![Linked List Exploit Continued - GOT Overwrite - "Links 2+3" Pwn Challenge [ImaginaryCTF]](https://1a-1791.com/video/s8/1/V/Z/T/A/VZTAh.qR4e-small-Linked-List-Exploit-Continu.jpg)
Linked List Exploit Continued - GOT Overwrite - "Links 2+3" Pwn Challenge [ImaginaryCTF]
"Links 2" (Pwn) challenge from ImaginaryCTF (iCTF) 27/06/22 - "It turns out that there was a bug in how I was handling writing some elements, so I've fixed that. Also, I've stopped putting the flag in a global variable, because that's probably not a good idea. Double check my implementation one more time for me?". In this challenge we'll use Ghidra, GDB-PwnDbg and PwnTools to exploit a vulnerable custom LinkedList implementation by overwriting an global offset table GOT entry to point system(), so we can get a shell.
"Links 3" (Pwn) challenge from ImaginaryCTF (iCTF) 30/06/22 - "And now you guys are exploiting my View Time feature that I put there solely for your convenience? Fine, then - no more time for you!". This challenge has no view_time() function, so we lose the system() call. However, we can leak an arbitrary function from the GOT and use the Lib-C database to find the correct offsets (ret2libc). Hope you enjoy 🙂 #CTF #iCTF #ImaginaryCTF #Pwn #BinaryExploitation
Write-ups: https://github.com/Crypto-Cat/CTF/tree/main/ctf_events/ictf/pwn/links
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢ImaginaryCTF↣
https://imaginaryctf.org
https://twitter.com/imaginaryctf
https://discord.gg/9r8AJQkfs3
↢Video-Specific Resources↣
https://libc.blukat.me
https://libc.rip
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Links 1 Recap: 0:30
Reviewing Heap Layout in GDB-PwnDbg: 3:25
Keeping the Heap intact: 7:45
Links 2 Attack Plan: 11:55
Overwriting the GOT: 16:48
Stack Alignment: 20:08
Solution (leak system): 23:27
Links 3 (leak another lib-c function): 28:08
Recap: 33:27
End: 34:29
-
2:34:30
Red Pill News
5 hours agoBoomerang Time - DOJ Investigating BLM Fraud on Red Pill News Live
30.2K10 -
1:46:14
Roseanne Barr
5 hours ago“The Over Emotional Are Always Under Informed” | The Roseanne Barr Podcast #121
70.9K44 -
3:24:28
Nerdrotic
7 hours ago $9.50 earnedThe WitcHER DOA | Box Office Massacre | Massive Industry Layoffs - Friday Night Tights 378
39.3K7 -
14:54
IsaacButterfield
15 hours ago $3.48 earnedShe Called Out “Creepy Men It Didn’t End Well
20.7K43 -
11:43:21
LFA TV
23 hours agoLIVE & BREAKING NEWS! | FRIDAY 10/31/25
187K46 -
1:08:42
vivafrei
5 hours agoEric Swalwell in Trouble Again? RFK Jr. "Reverses Course" on Tylenol & Autism? Arctic Frost & MORE!
80.8K35 -
1:19:51
DeVory Darkins
7 hours agoNewsom EXPOSED after latest bombshell and Democrats pulls shocking stunt regarding shutdown
79.2K37 -
25:29
Stephen Gardner
6 hours ago💣 Trump White House UNEXPECTED Move + Thune DESTROYS Schumer on Senate Floor!!
35.5K32 -
3:31:15
Drew Hernandez
17 hours agoSPOOKY WOKE HAG CALLS FOR DEMS TO EMBRACE CELEBRATING EXECUTION OF CHARLIE KIRK?!
21.5K14 -
![MAHA News [10.31] - HHS Coup, Big Food Documentary, SNAP Scams, Microplastic Solutions](https://1a-1791.com/video/fwe2/d9/s8/1/w/q/m/v/wqmvz.0kob-small-MAHA-News-10.31.jpg)
1:28:13
Badlands Media
18 hours agoMAHA News [10.31] - HHS Coup, Big Food Documentary, SNAP Scams, Microplastic Solutions
28.9K11