Shellcode Execution (ret2shellcode) - pwn104 - PWN101 | TryHackMe

Описание к видео Shellcode Execution (ret2shellcode) - pwn104 - PWN101 | TryHackMe

Hijacking the program's execution flow in order to execute our payload, which conveniently corresponds to assembly instructions/code that spawn a shell (Shellcode), an attack that is commonly referred to as ret2shellcode or simply shellcode execution. This time we are abusing a buffer overflow caused by the misuse of read. The address of the buffer on the stack (where we want to jump to in order to execute the shellcode) is leaked by the binary itself, thus allowing us to bypass ASLR with ease. In this video ASLR and the concept of Shellcode are introduced. Detailed explanation is given as to how execute the shellcode. Step-by-step tutorial solving pwn104 from PWN101 binary exploitation room on TryHackMe.

More on shellcode execution:
https://ir0nstone.gitbook.io/notes/ty...
https://wiki.bi0s.in/pwning/stack-ove...

More on ASLR (Address Space Layout Randomization):
https://en.wikipedia.org/wiki/Address...
Exploiting ASLR weaknesses: http://cybersecurity.upv.es/solutions...
(Advanced) Bypassing ASLR, NX, PIE and Canaries https://ironhackers.es/en/tutoriales/...

PWN101 Room: https://tryhackme.com/room/pwn101
Endianness video:    • Endianness Explained. Little-Endian a...  

Binary Exploitation PWN101 Playlist:    • Binary Exploitation PWN101  
Binary Exploitation PWN101 Webpage: https://razvioverflow.github.io/tryha...

00:00 - Intro
00:14 - Checking binary protections
00:59 - Executing the binary
01:17 - Segmentation fault (vuln)
01:44 - Analyzing binary's output
02:32 - ASLR (Address Space Layout Randomization)
06:53 - Disassembling the binary
07:28 - read() function
08:30 - Disassembling the binary
09:49 - Shellcode
10:57 - Recap
12:22 - Shellcode address leak
13:46 - Shellcode as input
14:19 - Looking for shellcodes
14:52 - Shellcode as input
16:30 - Writing the exploit
18:01 - Exploiting locally
18:30 - Exploiting remotely
19:10 - Debugging the connection
19:47 - Exploiting remotely
20:33 - Reading the flag
20:58 - Outro[*]

Exploit code, not people.
Twitter: @Razvieu
*Outro track: Etsu - Selcouth
GG

Комментарии

Информация по комментариям в разработке