Writing a Simple Buffer Overflow Exploit

Рет қаралды 145,638

LiveOverflow

Күн бұрын

Пікірлер: 121

@YdenPL 4 жыл бұрын

If he streamed this instead... It'd be a... Live Overflow *ba dum tss*

@coffeedata7107 4 жыл бұрын

ಠ_ಠ

@KangJangkrik 3 жыл бұрын

Darn... spilled coffee again (oh the coffee is quite overflow btw)

@capkenway 4 жыл бұрын

"Simple" Buffer Overflow

@Zooiest 4 жыл бұрын

ikr

@krztix 4 жыл бұрын

that's what i was thinking, am i really that bad? haha

@user255 4 жыл бұрын

It is simple and too simple to work on out of the box Ubuntu.

@m3mory_leak344 3 жыл бұрын

You're just bad

@0xc0ffee_ 4 жыл бұрын

2014: Really professional and rare videos 2019: 10:43 Please don't stop! We're loving the new LiveOverflow

@suicidalkatt 4 жыл бұрын

IDK what you mean, that was just a randomly generated pattern, created professionally.

@xXLanyuzAnlunXx 4 жыл бұрын

that statement is debatable

@SaeedAlFalasi 4 жыл бұрын

Lmao omg why didnt I ever think of this there I was using metasploit to generate a pattern

@tobiasgorgen7592 4 жыл бұрын

10:43? I present to you 15:55

@chezz444 4 жыл бұрын

Just a small note, at 17:45, the syntax "string[a:b]" isn't a list comprehension but is instead string slicing; a list comprehension is instead the syntax "[f(x) for x in iter]".

@laterz8260 4 жыл бұрын

wgat

@otesunki 3 жыл бұрын

@@laterz8260 learn python you bootleg potato

@ari_archer 2 жыл бұрын

@@laterz8260 a list complrehention like for example `hello = [x for x in range(10)]` is basically a compact version of: hello: list[int] = [] for x in range(10): hello.append(x) and string slicing (as an example `"hello world"[1:-1]` will slice characters, like remove, modify them: removing: >>> "hello world"[1:-1] 'ello worl' modifying: >>> "hello world"[::-1] 'dlrow olleh' You can read more about both in the python documentation and on the internet

@mrocto329 2 жыл бұрын

@@laterz8260 list comprehension is basically like how you define sets in maths. E.g. in maths you'd do {(a, b, c) | c^2 = a^2 + b^2 and a, b, c \in Z} to get all pythagorean triples. This notation is easy to read and work with, so python and some other languages added it.

@therudolfgaming4631 4 жыл бұрын

I was giving a presentation on Buffer Overflows just as this video released! The timing when the notification popped on screen was just perfect hahaha

@EchoXIIIGO 4 жыл бұрын

Yeet

@solveit1304 4 жыл бұрын

I wish myself that when December is over LiveOverflow still uploading videos daily...

@almightyhydra 4 жыл бұрын

Why does two %p leak the input buffer address, I wonder. Also, how do you need to change the method if working in a telnet to a remote server where you can't use gdb?

@klightspeed 4 жыл бұрын

For the executable shellcode on the stack to work (i.e. not using return oriented programming), you'd have to have an executable stack, which means W^X would need to be disabled.

@gwg 4 жыл бұрын

At 0:33, you say to use ``apt-get install socat``. The apt command without the "-get" is like apt-get, but designed for use for humans. It has color coding and fancy progress bars and looks better on your terminal. Do ``apt install socat`` instead. See askubuntu.com/questions/445384/what-is-the-difference-between-apt-and-apt-get

@happygimp0 4 жыл бұрын

And less to type.

@tafama 4 жыл бұрын

Can you give a link about that geohot ctf you talked in the video?

@tr909love 2 жыл бұрын

Why don't you fucking hack the latest ps4 firmware ffs ?

@myczxr 2 жыл бұрын

i just interested in these kind of things, so i have no idea what all these mean, but i'll be back in a few with a more thorough understanding. wish me luck

@delphicdescant 4 жыл бұрын

You've always put out such good content, and I love it, but despite that, I've never understood how this channel gets so many views, since this subject isn't exactly aimed at a general audience. Are there way more people out there doing security stuff than I think, or are there lots of people who watch without really having a reason to do so?

@SFDeku 4 жыл бұрын

I see a lot of programmers or devops staff in real life recommending me this channel who are not that much into security.

@ME0WMERE Жыл бұрын

I don't do security, but I watch these videos because they're interesting you underestimate how much computer-related stuff nerds will watch

@SourceCodeDeleted 4 жыл бұрын

PWNIE Racing is AWESOME!!!

@ZetaTwo 4 жыл бұрын

@EvilSapphireR 4 жыл бұрын

I love LiveOverFlow not only because of his amazing content, but because he always points me to other marvellous KZbinrs. He introduced me to OAlabs before, and now yet another awesome KZbin channel to expand my knowledge!

@ssfdf7751 2 жыл бұрын

10:44 msf-create_pattern -l 150

@JacquesBoscq 4 жыл бұрын

17:04 "Anyways let's execute this. Anyways let's execute this"... First try / no debugging, really? -_-

@kavandsl1942 4 жыл бұрын

More likely to be a necessary edit to maintain quality of video (maybe he sneezed immediately after or something and just did a quick retake of the shot). It's far less likely that he was disingenuous as the code was not altered and anyone can really follow along to replicate the steps themselves.

@kavandsl1942 4 жыл бұрын

also- this would of been a great opportunity for a cliche matrix glitch joke!

@chrono0097 4 жыл бұрын

Sometimes you reach a point where you can code something and expect it to work first try, it happens to me, and happends to a lot of programmers

@groowy 4 жыл бұрын

little tip for script kiddies that just headlessly downloaded files form the gist, executed it and don't know why it doesn't work the gcc outputs file called "cap" but the socat wants to execute file called "caf" so guess what you have to do :) I'm sorry if this was intentional and I've ruined the fun

@PeetHobby 2 жыл бұрын

He got it at the first try, after ten practice rounds and prepared a program for the video. :D

@nin10dorox 4 жыл бұрын

All the stuff where you're looking at the disassembled code and reading which bytes the buffer took up, real hackers can't do that right? If you're attacking over the internet, will you be able to do the same thing? Is it even possible to carry out this attack if you can't do those steps?

@channel-yx1gt 2 жыл бұрын

13:25 "we should CC what it does"

@drw0if 4 жыл бұрын

Why don't you use pwnlib instead of struct, socket and telnet? It should be easier!

@sniGGandBaShoR 3 жыл бұрын

Hey I like your videos! Subscribed =) Did you find your bachelor and masters usefull? Or would you say somebody without a degree (maybe just apprenticeship, and general really good software engineer) has a can get a job in the field as a security engineer / ethical hacking ?

@diarykeeper 4 жыл бұрын

A 1337 port, huh ? Well done instruction. Any reason for why you prefer unix ?

@kangalio 4 жыл бұрын

I'm noticing that since you started pumping videos out daily, those videos also changed in their topics. They're much more beginner-oriented now and are often even a bit clickbaity. I do hope we will see some more advanced videos of you soon, in the same animated style as back then (that was fantastic!), like you used to do. That would make many of your old fans happy

@EvilSapphireR 4 жыл бұрын

I doubt a format string exploit on a live executable is completely 'novice oriented'.

@kangalio 4 жыл бұрын

@@EvilSapphireR okay I realize that word was exaggerating it a bit. I edited it out

@aidancollins1591 4 жыл бұрын

@@kangalio He's creating a video a day, they can't be too complicated to create. He's also accumulated many new subscribers recently. I'm sure once he gets back to his normal routine, we will start seeing his more complicated videos again (the video he did recently with that Google researcher was pretty complicated).

@LiveOverflow 4 жыл бұрын

Even during this special time I released a regular video. Checkout the iOS jailbreak video about the sockpuppet vuln.

@zyrohnmng 4 жыл бұрын

@@LiveOverflow Idk how it would affect views, but consider adding a difficulty level to the videos? [basics] [intermediate] etc... Either way, awesome content :)

@waplet 4 жыл бұрын

These two videos were like "Memento"

@maddelasaikarthik7563 4 жыл бұрын

you are on fire , keep it going

@loppuun4928 4 жыл бұрын

the best way to make a comment is not to be the 14th post in the comment section

@Cochise85 4 жыл бұрын

As a noob ... Is he targeting his own OS or another VM/host ?

@sumitlahiri209 4 жыл бұрын

@LiveOverflow Thanks to your videos and constantly inspiring us to learn new things. I was able to reverse engineer a feature in WhatsApp. Thanks again for all the videos you have made. They are just awesome.

@d1rtyharry378 4 жыл бұрын

Notification squad✊

@toidihack8151 4 жыл бұрын

I just love you make more video about create hacking python programs :)))

@kevinalexander4959 4 жыл бұрын

This guy looks a lot like Michael Cera

@beron_the_colossus 4 жыл бұрын

14:43, I can't believe you've done this

@StarliskJanova 4 жыл бұрын

Is this a demonstration of the bleeding server error that was on the news for a while back ?

@shinixshuxd9949 4 жыл бұрын

I thought this is simple buffet overflow!

@markopekovic2417 4 жыл бұрын

while "14:44 ~ 14:45" == true

@gyroninjamodder 4 жыл бұрын

Python 2 will reach its EOL in two weeks. You should not be teaching people to use software that is no longer maintained. Python 3 came out over a decade ago. Get with the times.

@LiveOverflow 4 жыл бұрын

Yolo

@yurandeveloper6958 4 жыл бұрын

LiveOverflow dinosaur... Lol

@adi331 4 жыл бұрын

python2 is still good.

@gyroninjamodder 4 жыл бұрын

@@adi331 Not, for a tutorial meant to be watched in the future. In these upcoming months Linux distros will start to remove python 2 from the package repositories.

@adi331 4 жыл бұрын

really , are you sure about that ?

@quantum4691 4 жыл бұрын

How the shell(shell code) connects to you? Over telnet?

@georgehammond867 4 жыл бұрын

very nice [while loop], keep Up the good work

@chiabobo 4 жыл бұрын

Cool video as always! Thanks for the detailed explanations!

@rishi905 4 жыл бұрын

It's really awesome man

@aryangupta7414 4 жыл бұрын

Dont remember C or C++ but learnt python can we make same exploit in any language?

@MissionFailed2 4 жыл бұрын

Yes. You can do it by hand even. The point is to send a specially crafted string to the server. That's it.

@bumblybeenard 4 жыл бұрын

Good video! Very informative!

@eagle772 3 жыл бұрын

What’s the best IDE to use?

@Ootskullkid 4 жыл бұрын

Just realized that socat is listening in on port "leet" lol

@rusirumunasingha2234 3 жыл бұрын

Loving the new vids! Keep them coming!

@luecu 3 жыл бұрын

why the +8?

@waplet 4 жыл бұрын

Bam!

@gwnbw 4 жыл бұрын

Haha love the thumbnail thats my face when I RE

@Laurent1110 4 жыл бұрын

This is great! I was looking for a way to make the challenges I made accessible easily over the network. I havent thought about using socat but I'll try this next time! You've used Python2 in this video, but what is exactly the problematic with Python3? Is it just that the conversions are annoying ?

@p0n-pompf 4 жыл бұрын

@Gareth Ma there is a version of pwntools for python3 as well

@ZetaTwo 4 жыл бұрын

@Gareth Ma Pwntools for Python 3 is still beta but I have been running it for the past year without problems. Only minor inconveniences but totally usable.

@R0-B1t 4 жыл бұрын

What mouse do you use?

@abhaasgoyal1376 4 жыл бұрын

Nice one

@berrabe3917 4 жыл бұрын

can you explain what is stack and offset

@happygimp0 4 жыл бұрын

en.wikipedia.org/wiki/Stack_%28abstract_data_type%29 The stack is mainly used for return addresses (to go back to the next instruction after a function call) and local variables.

@viniciusVS8v 4 жыл бұрын

"Simple"

@DynoosHD 4 жыл бұрын

how would a fix of the server programm look like?

@nikiibarbaro 4 жыл бұрын

Don't use gets function

@DynoosHD 4 жыл бұрын

@@nikiibarbaro and use instead?

@nikiibarbaro 4 жыл бұрын

DynoosHD fgets because you can set the length of the string which will be handled

@DynoosHD 4 жыл бұрын

@@nikiibarbaro so here: fgets(buf, 256, sdtin); in line 17 would do the trick?

@nikiibarbaro 4 жыл бұрын

DynoosHD I think yes

@lior_haddad 4 жыл бұрын

@Zooiest 4 жыл бұрын

@coffeedata7107 4 жыл бұрын

@CameronNoakes 4 жыл бұрын

Calle! I follow him on twitter and didnt even know he had a YT. Hes got 3 degrees and is head of security, insane! I knew it was him not from his name but from his profile pic.

@SWonYT 4 жыл бұрын

Of the years that I've been watching this channel, I just noticed that your new logo sequence is an animated buffer overflow attack

@SWonYT 4 жыл бұрын

Then it dynamically allocates the memory to fix it

@SWonYT 4 жыл бұрын

This is EXACTLY what I needed!! Thank you!!! If anyone sees this that knows of any undergraduate minority male scholarships, please let me know!!!

@realityveil6151 4 жыл бұрын

Please dont act like an obnoxious hacker. You start out doing it ironically but next thing you know you can't stop and what was once ironic and funny just became what you do. Just lile me and yeet. I started saying it to annoy my friends and be ironic, but now I just say It as part of my vocabulary. Don't let this happen to you.

@omran.alshehabi 4 жыл бұрын

You're amazing dude ✌🏻

@p1nkfreud 4 жыл бұрын

And a new generation of $criptkiddies is spawned...here, I'll even help: slight modifications of this will work on "private VPN servers" which are usually emulated VMs, with a little ingenuity you can gain server root

@privateger 4 жыл бұрын

What?