2025-02-28
[public] 21.4K views, 5.06K likes, dislikes audio only
When auditing code it's crucial to know about common issues. In this video we explore a Go issue that I was not aware of.
Learn hacking on https://www.hextree.io/ (ad)
38c3 CTF - Fajny Jagazyn Wartości Kluczy:
https://2024.ctf.link/internal/challenge/fb03748d-7e94-4ca2-8998-a5e0ffcbd761/
Unintended solution: https://msanft.foo/blog/hxp-38c3-web-fajny-jagazyn/
Challenge author writeup: https://hxp.io/blog/114/hxp-38C3-CTF-Fajny-Jagazyn-Wartoci-Kluczy/
VSCode Go debugger client code: https://github.com/golang/vscode-go/blob/39786ea90f18ab98f75d091b9a04367d1b1df82c/extension/src/debugAdapter/goDebug.ts#L1557
00:00 - Intro
00:20 - Go gjson vs json behavior
01:33 - Overview CTF challenge "Fajny Jagazyn Wartości Kluczy"
04:33 - Weird server setup?
05:55 - Arbitrary file read
07:00 - /proc filesystem trick
08:01 - Unintended solution
09:14 - What was the intended solution?
12:58 - Exploiting Go race condition
13:58 - Outro
=[ ❤️ Support ]=
→ My courses: https://www.hextree.io/
→ My font: https://shop.liveoverflow.com/
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
2nd Channel: https://www.youtube.com/LiveUnderflow
=[ 🐕 Social ]=
→ LinkedIn: https://www.linkedin.com/in/liveoverflow
→ X / Twitter: https://x.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Streaming: https://twitch.tv/LiveOverflow/
→ TikTok: https://www.tiktok.com/@liveoverflow_
→ Blog: https://liveoverflow.com/
/youtube/video/wVknDjTgQoo?t=20
/youtube/video/wVknDjTgQoo?t=93
/youtube/video/wVknDjTgQoo?t=273
/youtube/video/wVknDjTgQoo?t=355
/youtube/video/wVknDjTgQoo?t=420
/youtube/video/wVknDjTgQoo?t=481
/youtube/video/wVknDjTgQoo?t=554
/youtube/video/wVknDjTgQoo?t=778
/youtube/video/SyTy1uZgx8E
https://liveoverflow.com/support
/youtube/video/LrLJuyAdoAg