superb

@sandeepbaldawa9146 4 жыл бұрын

V well explained

@theashmedai007 5 жыл бұрын

More videos plzz .. Is it possible to exploit packet buffer overflow due to slow data rate

@harishkhattar6009 6 жыл бұрын

Which software is this?

@sharpspoon2 3 жыл бұрын

good stuff

@madimy 8 жыл бұрын

what if we do not have an $esp register after the gets function? instead I have $rax register

@portgas3 7 жыл бұрын

its 64-bit application,you will find $rsp instead of $esp

@kooners6961 5 жыл бұрын

8:50 I'm really confused on how he can tell it's the return pointer

@tlehloba 5 жыл бұрын

Exactly my point. how do u determine the return pointer

@rootabeta9015 4 жыл бұрын

@@tlehloba Usually, trial and error

@kraken3950 4 жыл бұрын

You can find it out by checking push/pop instructions, which push items onto the stack frame or pop from it , in the disassembled function. The return pointer of a function is pushed on the stack when it's called,.

@enesozdemir9973 4 жыл бұрын

@@kraken3950 thank you mann you saved the day

@kathiravankathir3089 3 жыл бұрын

awesome

@stefeyes9819 5 жыл бұрын

You do know u used the same superman lone in both buffer videos right? Haha just teasing thank you for answering questions that nobody else could

@mustaphachakiri3407 5 жыл бұрын

>>Thank U so much

@anoopjohn9062 6 жыл бұрын

How to identify the return pointer?

@breakingcode92 6 жыл бұрын

first you do break main, then when you run and it hits the first break point at main you can do info frame and it will give you the rbp/ebp (depending on whether you run on 64 or 32 bit architecture). It will also give you the eip/rip this is the location of the return pointer.

@tlehloba 5 жыл бұрын

@@breakingcode92 How do you determine eip/rip?

@siddharthpandey3417 4 жыл бұрын

Anybody else getting a cannot access memory address error after setting breakpoints?

@ibrahimgambo4904 Ай бұрын

❤

@GiQQ 7 жыл бұрын

Why does the address of the granted function needs to be written down in little endian?

@breakingcode92 6 жыл бұрын

because the value we are storing at a particular memory address must be stored in hex. Little endian specifies that it is already in hex otherwise we would not be able to differentiate between python string or python reference to hex value

@keerthikumark.g2135 6 жыл бұрын

teach me more about hacking an android device

@ruslanlion1999 5 жыл бұрын

Кто сделал лабу? В лс скиньте плез)

@theashmedai007 5 жыл бұрын

The code is not compiling

@abayzhunus5085 8 жыл бұрын

ne och

@user-kd2vv5pd1g 8 жыл бұрын

+Abay Zhunus главное дедлайн продлили)

@diegrootam 7 жыл бұрын

ai dento

@modelfreak125 7 ай бұрын

This does not work! maybe it did on what ever system you used ? But it doesn't work on unbuntu 20.04, cannot over write return of gets, no matter what I try!