First Exploit! Buffer Overflow with Shellcode - bin 0x0E
267,703
Published 2016-02-03
Run into some problems (illegal instruction): www.reddit.com/r/LiveOverflow/comments/54o705/founβ¦
Stack Level 5: exploit.education/protostar/stack-five/
=[ π΄ Stuff I use ]=
β Microphone:* geni.us/ntg3b
β Graphics tablet:* geni.us/wacom-intuos
β Camera#1 for streaming:* geni.us/sony-camera
β Lens for streaming:* geni.us/sony-lense
β Connect Camera#1 to PC:* geni.us/cam-link
β Keyboard:* geni.us/mech-keyboard
β Old Microphone:* geni.us/mic-at2020usb
US Store Front:* www.amazon.com/shop/liveoverflow
=[ β€οΈ Support ]=
β per Video: www.patreon.com/join/liveoverflow
β per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
=[ π Social ]=
β Twitter: twitter.com/LiveOverflow/
β Website: liveoverflow.com/
β Subreddit: www.reddit.com/r/LiveOverflow/
β Facebook: www.facebook.com/LiveOverflow/
=[ π P.S. ]=
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
#BufferOverflow #BinaryExploitation #Shellcode
All Comments (21)
-
This guy is one of those guys I listen to in normal speed
-
My left ear is jealous
-
Instructions unclear, ran out of wizard hats!
-
Hahaha you just broke my brain with the NOP Slide vine and the comment: "Riiight, a NOP-Slide." It's like you injected an INT3 into my brain's stack. I can't process stuff anymore. Perfect comedic timing, Hahaha
-
This was a great intro to buffer overflows. It was a bit little challenging to get working on modern 64bit Linux system, but finally figured it out. It would be really cool to see an updated video on this. Keep up the good work man!
-
This episode was pretty hard for me. I always firstly watch episode and make notes, and after that I try it for myself. I had big difficulties executing shellcode outside gdb, after like 1h putting it on different positions, I had finally got it work by making more nops and picking deeper address. What a nice feeling when it finally put me in root privileges.
-
Holy crap, took me 2 tries (messed up my nop slide) but the feeling when I typed "whoami" > root was SO worth it! Thanks man, thanks a lot.
-
Wow, Iβve been following your channel for quite a while and just stumbled upon this vid now. Have to say this is a great companion for my current course in x86 asm since the content ties everything I learned so far together and from a very practical POV too. Thanks for the great content as always!
-
These videos have helped me so much! The visuals really helped me visualize the stack better and understand where and why esp, ebp, and eip were located on the stack
-
That last 30 seconds is very tricky/clever. Thanks for including it. I would have been stuck for a long time... :)
-
Just a little reminder, at 8:18 he's adding 30 as a decimal value to the address. I was wondering why I still got an 'illegal instruction' message, until I checked in dbg only to see that it added 30 as a decimal value and not as hex. This resulted in my offset being to small and not hitting in the NOPs. Using 'eip = struct.pack("I", <address> + 0x30)' resolved this issue and I got the 'Trace/breakpoint trap'. When you get your head around this stuff it's really fascinating. Thanks for the great videos!
-
As you mentioned, the stack can be unreliable, and even though you use "unset env" in gdb, you can have some trouble. You can use set exec-wrapper in gdb to ensure that the program run with env -i. (gdb) set exec-wrapper /usr/bin/env -i Thanks a lot for all your work, I'm learning a lot.
-
Thanks for your tutorial sir, I was able to do my first buffer overflow with shellcode execution. It feels so satisfying
-
@10:55 you absolute legend, that's same thing has been stumping me for weeks. I tried similar commands but didn't think of putting in brackets. Thanks!
-
I think I just fried my brain, this was so intense for me, but I got it working in the end, so worth!
-
I was shocked that my left speakers stopped working after hearing your intro. Damn they are my new ones :O
-
After watching this i have been discouraged to want to learn about computers. This intimidated the shit out of me, the level of understanding and knowledge you guys have is incredible!
-
Seriously these are some of the best instruction vids!
-
I like your pronunciation is very clear to understand and how you explain is awesome.
-
0:56 so do i put on two wizard's hats?