12:07 For those starting out in gdb, as I am: I believe what he was looking for there was x/500b (or x/500xb). It was already printing in xw (hex, word) mode, so x/500 (i.e. x/500xw) gave the *hex* of the 500 *words* at that address. b = byte h = half-byte (2 bytes) w = word (4 bytes) g = giant word (8 bytes) 👍 13:18 or, as Scooby would say, the "ROPportunities" 😜

28:25 I'm just like* why not sh(), but I was too hasty, great work john💖

Awesome as always my friend.

Currently on my binary exploitation journey and this was engaging!! Thank you John

hey john, have you tried using the command cyclic to find the padding size for your buffer? I would recommend that if you need to find the length quicker for easier calculations. Overall a great video, and keep up the good work!

In early today, was awesome seeing you at the Ninja one summit!

There he is!

JOHN!!!!!! I don't really understand what you did.. but you talking us through this challenge is inspiring.. This must be what my employers think when I'm explaining things to them haha.. Love you man!! Keep doing this because I'm going to be here to watch and listen... Maybe stay away from binary bruv :)

Thank you for the awesome and educational video, John. I have a question that you or maybe someone else could answer (and I'll post it elsewhere too) Considering the stack was exectuable, could you not have done the following instead of using ROP? 1. Load the shellcode for "cat flag.txt" in your initial input instead of the 500 'C' bytes 2. For your injected return address after the buffer of 'A' bytes, simply put the address (in the stack) of the shellcode you just injected Maybe I'm missing something, but assuming that ASLR isn't enabled since you were able to discern the address of the jump instruction, you could know the address in memory of the stack location you pushed your initial input to in the first place. Maybe I'm not making any sense, but thank you again.

Okay, this one was really freaking cool

Hey Hey My. Hammond! Excuse any typos as I am barely awake right now. But I just wanted to ask if you knew any good reverse engineering/binary exploitation books/e-books out there. Or the best youtubers that showcase, explain, and demonstrate how binary exploit/reverse exploit works. As I have focused far more on web exploit like XSS, SSRF, LFI etc... Thanks again as always for all the educational content and hope you continue being an inspiration!! Thanks!!

This was really interesting!

I don't get it why the stack canary is not accusing *** stack smashing detected *** when you overflow the buffer, canary and the return address. Did I miss something?

NICE!~ANOTHER VIDEO LETS GO JOHN!

omg this is fuckin cool, i love it

What is 16 bytes of nop for ? At first, I didn't use any nop instructions before the shell code and it failed. After that i tried adding 2 bytes of nop and it worked miraculously. Does it have anything to do with stack alignment ?

Cool, now i know that there is a Bird in my (HayStack). Nice. :)

This video is just great ! How do you write a python script to solve this challenge ?

Sir i am getting problems in Forensics last one left in 300 pts and one 400 pts

Your Rop-Fu is strong.

Pardon my noob question but I would like to know if this exploit will work if we replace the "A" with a NOP sled.. It would automatically enter the buffer then. Would it not? We wouldn't need the short jump then

how did you automatically know to jmp 10 bytes forward?

Hmmmmm..i have no idea what's going on but it looks very interesting! And who are you talking to? LOL

When the Solfire challenge?

How did you overwrite the EIP pointer if the executable is Canary-Protected??

Make video on cryptography 😍

Hi, I enjoy your content but lately you've been having issues with audio. Please, can you normalize audio before you upload the video? For example, this video sound levels are so low that in order to listen to it I had to put volume to 100% and put even +12dB gain on my external mixer... when youtube played an ad in the middle of the video, it almost made me deaf... :-( just FYI: for example I listen to movies on Netflix or videos on other KZbin channels on 25-40% volume (usually no more than 50%)...

interesting!

👍

Wos1,2,3?

hey, can you tell me what does the short jump do and why do we need it in this case ?

Hi

Ret vlu Designer explain powerful

Binck mins root madal Bank "credit card"filles ?

Atti. Time files?

John lon please

i dont understand, why do the most interesting videos you post have get the least amount of views!

Please assembly code file's

Str

Why he took \xeb\x08

Dword ptr this fu ?

Emi lon please request 🎄🎁 give me lon please request

Ohh my god how do you do that @john 🫣 To hard for me to understand 😅🤣

How did you overwrite the EIP pointer if the executable is Canary-Protected??