![Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]](https://1a-1791.com/video/s8/1/T/3/u/s/T3usj.qR4e-small-Leaking-Secret-Data-with-a-.jpg)
Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢AngstromCTF↣
https://ctftime.org/event/1859
https://2023.angstromctf.com/challenges
https://discord.gg/Dduuscw
https://twitter.com/angstromctf
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Patch lib-c (pwninit): 0:20
Test the program functionality: 1:05
Check the binary protections (checksec): 1:37
Analyse decompiled code (ghidra): 3:53
Recap of analysis: 6:51
PwnTools script: 8:40
Setup breakpoints: 14:38
Debug with GDB (pwndbg): 15:33
Heap recap (chunk structure): 16:20
Reviewing vulnerability / exploit: 18:01
Finish PwnTools script: 20:40
Test against remote server: 24:13
Final recap: 25:07
End: 25:56
-
12:51
Dr. Nick Zyrowski
5 hours agoDoctors Got It Wrong! How to RAISE Testosterone Levels Forever
8572 -
1:14:40
Mark Kaye
4 hours ago🔴 Trump FUMES As Police Abandon Chicago At Pritzker's Orders
5.76K15 -
UPCOMING
Film Threat
17 hours agoVERSUS: THE SMASHING MACHINE BOMBS + 007 EMASCULATED ON AMAZON | Film Threat Versus
694 -
![[Ep 763] The Democrat Death Cult – Party of Violence| Judicial Coup & Real Insurrection](https://1a-1791.com/video/fwe2/6b/s8/1/0/m/v/o/0mvoz.0kob-small-Ep-763-The-Democrat-Death-C.jpg)
UPCOMING
The Nunn Report - w/ Dan Nunn
51 minutes ago[Ep 763] The Democrat Death Cult – Party of Violence| Judicial Coup & Real Insurrection
22 -
UPCOMING
Owen Shroyer
11 minutes agoOwen Report - 10-06-2025 - Debut Episode Of Your New Favorite Talk Show
-
56:24
DeVory Darkins
3 hours ago $29.67 earnedFederal Judge issues shocking order against Trump as Chicago Mayor pulls insane stunt
71.1K131 -
1:24:59
Sean Unpaved
3 hours agoPoll Plunge & Mile-High Mayhem: Texas & Penn State Crash, Sunday's Fireworks, & Broncos Stun Eagles'
26.7K1 -
9:24
Ken LaCorte: Elephants in Rooms
1 day ago $0.56 earnedThe secret of Indian store owners
3.74K3 -
8:30
Millionaire Mentor
1 day agoJames Comey PANICS After Pam Bondi Reveals What’s Coming Next
3.92K9 -
LIVE
Jeff Ahern
1 hour agoMonday Madness with Jeff Ahern
125 watching
