9: Overwriting Global Offset Table (GOT) Entries with printf() - Intro to Binary Exploitation (Pwn)
9th video from the "Practical Buffer Overflow Exploitation" course covering the basics of Binary Exploitation. NX and stack canaries are enabled this time, so we'll use a printf() format string vulnerability overwrite an entry from the Global Offset Table (GOT) with system() function from the Lib-C library. We'll use checksec, ghidra, pwndbg and create a manual printf() format write payload as well as using the pwntools FmtStr functionality! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #BinaryExploitation #BufferOverflow #BinExp #RE #Pwn #PwnTools
Find the binary files, source code and scripts to go with the series @ https://github.com/Crypto-Cat/CTF/tree/main/pwn/binary_exploitation_101
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Binary Exploitation / Reverse Engineering↣
Pwn.College: https://pwn.college
How2Heap: https://github.com/shellphish/how2heap
NightMare: https://guyinatuxedo.github.io
Ir0nstone: https://ir0nstone.gitbook.io/notes/types/stack
PinkDraconian: https://www.youtube.com/playlist?list=PLeSXUd883dhjmKkVXSRgI1nJEZUDzgLf_
More: https://github.com/Crypto-Cat/CTF#readme
↢Video-Specific Resources↣
https://systemoverlord.com/2017/03/19/got-and-plt-for-pwning.html
https://ir0nstone.gitbook.io/notes/types/stack/aslr/plt_and_got
https://vickieli.dev/binary%20exploitation/format-string-vulnerabilities
https://codearcana.com/posts/2013/05/02/introduction-to-format-string-exploits.html
https://axcheron.github.io/exploit-101-format-strings
https://docs.pwntools.com/en/stable/fmtstr.html
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
HackTricks: https://book.hacktricks.xyz/exploiting/linux-exploiting-basic-esp
GTFOBins: https://gtfobins.github.io
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Basic File Checks: 0:32
Review Source Code: 2:10
Disassemble with Ghidra: 3:15
Outline Attack (GOT Overwrite): 4:60
GOT vs PLT vs GOT.PLT vs PLT.GOT: 6:07
Fuzz Printf Format Vuln: 8:55
Printf Format Write (%n) Explained: 9:36
Finding Correct Offset for Write: 13:00
How to Build a Manual Payload: 13:55
Manual Printf Write Exploit (%n): 18:08
PwnTools Script (FmtStr Auto): 22:07
End: 26:25
-
2:45:01
WeAreChange
13 hours agoBIBLICAL?! Trump Getting Shot In The Ear And Getting Back Up ACTUALLY PROPHESIZED!
112K90 -
5:41:11
Drew Hernandez
20 hours agoTRUMP RALLY PA & KAMALA BOMBS BIG GIRL MEDIA BLITZ
108K50 -
1:26:28
The Big Mig™
1 day agoSoprano’s Drea De Matteo, Bada Bing Bada Boom
98.8K12 -
2:00:44
Melonie Mac
13 hours agoGo Boom Live Ep 24!
66.3K19 -
1:57:46
2 MIKES LIVE
12 hours ago2 MIKES LIVE #127 Tracking Milton, News Breakdown w Special Guest Mandy Gunasekara!
38.9K1 -
48:58
Sarah Westall
12 hours agoStormy Daniels vs Trump: Supreme Court Decides: Gag Order to Protect a Corrupt Judge Constitutional?
38.3K11 -
1:36:59
Redacted News
15 hours agoBREAKING! HURRICANE MILTON BEING CONTROLLED BY DIRECTED ENERGY WEAPONS (NEXRAD & HAARP) | REDACTED
186K600 -
1:27:16
Dr. Drew
18 hours agoAlex Jones & Dr. Drew: Globalists, Elon Musk & If Alex Is a CIA "Controlled Opposition" Agent Infiltrating The Freedom Movement – Ask Dr. Drew
62.2K37 -
1:16:05
Savanah Hernandez
14 hours agoWe’re currently living the “1 month free” trial of a Kamala Presidency and it's awful
39.2K34 -
4:00:42
Right Side Broadcasting Network
1 day agoLIVE REPLAY: President Trump Delivers Remarks in Scranton, PA - 10/9/24
185K63