![Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]](https://1a-1791.com/video/s8/1/T/3/u/s/T3usj.qR4e-small-Leaking-Secret-Data-with-a-.jpg)
Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢AngstromCTF↣
https://ctftime.org/event/1859
https://2023.angstromctf.com/challenges
https://discord.gg/Dduuscw
https://twitter.com/angstromctf
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Patch lib-c (pwninit): 0:20
Test the program functionality: 1:05
Check the binary protections (checksec): 1:37
Analyse decompiled code (ghidra): 3:53
Recap of analysis: 6:51
PwnTools script: 8:40
Setup breakpoints: 14:38
Debug with GDB (pwndbg): 15:33
Heap recap (chunk structure): 16:20
Reviewing vulnerability / exploit: 18:01
Finish PwnTools script: 20:40
Test against remote server: 24:13
Final recap: 25:07
End: 25:56
-
LIVE
FyrBorne
12 hours ago🔴Warzone M&K Sniping: Finding Season 5's Best Strafe ARs
175 watching -
4:47:50
The Why Files
2 days agoCOMPILATION: UFOs and Aliens Vol.2 | They are NOT our friends
66.8K50 -
54:47
Side Scrollers Podcast
1 day agoSide Scroller Presents KING OF THE KART | MASSIVE MARIO KART TOURNAMENT
139K10 -
14:47
GritsGG
18 hours agoRumble Tournament Dubular! Rebirth Island Custom Tournament!
42.9K3 -
LIVE
CassaiyanGaming
1 hour agoClean Water Charity Stream Day 1 - Black Ops 6 Level Grinding
61 watching -
LIVE
PudgeTV
3 hours ago🟣 Greak: Memories of Azur | Gaming on Rumble | September Charity Water Campaign
80 watching -
LIVE
LarryDickmanGaming
11 hours agoI am what I am and that's all that I am.
54 watching -
2:39:02
The Pascal Show
19 hours ago $2.81 earned'HE'S THE DEVIL!' Former Mother In Law Breaks Silence On Jake Haro & Emmanuel Haro Case
21.4K4 -
5:30:10
SpartakusLIVE
14 hours ago#1 Verdansk Sniper gets HACCUSATIONS because of INSANE Headshots
65.1K4 -
46:18
SB Mowing
3 days agoShe was LOSING HOPE but this SURPRISE CHANGED EVERYTHING
54.3K49