9: Overwriting Global Offset Table (GOT) Entries with printf() - Intro to Binary Exploitation (Pwn)
9th video from the "Practical Buffer Overflow Exploitation" course covering the basics of Binary Exploitation. NX and stack canaries are enabled this time, so we'll use a printf() format string vulnerability overwrite an entry from the Global Offset Table (GOT) with system() function from the Lib-C library. We'll use checksec, ghidra, pwndbg and create a manual printf() format write payload as well as using the pwntools FmtStr functionality! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #BinaryExploitation #BufferOverflow #BinExp #RE #Pwn #PwnTools
Find the binary files, source code and scripts to go with the series @ https://github.com/Crypto-Cat/CTF/tree/main/pwn/binary_exploitation_101
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Binary Exploitation / Reverse Engineering↣
Pwn.College: https://pwn.college
How2Heap: https://github.com/shellphish/how2heap
NightMare: https://guyinatuxedo.github.io
Ir0nstone: https://ir0nstone.gitbook.io/notes/types/stack
PinkDraconian: https://www.youtube.com/playlist?list=PLeSXUd883dhjmKkVXSRgI1nJEZUDzgLf_
More: https://github.com/Crypto-Cat/CTF#readme
↢Video-Specific Resources↣
https://systemoverlord.com/2017/03/19/got-and-plt-for-pwning.html
https://ir0nstone.gitbook.io/notes/types/stack/aslr/plt_and_got
https://vickieli.dev/binary%20exploitation/format-string-vulnerabilities
https://codearcana.com/posts/2013/05/02/introduction-to-format-string-exploits.html
https://axcheron.github.io/exploit-101-format-strings
https://docs.pwntools.com/en/stable/fmtstr.html
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
HackTricks: https://book.hacktricks.xyz/exploiting/linux-exploiting-basic-esp
GTFOBins: https://gtfobins.github.io
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Basic File Checks: 0:32
Review Source Code: 2:10
Disassemble with Ghidra: 3:15
Outline Attack (GOT Overwrite): 4:60
GOT vs PLT vs GOT.PLT vs PLT.GOT: 6:07
Fuzz Printf Format Vuln: 8:55
Printf Format Write (%n) Explained: 9:36
Finding Correct Offset for Write: 13:00
How to Build a Manual Payload: 13:55
Manual Printf Write Exploit (%n): 18:08
PwnTools Script (FmtStr Auto): 22:07
End: 26:25
-
15:41
BaldBrad
14 hours agoDeclassified BOMBSHELL: CIA Lied About Trump-Russia! Putin Never Backed Trump | Russiagate Exposed
893 -
13:07
Nate The Lawyer
15 hours ago $0.02 earnedWNBA Loses $500M But Players Want More Money. $40M Lost Last Year.
2414 -
11:43
Zoufry
17 hours agoThe McDonald's Ice Cream Machine Conspiracy
9182 -
14:54
DeVory Darkins
1 day ago $4.23 earnedTrump just announced MAJOR TRADE deal as CNN confronts Khalil over gaza
8.41K47 -
2:09:26
Side Scrollers Podcast
19 hours agoSplitgate 2 Reverses Course, Ubisoft Failures, RIP Julian LeFay | Side Scrollers
97.5K4 -
17:01
GritsGG
15 hours agoAttempting World Record Win Streak! 18 of 71!
6.62K2 -
1:42:12
Omar Elattar
9 months agoDAN MARTELL: From 17-Year-Old In Jail To $100 Million Business Investor!
15.4K2 -
LIVE
Lofi Girl
2 years agoSynthwave Radio 🌌 - beats to chill/game to
195 watching -
11:00
The Pascal Show
12 hours ago $1.00 earned'SHE WOULD'VE KICKED YOUR F***ING A**!' Kaylee Goncalves Sister Victim Statement To Bryan Kohberger
13.7K5 -
1:07:47
Dad Dojo Podcast
15 hours ago $0.73 earnedEP40: Conspiracies Revealed
10K1