Execution Flow Hijacking (ret2win) - pwn103 - PWN101 | TryHackMe

Скачать Execution Flow Hijacking (ret2win) - pwn103 - PWN101 | TryHackMe бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно Execution Flow Hijacking (ret2win) - pwn103 - PWN101 | TryHackMe или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Cкачать музыку Execution Flow Hijacking (ret2win) - pwn103 - PWN101 | TryHackMe бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео Execution Flow Hijacking (ret2win) - pwn103 - PWN101 | TryHackMe

Hijacking the program's execution flow in order to execute a function of our choice, which is usually called ret2win (because we are returning to win() or any equivalent function) . We are abusing a buffer overflow caused by the use of scanf. A detailed explanation is given about how the stack behaves and what is happening in memory during the execution, so as to understand the underlying concepts and why this attack is possible. A thorough explanation will be given about how RSP and RBP registers are modified by the instructions, either as a direct or side effect. Step-by-step tutorial solving pwn103 from PWN101 binary exploitation room on TryHackMe.

More on ret2win:
https://ir0nstone.gitbook.io/notes/ty...

Function Prologue and Epilogue: https://en.wikipedia.org/wiki/Functio...
More on ENTER and LEAVE high-level procedures: https://books.google.es/books?id=zWrZ...
The MOVAPS issue: https://ropemporium.com/guide.html#Co...

PWN101 Room: https://tryhackme.com/room/pwn101
Endianness video: • Endianness Explained. Little-Endian a...

Binary Exploitation PWN101 Playlist: • Binary Exploitation PWN101
Binary Exploitation PWN101 Webpage: https://razvioverflow.github.io/tryha...

00:00 - Intro
00:16 - Checking what file it is
00:25 - Executing the binary
00:57 - Segmentation Fault (vuln)
01:20 - Executing the file
01:56 - Recap so far
02:22 - Launching Cutter
02:39 - Checking binary protections
03:11 - Disassembling the binary
05:55 - Identifying and explaining the vulnerability
07:44 - Understanding the underlying concepts
08:05 - Execution Flow Hijacking
08:52 - Understanding the underlying concepts
09:33 - CALL instruction
10:57 - RET instruction
12:19 - Understanding the stack during the execution
14:32 - Function Prologue
14:56 - Understanding the stack during the execution
17:10 - Function Epilogue
17:26 - LEAVE high-level procedure
17:58 - Understanding the stack during the execution
18:48 - Understanding the exploit
20:44 - Writing the exploit
23:11 - Exploiting locally
23:18 - Exploiting remotely
23:41 - The MOVAPS issue
25:02 - Exploiting remotely
24:33 - Fixing the exploit
25:22 - Reading the flag
25:27 - Outro[*]

Exploit code, not people.
Twitter: @Razvieu
*Outro track: Etsu - Selcouth
GG