If he streamed this instead... It'd be a... Live Overflow *ba dum tss*
@coffeedata71074 жыл бұрын
ಠ_ಠ
@KangJangkrik3 жыл бұрын
Darn... spilled coffee again (oh the coffee is quite overflow btw)
@capkenway4 жыл бұрын
"Simple" Buffer Overflow
@Zooiest4 жыл бұрын
ikr
@krztix4 жыл бұрын
that's what i was thinking, am i really that bad? haha
@user2554 жыл бұрын
It is simple and too simple to work on out of the box Ubuntu.
@m3mory_leak3443 жыл бұрын
You're just bad
@0xc0ffee_4 жыл бұрын
2014: Really professional and rare videos 2019: 10:43 Please don't stop! We're loving the new LiveOverflow
@suicidalkatt4 жыл бұрын
IDK what you mean, that was just a randomly generated pattern, created professionally.
@xXLanyuzAnlunXx4 жыл бұрын
that statement is debatable
@SaeedAlFalasi4 жыл бұрын
Lmao omg why didnt I ever think of this there I was using metasploit to generate a pattern
@tobiasgorgen75924 жыл бұрын
10:43? I present to you 15:55
@chezz4444 жыл бұрын
Just a small note, at 17:45, the syntax "string[a:b]" isn't a list comprehension but is instead string slicing; a list comprehension is instead the syntax "[f(x) for x in iter]".
@laterz82604 жыл бұрын
wgat
@otesunki3 жыл бұрын
@@laterz8260 learn python you bootleg potato
@ari_archer2 жыл бұрын
@@laterz8260 a list complrehention like for example `hello = [x for x in range(10)]` is basically a compact version of: hello: list[int] = [] for x in range(10): hello.append(x) and string slicing (as an example `"hello world"[1:-1]` will slice characters, like remove, modify them: removing: >>> "hello world"[1:-1] 'ello worl' modifying: >>> "hello world"[::-1] 'dlrow olleh' You can read more about both in the python documentation and on the internet
@mrocto3292 жыл бұрын
@@laterz8260 list comprehension is basically like how you define sets in maths. E.g. in maths you'd do {(a, b, c) | c^2 = a^2 + b^2 and a, b, c \in Z} to get all pythagorean triples. This notation is easy to read and work with, so python and some other languages added it.
@therudolfgaming46314 жыл бұрын
I was giving a presentation on Buffer Overflows just as this video released! The timing when the notification popped on screen was just perfect hahaha
@EchoXIIIGO4 жыл бұрын
Yeet
@solveit13044 жыл бұрын
I wish myself that when December is over LiveOverflow still uploading videos daily...
@almightyhydra4 жыл бұрын
Why does two %p leak the input buffer address, I wonder. Also, how do you need to change the method if working in a telnet to a remote server where you can't use gdb?
@klightspeed4 жыл бұрын
For the executable shellcode on the stack to work (i.e. not using return oriented programming), you'd have to have an executable stack, which means W^X would need to be disabled.
@gwg4 жыл бұрын
At 0:33, you say to use ``apt-get install socat``. The apt command without the "-get" is like apt-get, but designed for use for humans. It has color coding and fancy progress bars and looks better on your terminal. Do ``apt install socat`` instead. See askubuntu.com/questions/445384/what-is-the-difference-between-apt-and-apt-get
@happygimp04 жыл бұрын
And less to type.
@tafama4 жыл бұрын
Can you give a link about that geohot ctf you talked in the video?
@tr909love2 жыл бұрын
Why don't you fucking hack the latest ps4 firmware ffs ?
@myczxr2 жыл бұрын
i just interested in these kind of things, so i have no idea what all these mean, but i'll be back in a few with a more thorough understanding. wish me luck
@delphicdescant4 жыл бұрын
You've always put out such good content, and I love it, but despite that, I've never understood how this channel gets so many views, since this subject isn't exactly aimed at a general audience. Are there way more people out there doing security stuff than I think, or are there lots of people who watch without really having a reason to do so?
@SFDeku4 жыл бұрын
I see a lot of programmers or devops staff in real life recommending me this channel who are not that much into security.
@ME0WMERE Жыл бұрын
I don't do security, but I watch these videos because they're interesting you underestimate how much computer-related stuff nerds will watch
@SourceCodeDeleted4 жыл бұрын
PWNIE Racing is AWESOME!!!
@ZetaTwo4 жыл бұрын
:D
@EvilSapphireR4 жыл бұрын
I love LiveOverFlow not only because of his amazing content, but because he always points me to other marvellous KZbinrs. He introduced me to OAlabs before, and now yet another awesome KZbin channel to expand my knowledge!
@ssfdf77512 жыл бұрын
10:44 msf-create_pattern -l 150
@JacquesBoscq4 жыл бұрын
17:04 "Anyways let's execute this. Anyways let's execute this"... First try / no debugging, really? -_-
@kavandsl19424 жыл бұрын
More likely to be a necessary edit to maintain quality of video (maybe he sneezed immediately after or something and just did a quick retake of the shot). It's far less likely that he was disingenuous as the code was not altered and anyone can really follow along to replicate the steps themselves.
@kavandsl19424 жыл бұрын
also- this would of been a great opportunity for a cliche matrix glitch joke!
@chrono00974 жыл бұрын
Sometimes you reach a point where you can code something and expect it to work first try, it happens to me, and happends to a lot of programmers
@groowy4 жыл бұрын
little tip for script kiddies that just headlessly downloaded files form the gist, executed it and don't know why it doesn't work the gcc outputs file called "cap" but the socat wants to execute file called "caf" so guess what you have to do :) I'm sorry if this was intentional and I've ruined the fun
@PeetHobby2 жыл бұрын
He got it at the first try, after ten practice rounds and prepared a program for the video. :D
@nin10dorox4 жыл бұрын
All the stuff where you're looking at the disassembled code and reading which bytes the buffer took up, real hackers can't do that right? If you're attacking over the internet, will you be able to do the same thing? Is it even possible to carry out this attack if you can't do those steps?
@channel-yx1gt2 жыл бұрын
13:25 "we should CC what it does"
@drw0if4 жыл бұрын
Why don't you use pwnlib instead of struct, socket and telnet? It should be easier!
@sniGGandBaShoR3 жыл бұрын
Hey I like your videos! Subscribed =) Did you find your bachelor and masters usefull? Or would you say somebody without a degree (maybe just apprenticeship, and general really good software engineer) has a can get a job in the field as a security engineer / ethical hacking ?
@diarykeeper4 жыл бұрын
A 1337 port, huh ? Well done instruction. Any reason for why you prefer unix ?
@kangalio4 жыл бұрын
I'm noticing that since you started pumping videos out daily, those videos also changed in their topics. They're much more beginner-oriented now and are often even a bit clickbaity. I do hope we will see some more advanced videos of you soon, in the same animated style as back then (that was fantastic!), like you used to do. That would make many of your old fans happy
@EvilSapphireR4 жыл бұрын
I doubt a format string exploit on a live executable is completely 'novice oriented'.
@kangalio4 жыл бұрын
@@EvilSapphireR okay I realize that word was exaggerating it a bit. I edited it out
@aidancollins15914 жыл бұрын
@@kangalio He's creating a video a day, they can't be too complicated to create. He's also accumulated many new subscribers recently. I'm sure once he gets back to his normal routine, we will start seeing his more complicated videos again (the video he did recently with that Google researcher was pretty complicated).
@LiveOverflow4 жыл бұрын
Even during this special time I released a regular video. Checkout the iOS jailbreak video about the sockpuppet vuln.
@zyrohnmng4 жыл бұрын
@@LiveOverflow Idk how it would affect views, but consider adding a difficulty level to the videos? [basics] [intermediate] etc... Either way, awesome content :)
@waplet4 жыл бұрын
These two videos were like "Memento"
@maddelasaikarthik75634 жыл бұрын
you are on fire , keep it going
@loppuun49284 жыл бұрын
the best way to make a comment is not to be the 14th post in the comment section
@Cochise854 жыл бұрын
As a noob ... Is he targeting his own OS or another VM/host ?
@sumitlahiri2094 жыл бұрын
@LiveOverflow Thanks to your videos and constantly inspiring us to learn new things. I was able to reverse engineer a feature in WhatsApp. Thanks again for all the videos you have made. They are just awesome.
@d1rtyharry3784 жыл бұрын
Notification squad✊
@toidihack81514 жыл бұрын
I just love you make more video about create hacking python programs :)))
@kevinalexander49594 жыл бұрын
This guy looks a lot like Michael Cera
@beron_the_colossus4 жыл бұрын
14:43, I can't believe you've done this
@StarliskJanova4 жыл бұрын
Is this a demonstration of the bleeding server error that was on the news for a while back ?
@shinixshuxd99494 жыл бұрын
I thought this is simple buffet overflow!
@markopekovic24174 жыл бұрын
while "14:44 ~ 14:45" == true
@gyroninjamodder4 жыл бұрын
Python 2 will reach its EOL in two weeks. You should not be teaching people to use software that is no longer maintained. Python 3 came out over a decade ago. Get with the times.
@LiveOverflow4 жыл бұрын
Yolo
@yurandeveloper69584 жыл бұрын
LiveOverflow dinosaur... Lol
@adi3314 жыл бұрын
python2 is still good.
@gyroninjamodder4 жыл бұрын
@@adi331 Not, for a tutorial meant to be watched in the future. In these upcoming months Linux distros will start to remove python 2 from the package repositories.
@adi3314 жыл бұрын
really , are you sure about that ?
@quantum46914 жыл бұрын
How the shell(shell code) connects to you? Over telnet?
@georgehammond8674 жыл бұрын
very nice [while loop], keep Up the good work
@chiabobo4 жыл бұрын
Cool video as always! Thanks for the detailed explanations!
@rishi9054 жыл бұрын
It's really awesome man
@aryangupta74144 жыл бұрын
Dont remember C or C++ but learnt python can we make same exploit in any language?
@MissionFailed24 жыл бұрын
Yes. You can do it by hand even. The point is to send a specially crafted string to the server. That's it.
@bumblybeenard4 жыл бұрын
Good video! Very informative!
@eagle7723 жыл бұрын
What’s the best IDE to use?
@Ootskullkid4 жыл бұрын
Just realized that socat is listening in on port "leet" lol
@rusirumunasingha22343 жыл бұрын
Loving the new vids! Keep them coming!
@luecu3 жыл бұрын
why the +8?
@waplet4 жыл бұрын
Bam!
@gwnbw4 жыл бұрын
Haha love the thumbnail thats my face when I RE
@Laurent11104 жыл бұрын
This is great! I was looking for a way to make the challenges I made accessible easily over the network. I havent thought about using socat but I'll try this next time! You've used Python2 in this video, but what is exactly the problematic with Python3? Is it just that the conversions are annoying ?
@p0n-pompf4 жыл бұрын
@Gareth Ma there is a version of pwntools for python3 as well
@ZetaTwo4 жыл бұрын
@Gareth Ma Pwntools for Python 3 is still beta but I have been running it for the past year without problems. Only minor inconveniences but totally usable.
@R0-B1t4 жыл бұрын
What mouse do you use?
@abhaasgoyal13764 жыл бұрын
Nice one
@berrabe39174 жыл бұрын
can you explain what is stack and offset
@happygimp04 жыл бұрын
en.wikipedia.org/wiki/Stack_%28abstract_data_type%29 The stack is mainly used for return addresses (to go back to the next instruction after a function call) and local variables.
@viniciusVS8v4 жыл бұрын
"Simple"
@DynoosHD4 жыл бұрын
how would a fix of the server programm look like?
@nikiibarbaro4 жыл бұрын
Don't use gets function
@DynoosHD4 жыл бұрын
@@nikiibarbaro and use instead?
@nikiibarbaro4 жыл бұрын
DynoosHD fgets because you can set the length of the string which will be handled
@DynoosHD4 жыл бұрын
@@nikiibarbaro so here: fgets(buf, 256, sdtin); in line 17 would do the trick?
@nikiibarbaro4 жыл бұрын
DynoosHD I think yes
@lior_haddad4 жыл бұрын
Hi
@Zooiest4 жыл бұрын
Hi
@coffeedata71074 жыл бұрын
Hi
@CameronNoakes4 жыл бұрын
Calle! I follow him on twitter and didnt even know he had a YT. Hes got 3 degrees and is head of security, insane! I knew it was him not from his name but from his profile pic.
@SWonYT4 жыл бұрын
Of the years that I've been watching this channel, I just noticed that your new logo sequence is an animated buffer overflow attack
@SWonYT4 жыл бұрын
Then it dynamically allocates the memory to fix it
@SWonYT4 жыл бұрын
This is EXACTLY what I needed!! Thank you!!! If anyone sees this that knows of any undergraduate minority male scholarships, please let me know!!!
@realityveil61514 жыл бұрын
Please dont act like an obnoxious hacker. You start out doing it ironically but next thing you know you can't stop and what was once ironic and funny just became what you do. Just lile me and yeet. I started saying it to annoy my friends and be ironic, but now I just say It as part of my vocabulary. Don't let this happen to you.
@omran.alshehabi4 жыл бұрын
You're amazing dude ✌🏻
@p1nkfreud4 жыл бұрын
And a new generation of $criptkiddies is spawned...here, I'll even help: slight modifications of this will work on "private VPN servers" which are usually emulated VMs, with a little ingenuity you can gain server root