![Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]](https://1a-1791.com/video/s8/1/T/3/u/s/T3usj.qR4e-small-Leaking-Secret-Data-with-a-.jpg)
Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢AngstromCTF↣
https://ctftime.org/event/1859
https://2023.angstromctf.com/challenges
https://discord.gg/Dduuscw
https://twitter.com/angstromctf
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Patch lib-c (pwninit): 0:20
Test the program functionality: 1:05
Check the binary protections (checksec): 1:37
Analyse decompiled code (ghidra): 3:53
Recap of analysis: 6:51
PwnTools script: 8:40
Setup breakpoints: 14:38
Debug with GDB (pwndbg): 15:33
Heap recap (chunk structure): 16:20
Reviewing vulnerability / exploit: 18:01
Finish PwnTools script: 20:40
Test against remote server: 24:13
Final recap: 25:07
End: 25:56
-
1:06:56
BonginoReport
9 hours agoThe Battle Between Good & Evil w/ Demonologist Rick Hansen - Hayley Caronia (Ep.168)
59.9K16 -
1:12:57
Kim Iversen
3 hours agoBill Gates Suddenly Says “Don’t Worry About Climate Change”?
58.2K27 -
1:05:12
Michael Franzese
3 hours agoI Waited 50 Years to Tell You What Happened on Halloween 1975
13.8K7 -
1:07:15
Candace Show Podcast
3 hours agoINFILTRATION: Charlie Kirk Was Being Tracked For Years. | Candace Ep 256
47.7K177 -
LIVE
Rallied
3 hours ago $0.66 earnedWarzone Solo Challenges then RedSec Domination
121 watching -
2:34:30
Red Pill News
5 hours agoBoomerang Time - DOJ Investigating BLM Fraud on Red Pill News Live
30.2K10 -
1:46:14
Roseanne Barr
5 hours ago“The Over Emotional Are Always Under Informed” | The Roseanne Barr Podcast #121
70.9K44 -
3:24:28
Nerdrotic
7 hours ago $9.50 earnedThe WitcHER DOA | Box Office Massacre | Massive Industry Layoffs - Friday Night Tights 378
39.3K7 -
14:54
IsaacButterfield
15 hours ago $3.48 earnedShe Called Out “Creepy Men It Didn’t End Well
20.7K42 -
11:43:21
LFA TV
23 hours agoLIVE & BREAKING NEWS! | FRIDAY 10/31/25
187K46