Intro Format String Vulnerability | PicoCTF 2017 [39] "I've Got a Secret"
Рет қаралды 18,297
Күн бұрын
@alexpaww 6 жыл бұрын
I think the binary running on the server was 64bit? If so, the stack layout could have been slightly different, this screwing up the results
@_JohnHammond 6 жыл бұрын
Oooooh! That must be it. I'll recompile our source binary as 64-bit and see if the stack layout matches up a bit better. Good call!!
@WhiterockFTP 4 жыл бұрын
John Hammond did it?
@alexpaww 6 жыл бұрын
I love the new intro dude!
@jakegamingking5355 6 жыл бұрын
Love it keep it up i want something beginner friendly if you have any series on those
@DHIRAL2908 3 жыл бұрын
Thanks man! Really helped me understand it!!!
@neafirmisani5199 6 жыл бұрын
help, I want to learn reverse enigneeing. Do you have any website for learning reverse engineering? for beginners?
@_JohnHammond 6 жыл бұрын
Reverse engineering is hard to learn; I am still pretty bad at it. But crackmes.one/ is a good site to practice, it has does have a lot of binaries to learn reversing with.
@sluge1 6 жыл бұрын
That's interesting, thanks)
@statistics5607 3 жыл бұрын
is String format attack even possible if we don't have the source code of the binary?
@omerreich1926 3 жыл бұрын
It is, but you will have to brute force the offset, and this makes it less practical in most softwares.
@adamkadaban 3 жыл бұрын
@@omerreich1926 def don't _have_ to bruteforce it. You can find it in gdb
@adamkadaban Жыл бұрын
@@oppenheimer11 I have a GitHub repo called Adamkadaban/LearnPwn Look in the canary folder. it details a challenge that leaks a stack canary using a format string vulnerability and does so in a procedural way
@adamkadaban Жыл бұрын
@@oppenheimer11 the 3rd one. feel free to dm me on twitter if you need any help
@sorrefly 3 жыл бұрын
what about changing the secret in the stack to a custom value using %n
@James-wg2qm 4 жыл бұрын
nice Shirt :) Gauntlet
@vaibhavanand470 5 жыл бұрын
what if we are just given the binary and not the source code? example: this challenge backdoor.sdslabs.co/challenges/weekly-1-3
@houba1263 4 жыл бұрын
how can i get the flag when im not connected to the server i have to use pwn tools?
Я ОТ САКЕ
Рет қаралды 1,3 МЛН
Я ОТ САКЕ
Рет қаралды 1,5 МЛН
عائلة ابو رعد Abo Raad family
Рет қаралды 17 МЛН
John Hammond
Рет қаралды 14 М.
John Hammond
Рет қаралды 19 М.
LiveOverflow
Рет қаралды 37 М.