![Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]](https://1a-1791.com/video/s8/1/T/3/u/s/T3usj.qR4e-small-Leaking-Secret-Data-with-a-.jpg)
Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢AngstromCTF↣
https://ctftime.org/event/1859
https://2023.angstromctf.com/challenges
https://discord.gg/Dduuscw
https://twitter.com/angstromctf
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Patch lib-c (pwninit): 0:20
Test the program functionality: 1:05
Check the binary protections (checksec): 1:37
Analyse decompiled code (ghidra): 3:53
Recap of analysis: 6:51
PwnTools script: 8:40
Setup breakpoints: 14:38
Debug with GDB (pwndbg): 15:33
Heap recap (chunk structure): 16:20
Reviewing vulnerability / exploit: 18:01
Finish PwnTools script: 20:40
Test against remote server: 24:13
Final recap: 25:07
End: 25:56
-
1:01:04
The Rubin Report
1 hour agoMSNOW Host Realizes Ilhan Omar Is a Monster After Her Australia Shooting Reaction
4.19K14 -
LIVE
The Bubba Army
3 days ago"ROB REINER MURDERED" By His Own Son? - Bubba the Love Sponge® Show | 12/15/25
467 watching -
17:09
Professor Nez
56 minutes agoObama’s Operative Just Got HUMILIATED After Trying to IMPEACH America!
5 -
LIVE
LFA TV
19 hours agoLIVE & BREAKING NEWS! | MONDAY 12/15/25
4,246 watching -
59:10
VINCE
3 hours agoViolence Across The World: Brown University, Australia, Syria | Episode 188 - 12/15/25 VINCE
174K64 -
LIVE
The Shannon Joy Show
1 hour ago🔥SJ LIVE Dec 15 - A Violent Weekend, A Peoples Coup In Bulgaria & A Trump EO For Big Tech Granting Immunity & Supremacy🔥
101 watching -
LIVE
Grant Stinchfield
44 minutes agoThe Cost of Wokeness... Disarmament Is the Danger
62 watching -
LIVE
Nikko Ortiz
2 hours agoReaction Time With Special Guest... | Rumble LIVE
171 watching -
LIVE
Caleb Hammer
14 hours agoFinancial Audit's Messiest Divorce
142 watching -
1:34:42
Graham Allen
4 hours agoErika Kirk & Candace Owens Meet TODAY!!! Candace is DONE! + Radical Islam Is Destroying The World!
133K569