9: Overwriting Global Offset Table (GOT) Entries with printf() - Intro to Binary Exploitation (Pwn)
9th video from the "Practical Buffer Overflow Exploitation" course covering the basics of Binary Exploitation. NX and stack canaries are enabled this time, so we'll use a printf() format string vulnerability overwrite an entry from the Global Offset Table (GOT) with system() function from the Lib-C library. We'll use checksec, ghidra, pwndbg and create a manual printf() format write payload as well as using the pwntools FmtStr functionality! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #BinaryExploitation #BufferOverflow #BinExp #RE #Pwn #PwnTools
Find the binary files, source code and scripts to go with the series @ https://github.com/Crypto-Cat/CTF/tree/main/pwn/binary_exploitation_101
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Binary Exploitation / Reverse Engineering↣
Pwn.College: https://pwn.college
How2Heap: https://github.com/shellphish/how2heap
NightMare: https://guyinatuxedo.github.io
Ir0nstone: https://ir0nstone.gitbook.io/notes/types/stack
PinkDraconian: https://www.youtube.com/playlist?list=PLeSXUd883dhjmKkVXSRgI1nJEZUDzgLf_
More: https://github.com/Crypto-Cat/CTF#readme
↢Video-Specific Resources↣
https://systemoverlord.com/2017/03/19/got-and-plt-for-pwning.html
https://ir0nstone.gitbook.io/notes/types/stack/aslr/plt_and_got
https://vickieli.dev/binary%20exploitation/format-string-vulnerabilities
https://codearcana.com/posts/2013/05/02/introduction-to-format-string-exploits.html
https://axcheron.github.io/exploit-101-format-strings
https://docs.pwntools.com/en/stable/fmtstr.html
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
HackTricks: https://book.hacktricks.xyz/exploiting/linux-exploiting-basic-esp
GTFOBins: https://gtfobins.github.io
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Basic File Checks: 0:32
Review Source Code: 2:10
Disassemble with Ghidra: 3:15
Outline Attack (GOT Overwrite): 4:60
GOT vs PLT vs GOT.PLT vs PLT.GOT: 6:07
Fuzz Printf Format Vuln: 8:55
Printf Format Write (%n) Explained: 9:36
Finding Correct Offset for Write: 13:00
How to Build a Manual Payload: 13:55
Manual Printf Write Exploit (%n): 18:08
PwnTools Script (FmtStr Auto): 22:07
End: 26:25
-
1:49:14
Redacted News
12 hours agoTrump is Back! Congress Uncovers New Biden Crimes One Day After He Leaves D.C. | Redacted
197K255 -
2:09:53
Benny Johnson
12 hours ago🚨President Trump LIVE Right Now Making MASSIVE Announcement At White House News Conference
305K435 -
2:04:10
Revenge of the Cis
13 hours agoEpisode 1433: Retribution
134K21 -
1:42:50
The Criminal Connection Podcast
16 hours ago $1.30 earnedEddie Hearn talks JOSHUA vs FURY, Working With Frank Warren & The Truth About Turki Alalshikh!
68K2 -
1:00:25
In The Litter Box w/ Jewels & Catturd
1 day agoGolden Age | In the Litter Box w/ Jewels & Catturd – Ep. 724 – 1/21/2025
156K84 -
57:42
The Dan Bongino Show
20 hours agoHE'S BACK! (Ep. 2405) - 01/21/2025
1.46M2.67K -
46:19
Candace Show Podcast
13 hours agoUH-OH! Elon’s Viral Salute Steals The Inauguration Show | Candace Ep 136
170K464 -
8:05:01
hambinooo
17 hours agoNO COMMIE TUESDAY
102K3 -
2:08:37
The Quartering
15 hours agoTrump Ends Online Censorship, Foreign Aid, Frees J6 Hostages & Much More In Day 1
142K61 -
1:33:37
Russell Brand
16 hours agoBudget Cuts, Fires, and the Failures of Leadership – SF523
307K140