![Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]](https://1a-1791.com/video/s8/1/T/3/u/s/T3usj.qR4e-small-Leaking-Secret-Data-with-a-.jpg)
Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢AngstromCTF↣
https://ctftime.org/event/1859
https://2023.angstromctf.com/challenges
https://discord.gg/Dduuscw
https://twitter.com/angstromctf
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Patch lib-c (pwninit): 0:20
Test the program functionality: 1:05
Check the binary protections (checksec): 1:37
Analyse decompiled code (ghidra): 3:53
Recap of analysis: 6:51
PwnTools script: 8:40
Setup breakpoints: 14:38
Debug with GDB (pwndbg): 15:33
Heap recap (chunk structure): 16:20
Reviewing vulnerability / exploit: 18:01
Finish PwnTools script: 20:40
Test against remote server: 24:13
Final recap: 25:07
End: 25:56
-
50:11
Squaring The Circle, A Randall Carlson Podcast
21 hours ago#046 The Dynamic Planet: Understanding Global Climate Change - Squaring the Circle
1.43K7 -
8:49
AlaskanBallistics
12 hours ago $0.42 earnedBanish .22lr Suppressor Shooting Live
1927 -
14:52
Film Threat
20 hours agoTHUNDERBOLTS* RE-REVIEW | Film Threat Reviews
5643 -
11:43
ariellescarcella
18 hours agoWoke Trans Woman Attacks Me & Looks DUMB
2158 -
10:48
GBGunsRumble
9 hours agoGBGuns Armory Ep 139 Rost Martin RM1S
573 -
1:21:14
Badlands Media
1 day agoDevolution Power Hour Ep. 351 Live From Plymouth
173K69 -
1:18:58
The Connect: With Johnny Mitchell
16 hours ago $21.45 earnedThe Terrifying Rise Of The Nuevo Jalisco Cartel-- Mexico's Most Powerful Criminal Organization
62.8K13 -
15:22
Forrest Galante
11 hours agoPrivate Tour of the World's Largest Pond Facility
72K21 -
LIVE
Boxin
3 hours agoTomb Raider I (Remastered) Im Back!
146 watching -
51:38
Man in America
19 hours agoSINISTER: Cartel Child Trafficking Network Exposed by Investigative Journalist w/ Hollie McKay
70.2K27