Buffer Overflow with Shellcode Injection - Easy Register - [Intigriti 1337UP LIVE CTF 2022]
8,389
Published 2022-03-12
ā¢Social Mediaā£
Twitter: twitter.com/_CryptoCat
GitHub: github.com/Crypto-Cat
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: www.linkedin.com/in/cryptocat
Reddit: www.reddit.com/user/_CryptoCat23
YouTube: youtube.com/CryptoCat23
Twitch: www.twitch.tv/cryptocat23
ā¢Intigritiā£
ctftime.org/event/1597/
ctf.intigriti.io/
go.intigriti.com/discord
twitter.com/intigriti
ā¢Binary Exploitation / Reverse Engineeringā£
Pwn.College: pwn.college/
How2Heap: github.com/shellphish/how2heap
NightMare: guyinatuxedo.github.io/
Ir0nstone: ir0nstone.gitbook.io/notes/types/stack
PinkDraconian: Ā Ā Ā ā¢Ā PwnĀ ZeroĀ ToĀ HeroĀ Ā
More: github.com/Crypto-Cat/CTF#readme
ā¢Resourcesā£
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundation/volatility/wiki/Liā¦
PwnTools: github.com/Gallopsled/pwntools-tutorial
CyberChef: gchq.github.io/CyberChef
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentesting-methodology
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forensics
Decompile Code: www.decompiler.com/
Run Code: tio.run/
ā¢Chaptersā£
Start: 0:00
Basic File Checks: 0:36
Disassemble with Ghidra: 2:19
Identify RIP Offset with GDB-PwnDbg: 4:53
PwnTools Script (Shellcraft): 7:47
Debugging Exploits with GDB: 12:17
Test Payload on Remote Server: 15:10
End: 15:40
All Comments (18)
-
Really cool video! I also played the Intigriti 1337UP, it was my first ever ctf event. Already looking forward to the next one ahah
-
Nice explanation! Keep up the great work šš
-
Great, explained very clearly ššš
-
Thanks a ton, I am planning to take a eCPPT exam where BO will brobably be in place and your video just explains all the proccess in very clean way. Will for sure subscribe to you man)
-
Love the way you explain broā¤. I also took part in CTF but wasn't able to solve much. It was really difficult for me.
-
how can you chain the payload, does the padding have a fixed pattern like in the video?
-
Nice explanation bro. Did you tried other categories challenges like OSINT, Cloud or Mobile?
-
Very nice video! thanks! Can you please explain why you did the shellcraft.popad()? It's not very clear from the video. Also, what do you do when the binary is i386? this command only exists for shellcraft.amd.
-
Great video!, will you submit the solution of the web challenges?
-
good video ā¤ but what if the binary don't us about the stack buffer address what can we do in that situation and with no "jmp rsp" gadget
-
Please make a video with about installing pwn tools and shellcraft
-
I tried shellcode injection on a binary I tried using shellcraft but i kept on getting EOF I then eventually had to use the shellcode from where i got the sample binary Any reason why shellcraft didn't work or does it work always?
-
:yougotthis:
-
hey broļ¼is there any BBS(or telegram group...something like that)? I have lots of question to ask and I'm wonder if you could create a fan base or something so that guys can discuss problems(forgive my broken English...)
-
how to install ghidra_auto? and how can i get the pwntools script? I am new to pwn. Btw thank you for amazing videos.
-
How can I install ghidra_auto? can you share this script/Resource
-
damnš i missed the flag when i confused the leak address to be the base address of the binary and now i was subtracting some values to get to my nopsledšŖ