![Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]](https://1a-1791.com/video/s8/1/T/3/u/s/T3usj.qR4e-small-Leaking-Secret-Data-with-a-.jpg)
Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢AngstromCTF↣
https://ctftime.org/event/1859
https://2023.angstromctf.com/challenges
https://discord.gg/Dduuscw
https://twitter.com/angstromctf
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Patch lib-c (pwninit): 0:20
Test the program functionality: 1:05
Check the binary protections (checksec): 1:37
Analyse decompiled code (ghidra): 3:53
Recap of analysis: 6:51
PwnTools script: 8:40
Setup breakpoints: 14:38
Debug with GDB (pwndbg): 15:33
Heap recap (chunk structure): 16:20
Reviewing vulnerability / exploit: 18:01
Finish PwnTools script: 20:40
Test against remote server: 24:13
Final recap: 25:07
End: 25:56
-
1:46:27
Tim Pool
7 hours agoSin Frontera: The End of Illegal Immigration (DOCUMENTARY PREMIERE - 6pm EST)
162K51 -
LIVE
Barry Cunningham
1 hour agoNEWS ON THE PLOT AGAINST THE PRESIDENT AND IT'S A MOVIE NIGHT!
6,734 watching -
LIVE
SpartakusLIVE
2 hours agoMonday MOTIVATION || Games w/ the BOYS into the NIGHT
127 watching -
LIVE
Jamie Kennedy
1 day agoWhy the Epstein Cover-Up Still Matters | Ep 214 HTBITY W Jamie Kennedy
59 watching -
LIVE
LIVE WITH CHRIS'WORLD
21 hours agoLIVE WITH CHRIS'WORLD - WE ARE READY FOR ACCOUNTABILITY
63 watching -
LIVE
PudgeTV
5 hours ago🔵 Mod Mondays Ep 68 | The Mike Church Show | Welcome to the New Internet
148 watching -
59:57
Donald Trump Jr.
3 hours agoObama Behind the Russia Hoax, Full Coverage Live Lee Smith | Triggered Ep260
45.8K83 -
LIVE
ZWOGs
6 hours ago🔴LIVE IN 1440p! - PUBG, Star Wars Battlefront 2, Splitgate 2, VR Games, and More! - Come Hang Out!
67 watching -
LIVE
Blabs Games
4 hours agoGori Cuddly Carnage Part 1 | Noob Plays
81 watching -
1:02:23
BonginoReport
3 hours agoHunter Denies West Wing Cocaine Was His!- Nightly Scroll w/ Hayley Caronia (Ep.94) - 07/21/2025
59.1K44