![Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]](https://1a-1791.com/video/s8/1/T/3/u/s/T3usj.qR4e-small-Leaking-Secret-Data-with-a-.jpg)
Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢AngstromCTF↣
https://ctftime.org/event/1859
https://2023.angstromctf.com/challenges
https://discord.gg/Dduuscw
https://twitter.com/angstromctf
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Patch lib-c (pwninit): 0:20
Test the program functionality: 1:05
Check the binary protections (checksec): 1:37
Analyse decompiled code (ghidra): 3:53
Recap of analysis: 6:51
PwnTools script: 8:40
Setup breakpoints: 14:38
Debug with GDB (pwndbg): 15:33
Heap recap (chunk structure): 16:20
Reviewing vulnerability / exploit: 18:01
Finish PwnTools script: 20:40
Test against remote server: 24:13
Final recap: 25:07
End: 25:56
-
LIVE
Kim Iversen
2 hours agoNick Fuentes Denies Israel Killed Charlie Kirk | Right-Wing CANCELS Jimmy Kimmel
1,404 watching -
LIVE
Candace Show Podcast
1 hour agoEXCLUSIVE! Another Photo Of Tyler Robinson | Candace Ep 238
7,402 watching -
LIVE
Redacted News
2 hours agoWhat are they hiding? New video evidence in Charlie Kirk's Shooting SHAKES FBI'S case | Redacted
9,105 watching -
41:53
Kimberly Guilfoyle
4 hours agoCharlie's Legacy and Our Mission
12.7K5 -
1:07:55
vivafrei
3 hours agoJimmy Kimmel Out Indefinitely! Trump "Srubs" Study on Right Wing Violence? Clinton Tweet & MORE
176K58 -
1:35:02
The Quartering
4 hours agoNuclear Fallout From Jimmy Kimmel Firing, New Head Of TP USA, Obama Whines
193K61 -
23:35
Jasmin Laine
2 hours ago“We Were Betrayed”—Carney HUMILIATED As His Base REVOLTS Against Him
16.3K12 -
LIVE
LFA TV
19 hours agoKIMMEL GONE | ANTIFA LABELED TERRORISTS! - THURSDAY 9/18/25
1,272 watching -
LIVE
freecastle
6 hours agoTAKE UP YOUR CROSS- Hope In GOD, and Fear NO Evil!
121 watching -
1:34:10
The HotSeat
2 hours agoChapter 32 Begins: Honoring Charlie Kirk’s Legacy & Jimmy Kimmel Gets Canceled
14.7K5
