![Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]](https://1a-1791.com/video/s8/1/T/3/u/s/T3usj.qR4e-small-Leaking-Secret-Data-with-a-.jpg)
Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢AngstromCTF↣
https://ctftime.org/event/1859
https://2023.angstromctf.com/challenges
https://discord.gg/Dduuscw
https://twitter.com/angstromctf
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Patch lib-c (pwninit): 0:20
Test the program functionality: 1:05
Check the binary protections (checksec): 1:37
Analyse decompiled code (ghidra): 3:53
Recap of analysis: 6:51
PwnTools script: 8:40
Setup breakpoints: 14:38
Debug with GDB (pwndbg): 15:33
Heap recap (chunk structure): 16:20
Reviewing vulnerability / exploit: 18:01
Finish PwnTools script: 20:40
Test against remote server: 24:13
Final recap: 25:07
End: 25:56
-
57:04
efenigson
1 hour agoSentenced For Building Freedom! Live: Samourai Wallet's Keonne Rodriguez
2073 -
LIVE
Benny Johnson
1 hour agoDark New Mysterious Footage Of Brown University Killer RELEASED After Republican Leader MURDERED...
3,831 watching -
LIVE
Chad Prather
1 hour agoWhy Trump’s Response To Rob Reiner Passing MISSED THE MARK + Erika Kirk & Candace Meet & Bible Q&A!
459 watching -
LIVE
Badlands Media
8 hours agoBadlands Daily: 12/16/25
3,343 watching -
LIVE
Wendy Bell Radio
6 hours agoUnapologetic
6,749 watching -
LIVE
The Big Migâ„¢
2 hours agoTrump Classifies Fentanyl, A Weapon Of Mass Destruction
3,401 watching -
1:05:22
Graham Allen
3 hours agoDid Trump Cross A Line? Erika & Candace Are Alive! + Are We Changing Minds On Radical Islam?!
112K905 -
1:10:11
Chad Prather
10 hours agoWhen Life Pushes You Out of Place
81.6K33 -
13:48
Rethinking the Dollar
11 hours agoLiquidity Flood Incoming? This Chart Will Shock You.
3.59K -
1:04:04
The Mike Schwartz Show
14 hours agoTHE MIKE SCHWARTZ SHOW with DR. MICHAEL J SCHWARTZ 12-16-2025
3.04K4