9: Overwriting Global Offset Table (GOT) Entries with printf() - Intro to Binary Exploitation (Pwn)
9th video from the "Practical Buffer Overflow Exploitation" course covering the basics of Binary Exploitation. NX and stack canaries are enabled this time, so we'll use a printf() format string vulnerability overwrite an entry from the Global Offset Table (GOT) with system() function from the Lib-C library. We'll use checksec, ghidra, pwndbg and create a manual printf() format write payload as well as using the pwntools FmtStr functionality! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #BinaryExploitation #BufferOverflow #BinExp #RE #Pwn #PwnTools
Find the binary files, source code and scripts to go with the series @ https://github.com/Crypto-Cat/CTF/tree/main/pwn/binary_exploitation_101
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Binary Exploitation / Reverse Engineering↣
Pwn.College: https://pwn.college
How2Heap: https://github.com/shellphish/how2heap
NightMare: https://guyinatuxedo.github.io
Ir0nstone: https://ir0nstone.gitbook.io/notes/types/stack
PinkDraconian: https://www.youtube.com/playlist?list=PLeSXUd883dhjmKkVXSRgI1nJEZUDzgLf_
More: https://github.com/Crypto-Cat/CTF#readme
↢Video-Specific Resources↣
https://systemoverlord.com/2017/03/19/got-and-plt-for-pwning.html
https://ir0nstone.gitbook.io/notes/types/stack/aslr/plt_and_got
https://vickieli.dev/binary%20exploitation/format-string-vulnerabilities
https://codearcana.com/posts/2013/05/02/introduction-to-format-string-exploits.html
https://axcheron.github.io/exploit-101-format-strings
https://docs.pwntools.com/en/stable/fmtstr.html
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
HackTricks: https://book.hacktricks.xyz/exploiting/linux-exploiting-basic-esp
GTFOBins: https://gtfobins.github.io
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Basic File Checks: 0:32
Review Source Code: 2:10
Disassemble with Ghidra: 3:15
Outline Attack (GOT Overwrite): 4:60
GOT vs PLT vs GOT.PLT vs PLT.GOT: 6:07
Fuzz Printf Format Vuln: 8:55
Printf Format Write (%n) Explained: 9:36
Finding Correct Offset for Write: 13:00
How to Build a Manual Payload: 13:55
Manual Printf Write Exploit (%n): 18:08
PwnTools Script (FmtStr Auto): 22:07
End: 26:25
-
1:31:18
Graham Allen
5 hours agoErika Fights Back: Vows To EXPOSE TRUTH & DEMANDS Trial Goes Public!! Left Says Her Grief Is FAKE!
130K79 -
2:08:47
Badlands Media
9 hours agoBadlands Daily: November 3, 2025 – Tariff Wars, SNAP Panic & Brennan Gets Confronted
53.9K14 -
2:59:32
Wendy Bell Radio
8 hours agoThings Will Get Worse Before They Get Better
78K100 -
1:18:28
The Big Migâ„¢
4 hours agoICE Will Use Private Bounty Hunters, LFG
20.1K11 -
1:08:17
Chad Prather
11 hours agoHow to Get Along With People You Don’t Even Like (Most of the Time)
113K31 -
1:45:29
MTNTOUGH Podcast w/ Dustin Diefenderfer
11 hours agoTaya + Colton Kyle: Can American Marriages Survive 2025? | MTNPOD #140
26.2K -
1:12:23
MikeMac - Say Something
19 hours agoSay Something Beyond W/MikeMac: JOKER - Ep.12
25.6K1 -
1:30:13
Game On!
16 hours ago $10.53 earnedChiefs Dynasty OVER, New Longest FG RECORD, and Patriots Are Winning The Super Bowl!
45.2K3 -
4:02:17
The Bubba Army
3 days agoIS AMERICA OVER TRUMP? - Bubba the Love Sponge® Show | 11/03/25
101K37 -
48:57
Man in America
21 hours agoThe Sinister Reason They Put Fluoride in Everything w/ Larry Oberheu
383K118