9: Overwriting Global Offset Table (GOT) Entries with printf() - Intro to Binary Exploitation (Pwn)
9th video from the "Practical Buffer Overflow Exploitation" course covering the basics of Binary Exploitation. NX and stack canaries are enabled this time, so we'll use a printf() format string vulnerability overwrite an entry from the Global Offset Table (GOT) with system() function from the Lib-C library. We'll use checksec, ghidra, pwndbg and create a manual printf() format write payload as well as using the pwntools FmtStr functionality! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #BinaryExploitation #BufferOverflow #BinExp #RE #Pwn #PwnTools
Find the binary files, source code and scripts to go with the series @ https://github.com/Crypto-Cat/CTF/tree/main/pwn/binary_exploitation_101
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Binary Exploitation / Reverse Engineering↣
Pwn.College: https://pwn.college
How2Heap: https://github.com/shellphish/how2heap
NightMare: https://guyinatuxedo.github.io
Ir0nstone: https://ir0nstone.gitbook.io/notes/types/stack
PinkDraconian: https://www.youtube.com/playlist?list=PLeSXUd883dhjmKkVXSRgI1nJEZUDzgLf_
More: https://github.com/Crypto-Cat/CTF#readme
↢Video-Specific Resources↣
https://systemoverlord.com/2017/03/19/got-and-plt-for-pwning.html
https://ir0nstone.gitbook.io/notes/types/stack/aslr/plt_and_got
https://vickieli.dev/binary%20exploitation/format-string-vulnerabilities
https://codearcana.com/posts/2013/05/02/introduction-to-format-string-exploits.html
https://axcheron.github.io/exploit-101-format-strings
https://docs.pwntools.com/en/stable/fmtstr.html
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
HackTricks: https://book.hacktricks.xyz/exploiting/linux-exploiting-basic-esp
GTFOBins: https://gtfobins.github.io
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Basic File Checks: 0:32
Review Source Code: 2:10
Disassemble with Ghidra: 3:15
Outline Attack (GOT Overwrite): 4:60
GOT vs PLT vs GOT.PLT vs PLT.GOT: 6:07
Fuzz Printf Format Vuln: 8:55
Printf Format Write (%n) Explained: 9:36
Finding Correct Offset for Write: 13:00
How to Build a Manual Payload: 13:55
Manual Printf Write Exploit (%n): 18:08
PwnTools Script (FmtStr Auto): 22:07
End: 26:25
-
LIVE
DynastyXL
3 hours ago🔴 LIVE NOW – ARC RAIDING - BADLY! - NEW RUMBLE WALLET - THOUGHTS?
100 watching -
2:20:13
Side Scrollers Podcast
21 hours agoVoice Actor VIRTUE SIGNAL at Award Show + Craig’s HORRIBLE Take + More | Side Scrollers
62.2K20 -
LIVE
EXPBLESS
1 hour agoShowcasing New Game | (Where Winds Meet) #RumblePremium
38 watching -
LIVE
Boxin
1 hour agolets BEAT! Kingdom Hearts!
47 watching -
18:49
GritsGG
17 hours agoI Was Given a Warzone Sniper Challenge! Here is What Happened!
18.6K2 -
19:02
The Pascal Show
1 day ago $6.30 earnedNOT SURPRISED! Pam Bondi Is Lying To Us Again About Releasing The Epstein Files
23.9K21 -
6:05
Blabbering Collector
20 hours agoRowling On Set, Bill Nighy To Join Cast, HBO Head Comments On Season 2 Of Harry Potter HBO!
22K4 -
57:44
TruthStream with Joe and Scott
2 days agoShe's of Love podcast & Joe:A co-Hosted interview, Mother and Daughter (300,000+Facebook page) Travel, Home School, Staying Grounded, Recreating oneself, SolarPunk #514
43.7K1 -
30:49
MetatronHistory
1 day agoThe Truth about Women Warriors Based on Facts, Evidence and Sources
38.2K20 -
2:59:08
FreshandFit
16 hours agoA Sugar Baby & A Feminist ALMOST Fight Each Other
277K75