Abusing the exception handler to leak flag - 32C3CTF readme (pwnable 200)

Channel:
United States LiveOverflow
Subscribers:
921,000
Published on ● Video Link: https://www.youtube.com/watch?v=wLsckMfScOg


Duration: 30:36
20,617 views
378

Solving the readme pwnable 200 from the 32c3 ctf. I didn't solve it during the CTF but worked through several writeups and doing some more research. Now that I understood it I recorded solving the challenge again and recorded a commentary for it.

CORRECTION: I explained the stack canary with the `fs` register wrong. The `fs` register has an address and the stack canary is stored at offset +0x28 from that address.

Stack Layout for an ELF program: https://www.win.tue.nl/~aeb/linux/hh/stack-layout.html
Credits: https://github.com/ctfs/write-ups-2015/tree/master/32c3-ctf-2015/pwn/readme-200
Vagrant: https://www.vagrantup.com/
CTF VM: https://github.com/thebarbershopper/ctf-vagrant-64
BinaryNinja: https://binary.ninja

-=[ 🔴 Stuff I use ]=-

→ Microphone:* https://geni.us/ntg3b
→ Graphics tablet:* https://geni.us/wacom-intuos
→ Camera#1 for streaming:* https://geni.us/sony-camera
→ Lens for streaming:* https://geni.us/sony-lense
→ Connect Camera#1 to PC:* https://geni.us/cam-link
→ Keyboard:* https://geni.us/mech-keyboard
→ Old Microphone:* https://geni.us/mic-at2020usb

US Store Front:* https://www.amazon.com/shop/liveoverflow

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#CTF #BufferOverflow #BinaryExploitation



Other Videos By LiveOverflow


2016-02-03First Exploit! Buffer Overflow with Shellcode - bin 0x0E
2016-01-29First Stack Buffer Overflow to modify Variable - bin 0x0C
2016-01-27Live Hacking - EFF-CTF 2016 - Level 0-4 (Enigma Conference)
2016-01-25Smashing the Stack for Fun and Profit - setuid, ssh and exploit.education - bin 0x0B
2016-01-22The deal with numbers: hexadecimal, binary and decimals - bin 0x0A
2016-01-15Syscalls, Kernel vs. User Mode and Linux Kernel Source Code - bin 0x09
2016-01-12Uncrackable Program? Finding a Parser Differential in loading ELF - Part 2/2 - bin 0x08
2016-01-08Uncrackable Programs? Key validation with Algorithm and creating a Keygen - Part 1/2 - bin 0x07
2016-01-05Simple Tools and Techniques for Reversing a binary - bin 0x06
2016-01-04ROP with a very small stack - 32C3CTF teufel (pwnable 200)
2015-12-31Abusing the exception handler to leak flag - 32C3CTF readme (pwnable 200)
2015-12-29Reversing and Cracking first simple Program - bin 0x05
2015-12-24How a CPU works and Introduction to Assembler - bin 0x04
2015-12-22Live Hacking - Twitch Recording overthewire.org - Vortex 0x01-0x03 (3h)
2015-12-21Writing a simple Program in Python - bin 0x03
2015-12-17Writing a simple Program in C
2015-12-14Introduction to Linux - Installation and the Terminal - bin 0x01
2015-12-14LiveOverflow Channel Introduction and Backstory - bin 0x00
2015-04-22LiveOverflow - Trailer


Tags:
live hacking
live ctf
buffer overflow
let's hack
exploitation
shellcode
32c3ctf
stack layout
stack smashing
sigabort
sigsegv
0x41414141
ELF binary
32c3
chaos communication congress
32c3-ctf
readme.bin
pwnable
pwnable 200
how to hack
hacking tutorial
reverse engineering
information security
ethical hacking
infosec