9: Overwriting Global Offset Table (GOT) Entries with printf() - Intro to Binary Exploitation (Pwn)
9th video from the "Practical Buffer Overflow Exploitation" course covering the basics of Binary Exploitation. NX and stack canaries are enabled this time, so we'll use a printf() format string vulnerability overwrite an entry from the Global Offset Table (GOT) with system() function from the Lib-C library. We'll use checksec, ghidra, pwndbg and create a manual printf() format write payload as well as using the pwntools FmtStr functionality! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #BinaryExploitation #BufferOverflow #BinExp #RE #Pwn #PwnTools
Find the binary files, source code and scripts to go with the series @ https://github.com/Crypto-Cat/CTF/tree/main/pwn/binary_exploitation_101
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Binary Exploitation / Reverse Engineering↣
Pwn.College: https://pwn.college
How2Heap: https://github.com/shellphish/how2heap
NightMare: https://guyinatuxedo.github.io
Ir0nstone: https://ir0nstone.gitbook.io/notes/types/stack
PinkDraconian: https://www.youtube.com/playlist?list=PLeSXUd883dhjmKkVXSRgI1nJEZUDzgLf_
More: https://github.com/Crypto-Cat/CTF#readme
↢Video-Specific Resources↣
https://systemoverlord.com/2017/03/19/got-and-plt-for-pwning.html
https://ir0nstone.gitbook.io/notes/types/stack/aslr/plt_and_got
https://vickieli.dev/binary%20exploitation/format-string-vulnerabilities
https://codearcana.com/posts/2013/05/02/introduction-to-format-string-exploits.html
https://axcheron.github.io/exploit-101-format-strings
https://docs.pwntools.com/en/stable/fmtstr.html
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
HackTricks: https://book.hacktricks.xyz/exploiting/linux-exploiting-basic-esp
GTFOBins: https://gtfobins.github.io
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Basic File Checks: 0:32
Review Source Code: 2:10
Disassemble with Ghidra: 3:15
Outline Attack (GOT Overwrite): 4:60
GOT vs PLT vs GOT.PLT vs PLT.GOT: 6:07
Fuzz Printf Format Vuln: 8:55
Printf Format Write (%n) Explained: 9:36
Finding Correct Offset for Write: 13:00
How to Build a Manual Payload: 13:55
Manual Printf Write Exploit (%n): 18:08
PwnTools Script (FmtStr Auto): 22:07
End: 26:25
-
32:14
daniellesmithab
17 hours agoNew Feature for Driver’s Licence and ID Cards
22.6K5 -
2:54:40
FreshandFit
14 hours agoChat Makes Pothead RAGE QUIT!!!
480K71 -
1:32:34
Badlands Media
16 hours agoBaseless Conspiracies Ep. 150: 9/11 Mysteries, Remote Pilots, and Hidden Agendas
95.2K36 -
5:32:35
Akademiks
8 hours agoWHERE IS WHAM????? Thug we Forgive u dawg.. Ralo vs Boosie. Charlie Kirk fallout. Cardi B album?
78.1K7 -
2:05:53
Inverted World Live
9 hours agoDeath Cult Terror Cells, NASA Bans Chinese Nationals | Ep. 108
72.2K14 -
2:43:57
TimcastIRL
10 hours agoVP Says No Unity With Democrats Celebrating Charlie Kirk Assassination, Left Confirmed | Timcast IRL
300K198 -
13:45
The Charlie Kirk Show
9 hours agoTPUSA AT ASU CANDLELIGHT VIGIL
237K69 -
55:10
Katie Miller Pod
9 hours ago $18.69 earnedEpisode 6 - Attorney General Pam Bondi | The Katie Miller Podcast
115K35 -
1:46:41
Man in America
14 hours agoLIVE: Assassin Story DOESN'T ADD UP! What Are They HIDING From Us?? | LET'S TALK
96.1K144 -
2:24:17
Barry Cunningham
10 hours agoFOR PRESIDENT TRUMP WILL TAKE NO PRISONERS AND THE LIBS SHOULD EXPECT NO MERCY!
130K78
