![Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]](https://1a-1791.com/video/s8/1/T/3/u/s/T3usj.qR4e-small-Leaking-Secret-Data-with-a-.jpg)
Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢AngstromCTF↣
https://ctftime.org/event/1859
https://2023.angstromctf.com/challenges
https://discord.gg/Dduuscw
https://twitter.com/angstromctf
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Patch lib-c (pwninit): 0:20
Test the program functionality: 1:05
Check the binary protections (checksec): 1:37
Analyse decompiled code (ghidra): 3:53
Recap of analysis: 6:51
PwnTools script: 8:40
Setup breakpoints: 14:38
Debug with GDB (pwndbg): 15:33
Heap recap (chunk structure): 16:20
Reviewing vulnerability / exploit: 18:01
Finish PwnTools script: 20:40
Test against remote server: 24:13
Final recap: 25:07
End: 25:56
-
LIVE
Turning Point USA
1 hour agoWASHINGTON D.C. PRAYER VIGIL FOR CHARLIE KIRK
1,712 watching -
1:35:39
SB Mowing
2 days agoIt took the WHOLE NEIGHBORHOOD to uncover this yards SHOCKING SECRET
45.8K54 -
12:52
ROSE UNPLUGGED
20 hours agoFrom Vision to Legacy: Charlie Kirk
26.5K18 -
1:14:22
Jeff Ahern
4 hours ago $8.58 earnedThe Sunday Show with Jeff Ahern
38.1K27 -
16:37
Professor Nez
5 hours ago🚨Internet MELTS DOWN over JD Vance & Trump BREAKING the Democrats!
40.3K148 -
18:40
itsSeanDaniel
7 hours agoPiers Morgan CALLED OUT and HUMILIATED by Andrew Tate
49.5K269 -
LIVE
Times Now World
2 days agoLIVE: "ON CAM: How the Charlie Kirk Shooter ESCAPED – Shocking New Footage Revealed!"
374 watching -
1:45:51
Game On!
1 day ago $11.36 earnedWise Guys Reveal NFL Week 2 BEST BETS Now
88.5K8 -
26:57
Robbi On The Record
2 days agoMouth Breathing Is Why You’re Exhausted | with Dr. Melanie Silvestrini
62.7K6 -
LIVE
Total Horse Channel
9 hours ago2025 Reno Snaffle Bit Futurity | Sunday Finals
101 watching