![Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]](https://1a-1791.com/video/s8/1/T/3/u/s/T3usj.qR4e-small-Leaking-Secret-Data-with-a-.jpg)
Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢AngstromCTF↣
https://ctftime.org/event/1859
https://2023.angstromctf.com/challenges
https://discord.gg/Dduuscw
https://twitter.com/angstromctf
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Patch lib-c (pwninit): 0:20
Test the program functionality: 1:05
Check the binary protections (checksec): 1:37
Analyse decompiled code (ghidra): 3:53
Recap of analysis: 6:51
PwnTools script: 8:40
Setup breakpoints: 14:38
Debug with GDB (pwndbg): 15:33
Heap recap (chunk structure): 16:20
Reviewing vulnerability / exploit: 18:01
Finish PwnTools script: 20:40
Test against remote server: 24:13
Final recap: 25:07
End: 25:56
-
25:41
Robbi On The Record
2 days ago $40.65 earnedThe Billion-Dollar Lie Behind OnlyFans “Empowerment” (Her Testimony Will Shock You) | part II
56.9K63 -
1:06:09
Man in America
19 hours agoExposing HAARP's Diabolical Mind Control Tech w/ Leigh Dundas
80K85 -
1:47:16
Tundra Tactical
15 hours ago $114.95 earnedGlock Interview From Beyond The Grave//Whats the Future of Home Training??
65.2K12 -
2:16:35
BlackDiamondGunsandGear
14 hours agoEBT Apocalypse? / Snap Down SHTF / After Hours Armory
33.6K13 -
14:05
Sideserf Cake Studio
1 day ago $19.88 earnedHYPERREALISTIC HAND CAKE GLOW-UP (Old vs. New) 💅
73.8K14 -
28:37
marcushouse
1 day ago $12.96 earnedSpaceX Just Dropped the Biggest Starship Lander Update in Years! 🤯
42.2K19 -
14:54
The Kevin Trudeau Show Limitless
4 days agoThe Hidden Force Running Your Life
129K28 -
2:16:35
DLDAfterDark
14 hours ago $16.79 earnedIs The "SnapPocalypse" A Real Concern? Are You Prepared For SHTF? What Are Some Considerations?
40.7K15 -
19:58
TampaAerialMedia
1 day ago $11.29 earnedKEY LARGO - Florida Keys Part 1 - Snorkeling, Restaurants,
52.4K24 -
1:23
Memology 101
2 days ago $11.42 earnedFar-left ghoul wants conservatives DEAD, warns Dems to get on board or THEY ARE NEXT
41.1K82