![Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]](https://1a-1791.com/video/s8/1/T/3/u/s/T3usj.qR4e-small-Leaking-Secret-Data-with-a-.jpg)
Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢AngstromCTF↣
https://ctftime.org/event/1859
https://2023.angstromctf.com/challenges
https://discord.gg/Dduuscw
https://twitter.com/angstromctf
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Patch lib-c (pwninit): 0:20
Test the program functionality: 1:05
Check the binary protections (checksec): 1:37
Analyse decompiled code (ghidra): 3:53
Recap of analysis: 6:51
PwnTools script: 8:40
Setup breakpoints: 14:38
Debug with GDB (pwndbg): 15:33
Heap recap (chunk structure): 16:20
Reviewing vulnerability / exploit: 18:01
Finish PwnTools script: 20:40
Test against remote server: 24:13
Final recap: 25:07
End: 25:56
-
LIVE
Dr Disrespect
5 hours ago🔴LIVE - DR DISRESPECT - ARENA BREAKOUT: INFINITE - STORM EVENT
2,415 watching -
LIVE
Barry Cunningham
5 hours agoPRESIDENT TRUMP SPEAKS ON JAMES COMEY INDICTMENT! MORE TO COME! DELICIOUS LIBERAL MELTDOWNS!
2,228 watching -
25:59
Simply Bitcoin
1 day ago $0.63 earnedMichael Saylor Reveals $81T Bitcoin Plan to Cancel National Debt?!
9.44K5 -
1:33:51
Steve-O's Wild Ride! Podcast
1 day ago $0.92 earnedJohn C. Reilly's Surprising Connection To Jackass (And Beef With Weeman!)
22.9K5 -
LIVE
StoneMountain64
3 hours agoBattlefield 6 News and Extraction Gaming
74 watching -
2:13:30
Side Scrollers Podcast
6 hours agoUK Introduces MANDATORY Digital ID + Dallas ICE Shooting BLAMED on Gaming + More | Side Scrollers
85.8K7 -
1:54:17
The Charlie Kirk Show
4 hours agoCharlie's Last Trip + What's Next + AMA | Erika Kirk, Mikey McCoy | 9.26.2025
272K236 -
1:02:53
The Quartering
4 hours agoMAGA Kid Kidnapped, Hasan Piker Meltdown, Vivek Fights For Alex Jones & More
129K44 -
32:49
Simply Bitcoin
1 day ago $1.83 earnedBitcoin Crucible w/ Alex Stanczyk | EP 1
36.4K -
1:57:37
Tucker Carlson
3 hours agoCharlie Sheen’s Craziest Hollywood Stories and Why He Refuses to Believe the Official Story of 9/11
60.2K59
