Format String to dump binary and gain RCE - 33c3ctf ESPR (pwn 150)

Channel:
United States LiveOverflow
Subscribers:
921,000
Published on ● Video Link: https://www.youtube.com/watch?v=XuzuFUGuQv0


Duration: 13:25
46,094 views
1,354

Solving Eat Sleep Pwn Repeat (ESPR - 150 pwn) challenge from the 33c3ctf. Dumping the binary through a format string vulnerability, leaking libc addresses in the global offset table, finding the matching libc and overwriting printf@got with system() to get RCE.

-=[ πŸ”΄ Stuff I use ]=-

β†’ Microphone:* https://geni.us/ntg3b
β†’ Graphics tablet:* https://geni.us/wacom-intuos
β†’ Camera#1 for streaming:* https://geni.us/sony-camera
β†’ Lens for streaming:* https://geni.us/sony-lense
β†’ Connect Camera#1 to PC:* https://geni.us/cam-link
β†’ Keyboard:* https://geni.us/mech-keyboard
β†’ Old Microphone:* https://geni.us/mic-at2020usb

US Store Front:* https://www.amazon.com/shop/liveoverflow

-=[ ❀️ Support ]=-

β†’ per Video: https://www.patreon.com/join/liveoverflow
β†’ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ πŸ• Social ]=-

β†’ Twitter: https://twitter.com/LiveOverflow/
β†’ Website: https://liveoverflow.com/
β†’ Subreddit: https://www.reddit.com/r/LiveOverflow/
β†’ Facebook: https://www.facebook.com/LiveOverflow/

-=[ πŸ“„ P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#CTF #FormatString #BinaryExploitation



Other Videos By LiveOverflow


2017-03-10SHA1 length extension attack on the Secure Filesystem - rhme2 Secure Filesystem (crypto 100)
2017-03-05Using UART / Serial to interact with an embedded device - rhme2 Setup
2017-03-03riscure embedded hardware CTF is over - loopback 0x03
2017-02-25Developing an intuition for binary exploitation - bin 0x20
2017-02-17Showing various security issue of the Wifi-Cloud Hub
2017-02-14GynvaelEN Hacking Livestreams and how stack cookies work
2017-02-10How safe is a Wifi Cloud Hub Router (from hackers)?
2017-02-03Bash injection without letters or numbers - 33c3ctf hohoho (misc 350)
2017-01-27[Live] A basic Heap Feng Shui intro - 33c3ctf babyfengshui (pwn 150)
2017-01-20PHP include and bypass SSRF protection with two DNS A records - 33c3ctf list0r (web 400)
2017-01-13Format String to dump binary and gain RCE - 33c3ctf ESPR (pwn 150)
2017-01-06How to learn hacking? ft. Rubber Ducky
2016-12-30Rooting a CTF server to get all the flags with Dirty COW - CVE-2016-5195
2016-12-27LiveOverflow Channel Trailer
2016-12-23Riscure Embedded Hardware CTF setup and introduction - rhme2 Soldering
2016-12-20[Live] Remote oldschool dlmalloc Heap exploit - bin 0x1F
2016-12-16Remote format string exploit in syslog() - bin 0x1E
2016-12-13First remote root exploit - bin 0x1D
2016-12-09Linux signals and core dumps - bin 0x1C
2016-12-06Celebrating 10.000 subscribers with a small Q&A - loopback 0x02
2016-12-02Socket programming in python and Integer Overflow - bin 0x1B


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
format string
formatstring
format exploit
format vulnerability
format string exploit
leak libc
leak address
dump arbitrary memory
find libc
libc database
niklasb
eat sleep pwn repeat
33c3
33c3ctf
ESPR
pwnable challenge
exploitation challenge
remote code execution
dump remote binary
video writeup
ctf write-up
capture-the-flag
security ctf
33c3 ctf