Скачать или смотреть 6: Return to Lib-C (ret2system/one_gadget) - Buffer Overflows - Intro to Binary Exploitation (Pwn)

6th video from the "Practical Buffer Overflow Exploitation" course covering the basics of Binary Exploitation. NX/DEP is enabled this time so we can't inject shellcode and expect it to execute. Instead, we'll use ROP to return to Lib-C, specifically libc.system('/bin/sh'). We'll use checksec, ghidra, pwndbg and create a couple of pwntools scripts (x86/x64). Finally, we'll look at the one_gadget tool, which can be used to gain a shell from libc with a single offset, providing constraints can be met! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #BinaryExploitation #BufferOverflow #BinExp #RE #Pwn #PwnTools

Find the binary files, source code and scripts to go with the series @ https://github.com/Crypto-Cat/CTF/tre...

↢Video-Specific Resources↣
https://github.com/david942j/one_gadget
https://libc.blukat.me

👷‍♂️Resources🛠
https://cryptocat.me/resources

↢Chapters↣
Start: 0:00
Basic File Checks: 0:20
Linux Permissions (chown/chmod-RWX): 1:25
Review Source Code: 3:08
Summarise Previous Attacks: 3:43
Outline Ret2LibC attack (ghidra): 4:34
Find EIP Offset with GDB-PwnDbg: 6:12
Disable ASLR: 7:37
Locate Lib-C Offsets: 8:28
PwnTools Script (x86): 10:25
Debug with GDB: 12:05
Repeat for 64-bit: 15:28
Find "POP RDI" with Ropper: 15:56
PwnTools Script (x64): 16:30
Importing Lib-C into PwnTools: 17:41
ROP Automation with PwnTools: 19:31
One Gadget Tool RCE: 20:01
End: 25:01