PIE and Canary bypass with Format String - pwn107 - PWN101

PIE and Canary bypass with Format String - pwn107 - PWN101 | TryHackMe

Рет қаралды 5,930

Күн бұрын

Пікірлер: 43

@yuma6089 2 жыл бұрын

Another awesome walkthrough!! This video series is one of the most professional I have ever seen...truly impressive! Thank you again for investing your time for our benefit.

@RazviOverflow 2 жыл бұрын

Thank you! I appreciate your words.

@marcovalentinoalvarado3290 2 жыл бұрын

Completely agreed. I have met few people who are capable of tackling such a complicated subject! Really high quality content right here!

@RazviOverflow 2 жыл бұрын

@@marcovalentinoalvarado3290 Thank you!

@timlavi1418 Ай бұрын

I have a problem, I just downloaded the binary from THM. But there is no __libc_csu? the value is just 0 when printing it out Anybody got this problem?

@katchen2626 5 ай бұрын

Man these are great! Please make more.

@RazviOverflow 5 ай бұрын

Thank you :)

@danielcmihai 2 жыл бұрын

As always, great job mate :).

@RazviOverflow 2 жыл бұрын

Thank you for your support :)

@rgb123-jm5mc 4 ай бұрын

thank you so much once again, I've been doing 1-2 of the PWN101 tasks per day. By the way what would you rate the difficulty of pwn108, pwn109, and pwn110?

@RazviOverflow 4 ай бұрын

You are welcome :) Difficulty is something very hard to estimate. It is relative and subject to each one of us. However, I can tell you they're harder than a simple BOF. Specially pwn107, that requires you to know and understand what GOT and PLT are, and how do they work. (I have a video on that topic as well).

@timlavi1418 Ай бұрын

Great video

@RazviOverflow Ай бұрын

Thank you :)

@b-chri 2 жыл бұрын

wow you deserve a lot more subscribers and views

@RazviOverflow 2 жыл бұрын

Thank you

@r4d1calwr4th7 2 жыл бұрын

Awstruck i am bro, u r truly legend.

@RazviOverflow 2 жыл бұрын

Thanks :) Glad you like the video.

@justinalexander9673 2 ай бұрын

really good video, i don't know if you will answer but some weird things happened to me, the first thing is that when debugging the binary locally I couldn't find the libc library using radare2 in its place was another gnu lib, but i still tried the exploit remotely and I seem to find the libc but what I don't really understand is why the position of the libc was in the 14 place so my payload was like this: "%14$lX.%13$lX", the 13 is the canary but it doesn't make sense, because i've learn from you that the canary is before the rbp and the 14 place should be the rbp not the libc. (sorry for the long comment )

@neverclick6520 Ай бұрын

i have the same issue too, how can u exploit it locally?

@RazviOverflow Ай бұрын

The canary is always "before" the rbp, yes. "Before" in this context means at a lower memory address. If rbp is at, for example, 0x400, the canary is at 0x400-8

@neverclick6520 Ай бұрын

@@RazviOverflow sorry for bothering the conversation, but why when i debug it locally, using radare2 or gdb, but there is no __libc_csu? the value is just 0, why happening?

@RazviOverflow Ай бұрын

@@neverclick6520 if you are using the same binary as I did in the video, there should definitely be a __csu.

@neverclick6520 Ай бұрын

@@RazviOverflow when i tried i locally there's no a __csu, the value of %10 is 0, but when i tried it remotely, it have a value on the %10 address, im use the binary that tryhackme given, so thats why im not understand what happening