Bash injection without letters or numbers - 33c3ctf hohoho (misc 350)

Channel:
United States LiveOverflow
Subscribers:
921,000
Published on ● Video Link: https://www.youtube.com/watch?v=6D1LnMj0Yt0


Duration: 11:09
114,548 views
4,468

This challange was an amazing team effort. There were multiple steps necessary for the solution and different people contributed. The final big challenge was a bash eval injection, but without using any letters or numbers.


-=[ 🔴 Stuff I use ]=-

→ Microphone:* https://geni.us/ntg3b
→ Graphics tablet:* https://geni.us/wacom-intuos
→ Camera#1 for streaming:* https://geni.us/sony-camera
→ Lens for streaming:* https://geni.us/sony-lense
→ Connect Camera#1 to PC:* https://geni.us/cam-link
→ Keyboard:* https://geni.us/mech-keyboard
→ Old Microphone:* https://geni.us/mic-at2020usb

US Store Front:* https://www.amazon.com/shop/liveoverflow

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#CTF



Other Videos By LiveOverflow


2017-03-24Solving AVR reverse engineering challenge with radare2 - rhme2 Jumpy (reversing 100)
2017-03-17Start reverse engineering AVR - Memory Map and I/O Registers - rhme2 Reverse Engineering
2017-03-12What do Nintendo Switch and iOS 9.3 have in common? CVE-2016-4657 walk-through
2017-03-10SHA1 length extension attack on the Secure Filesystem - rhme2 Secure Filesystem (crypto 100)
2017-03-05Using UART / Serial to interact with an embedded device - rhme2 Setup
2017-03-03riscure embedded hardware CTF is over - loopback 0x03
2017-02-25Developing an intuition for binary exploitation - bin 0x20
2017-02-17Showing various security issue of the Wifi-Cloud Hub
2017-02-14GynvaelEN Hacking Livestreams and how stack cookies work
2017-02-10How safe is a Wifi Cloud Hub Router (from hackers)?
2017-02-03Bash injection without letters or numbers - 33c3ctf hohoho (misc 350)
2017-01-27[Live] A basic Heap Feng Shui intro - 33c3ctf babyfengshui (pwn 150)
2017-01-20PHP include and bypass SSRF protection with two DNS A records - 33c3ctf list0r (web 400)
2017-01-13Format String to dump binary and gain RCE - 33c3ctf ESPR (pwn 150)
2017-01-06How to learn hacking? ft. Rubber Ducky
2016-12-30Rooting a CTF server to get all the flags with Dirty COW - CVE-2016-5195
2016-12-27LiveOverflow Channel Trailer
2016-12-23Riscure Embedded Hardware CTF setup and introduction - rhme2 Soldering
2016-12-20[Live] Remote oldschool dlmalloc Heap exploit - bin 0x1F
2016-12-16Remote format string exploit in syslog() - bin 0x1E
2016-12-13First remote root exploit - bin 0x1D


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
bash injection
33c3
33c3ctf
33c3 ctf
video writeup
security ctf
capture the flag
hacking ctf
bash eval
eval injection
eval without letters
eval without numbers
only special chars
misc
towers of hanoi
hanoi towers
special hanoi version
solving hanoi
bash script injection
bash script eval
bash function
bash shell
shell injection