2021-02-25

[public] 48.4K views, 4.56K likes, 33.0 dislikes audio only

LiveOverflow

Helping somebody with a simple format string exploit via twitter. Getting stuck with problems is one of the most frustrating but best ways to learn. That's why I like to help people figure out their own issues, rather than just telling them.

https://exploit.education/protostar/

Binary Exploitation Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN

Voice Actor John Hammond: https://www.youtube.com/channel/UCVeW9qkBjo3zosnqUbG7CFw

00:00 Intro

00:59 Question via Twitter DM

02:16 My Initial Thoughts and Analysis

03:20 Format String Recap

04:30 Analyzing The Broken Script

05:39 "Where is the flag?" What is the challenge goal?

06:20 Question 1: What does %s do?

07:16 Question 2: What is the difference between %x and %s?

08:07 GO WATCH MY OLD VIDEOS!

08:28 Question 3: Does %s print strings from the stack?

09:09 Binary Exploitation Episode 0x1E & Google Solutions

10:45 Question 4 Going Back to Basics!

12:05 Question 5: How to print actual stack values?

13:05 Miscommunication via Text Messages

13:45 Wrong Challenge Assumptions

14:33 Miscommunication Again

15:35 Testing %x

15:56 Recognizing ASCII in hexdump

17:10 Typical Format String Exploit Issues

17:59 Running Into More Weird Bugs

20:23 Debugging The Script

21:45 Almost Solved It!

22:45 Found the Flag!

23:20 Ooops! They Had Solved It Earlier

23:34 Conclusion: Helping People Takes Time

24:15 Is This a Good Video?

24:39 Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Instagram: https://instagram.com/LiveOverflow/

→ Website: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/