First Exploit! Buffer Overflow with Shellcode - bin 0x0E

LiveOverflow
LiveOverflow
267,703
49
Published 2016-02-03
We write our first real exploit to get root access. Solving stack5 from exploit-exercises.com with a simple Buffer Overflow and shellcode.

Run into some problems (illegal instruction): www.reddit.com/r/LiveOverflow/comments/54o705/foun…
Stack Level 5: exploit.education/protostar/stack-five/

=[ πŸ”΄ Stuff I use ]=

β†’ Microphone:* geni.us/ntg3b
β†’ Graphics tablet:* geni.us/wacom-intuos
β†’ Camera#1 for streaming:* geni.us/sony-camera
β†’ Lens for streaming:* geni.us/sony-lense
β†’ Connect Camera#1 to PC:* geni.us/cam-link
β†’ Keyboard:* geni.us/mech-keyboard
β†’ Old Microphone:* geni.us/mic-at2020usb

US Store Front:* www.amazon.com/shop/liveoverflow

=[ ❀️ Support ]=

β†’ per Video: www.patreon.com/join/liveoverflow
β†’ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

=[ πŸ• Social ]=

β†’ Twitter: twitter.com/LiveOverflow/
β†’ Website: liveoverflow.com/
β†’ Subreddit: www.reddit.com/r/LiveOverflow/
β†’ Facebook: www.facebook.com/LiveOverflow/

=[ πŸ“„ P.S. ]=

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#BufferOverflow #BinaryExploitation #Shellcode
All Comments (21)
  • @L1Q
    Instructions unclear, ran out of wizard hats!
  • @boomfist
    Hahaha you just broke my brain with the NOP Slide vine and the comment: "Riiight, a NOP-Slide." It's like you injected an INT3 into my brain's stack. I can't process stuff anymore. Perfect comedic timing, Hahaha
  • @0x80O0oOverfl0w
    This was a great intro to buffer overflows. It was a bit little challenging to get working on modern 64bit Linux system, but finally figured it out. It would be really cool to see an updated video on this. Keep up the good work man!
  • @ChuZZZta
    This episode was pretty hard for me. I always firstly watch episode and make notes, and after that I try it for myself. I had big difficulties executing shellcode outside gdb, after like 1h putting it on different positions, I had finally got it work by making more nops and picking deeper address. What a nice feeling when it finally put me in root privileges.
  • @redgek
    Holy crap, took me 2 tries (messed up my nop slide) but the feeling when I typed "whoami" > root was SO worth it! Thanks man, thanks a lot.
  • @aaaaanh
    Wow, I’ve been following your channel for quite a while and just stumbled upon this vid now. Have to say this is a great companion for my current course in x86 asm since the content ties everything I learned so far together and from a very practical POV too. Thanks for the great content as always!
  • @SonicD007
    These videos have helped me so much! The visuals really helped me visualize the stack better and understand where and why esp, ebp, and eip were located on the stack
  • @JohnSmith-he5xg
    That last 30 seconds is very tricky/clever. Thanks for including it. I would have been stuck for a long time... :)
  • @MyTokyodrift
    Just a little reminder, at 8:18 he's adding 30 as a decimal value to the address. I was wondering why I still got an 'illegal instruction' message, until I checked in dbg only to see that it added 30 as a decimal value and not as hex. This resulted in my offset being to small and not hitting in the NOPs. Using 'eip = struct.pack("I", <address> + 0x30)' resolved this issue and I got the 'Trace/breakpoint trap'. When you get your head around this stuff it's really fascinating. Thanks for the great videos!
  • @MrEzork
    As you mentioned, the stack can be unreliable, and even though you use "unset env" in gdb, you can have some trouble. You can use set exec-wrapper in gdb to ensure that the program run with env -i. (gdb) set exec-wrapper /usr/bin/env -i Thanks a lot for all your work, I'm learning a lot.
  • @stevenaathan4894
    Thanks for your tutorial sir, I was able to do my first buffer overflow with shellcode execution. It feels so satisfying
  • @Escarii66
    @10:55 you absolute legend, that's same thing has been stumping me for weeks. I tried similar commands but didn't think of putting in brackets. Thanks!
  • @sweet-sinner
    I think I just fried my brain, this was so intense for me, but I got it working in the end, so worth!
  • @d1rtyharry378
    I was shocked that my left speakers stopped working after hearing your intro. Damn they are my new ones :O
  • @racoonrotary4113
    After watching this i have been discouraged to want to learn about computers. This intimidated the shit out of me, the level of understanding and knowledge you guys have is incredible!
  • @alegerminal
    I like your pronunciation is very clear to understand and how you explain is awesome.