No video
How some functions can be Dangerous | bin 0x01
#BinaryExploitation #ELF #Executables
This is the second video in the series Binary Exploitation. In this video, we're gonna look at some simple attacks via dangerous functions.
🔗 Code + Build Instructions: old.hackercamp.co/
💬 Discord: / discord
🐤 Twitter: / pwnfunction
🎵 Track: Warriyo - Mortals (feat. Laura Brehm)
NCS link: • Warriyo - Mortals (fea...
Пікірлер: 194
I had to do it. P.S did you find the date?
@a.yashwanth
3 жыл бұрын
glad you did.
@brunoais
3 жыл бұрын
ofc
@SEX_ON_DRUGS
3 жыл бұрын
😎 nice
@paramjotsingh8406
3 жыл бұрын
I feel like "I have been pwned"
@chompyumyum4615
3 жыл бұрын
The game. Sorry I had to get revenge.
I love your color scheme and art style... even your terminal feels satisfying to look at
@Wpar
3 жыл бұрын
do you know what the font is called for the terminal?
@softicecreamer
3 жыл бұрын
@@Wpar yes it's monolisa... I worked hard to find it but its not free tho
@carlostypes3942
3 жыл бұрын
I believe it is the Robby Russell theme from Oh My ZSH if anyone else is looking for this in the future, if not it looks very similar
@SpeedingFlare
3 жыл бұрын
The theme of his videos reminds me of the Dracula theme
@Wpar
3 жыл бұрын
@@softicecreamer 50 quid for a font lmao
In level 2 you could also enter 'zsh' instead of '\
@paulosantana9607
3 жыл бұрын
I was thinking the same, but wasn't sure if it would work
@enderger5308
3 жыл бұрын
Or sh, which is 2 characters (launching the Borne Shell)
@masamune5710
3 жыл бұрын
That’s what I immediately thought. In ctfs it’s generally desirable to look for ways to get a shell
@Ski4974
3 жыл бұрын
I thought that tool lol
@lilspelunker5613
3 жыл бұрын
I was thinking of " -i" since the manual page had -i (interactive mode) and I thought it'd use interactive and ignore -c if you did that
did i just get rickrolled by an ELF binary
@Sparkette
3 жыл бұрын
If you run your browser on Linux, technically that's any rickroll.
@tsalVlog
3 жыл бұрын
@@Sparkette *on Linux kernel versions after 2.6.0,
@Sparkette
3 жыл бұрын
@@tsalVlog What did that add? DRM? (The good kind 😛)
@Ryan-xq3kl
3 жыл бұрын
@@Sparkette one time i got an error that said “invalid arch independent ELF magic” and i thought it was just fucking with me
@Sparkette
3 жыл бұрын
@@Ryan-xq3kl If that happens again, I'd call Santa Claus
came here from LiveOverFlow's video and i loved your content, just what I was looking for
Just about died when you made the ‘root shell on the first date’ joke. Great stuff, can’t wait for the next video!
I really like your way of teaching.Cool+informative+meme😂❤️
that was some next-level rickroll... it's a great video btw!
@fisch37
3 жыл бұрын
@Hand Grabbing Fruits Well, it's a level 3 rickroll
Wow this has to be one of the most interactive videos I've ever watched about this topic. I know a little bit about Linux and a decent amount about C++ and this helped me connect the two in such a sensible way.
14:20 as soon as I saw "never gonna give" I instantly thought "OH NO"
im really glad i found you i love how you setup you videos, you give examples and really break it down, keep up the good work
I have been looking for something like this for the past 3 years, and I love this
I like how clean your slides/interface are
The use of þ in this video is sort of hilarious to anyone that reads it as "th"
Bro, your videos are so amazing. thank you for the hard work. Have a nice day!
@PwnFunction
3 жыл бұрын
You too.
This channel is so good, loving your content
@PwnFunction
3 жыл бұрын
Glad you like it.
This is pure gold, keep up the great work.
this is so high quality, amazing work
The roll at the end was a nice touch 👌
Awesome job explaining this!!
Love the graphics. Very well done
That's where the trouble began, that terminal. That damn terminal 🥺 It's so beautiful 😭
Wow! No unlikes so far!!! I never seen a video like this. congrats! Keep it up. I am going to watch the whole channel today. 👌🏽👌🏽👌🏽
Very nice video! Glad I found your channel :P
As always, excellent video.
OMG! I fkin died when you said "only logical thing to do next: hack the Pentagon". 🤣🤣🤣 Your sense of humor is awesome!
This helped a lot thank you
Gals you are back with another video 😁😁 Keep making such videos
Your materials are soooo go, thank you, would love to have lessons with you :)
Really good content!
Great video!
just use shell script for example 3 to save some steps! Anyway thanks for the awesome video!! I was actually surprised that after years of programming and no studying security a lot of these answers came quickly and naturally to me. I would have even tested
Awesome mate❤️we need more videos for binary exploitation
Amazing content 👏
Excellent content
>Imagine what could go wrong if a user supplied input got in, it would be worse than if an asteroid hit I dunno man, sounds like bash but with extra steps.
Nice very good ; thanks for sharing
Security cells in your brains' like *beep* *beep* *beep* WARNING! Threat detected, Defcon1 bla bla bla XD [ This guy is simply awesome! ] Love your content
I love your style and the pace of the video, subscribed! Btw what font do you use? It's lovely!
@__cdecl4085
3 жыл бұрын
It's called Dank Mono
almost died to the rickroll, it's currently 11pm, i'm alone in the dark.
Instructions unclear I'm now on the FBI's most wanted list
I was waiting for binary exploitation for so long
Great video man, subbed! Got any suggestions on how to get started on learning how to hack?
"Hi simp" 😂 nice touch
+1 sub :) KZread served me some of these vids and the production quality is 9/10 and you've only got like 60k subs. To the moon like doge...
Nice video! What program do you use to make those kind of animation ?
How to hack pentagon: 1. get an axe 2. go to pentagon
@skilz8098
2 жыл бұрын
Vote after dying, it seems to work as of lately...
It must take you so long to make these incredibly videos.
niceeeeee videeeo keeep going please
I wish to see much success with this channel. You're setting yourself up nicely! subscribers+=1
@blank-vw2sb
3 жыл бұрын
error: expected ';' before EOF subscribers += 1 ^~~~~~
@Tclack
3 жыл бұрын
Haha, very nice. But you see, I'm using python
@Tclack
3 жыл бұрын
@juan francisco Minor you're totally right. My last excuse is I just don't really know C/C++ 😥
@lobsterfork
2 жыл бұрын
@@Tclack well, once you know C++, you know C!
Good bro
subbed
Great video. Can you please make video, where you show, how to customize shell like you 🙏😁.
respects for using chr(0x69) to test inputs hehehe
Easier solution to *level3* that I've come up with: - create a C file(mw.c) that executes the command "cat flag.txt" - compile the C in a way that the binary executable name is only 2 chars long. gcc mw.c -o *mw* - replace the "date" text in the level3.c file by using the sed command, hence: *sed -i 's@date@./mw@' level3* - ./level3 and boom
Please continue making moar videos. Format, content and humor are great to my taste!
Haha I've used system()! Super useful. I've also done something similar with JavaScript. But sometimes you want to do something that isn't technically safe.
Just said out loud “who the fuck is this???” Subscribed
What is your zsh profile (basically how do I get my shell to look like yours) also for vscode what fonts do you use
I can't believe I got rick rolled.
Hey bro can you tell me which software you're using to edit these animations?
UHHH New Video
Where you edit your's video and how did you do your animations.
You cheeky bastard! 😂
If you have this guy you don't need other tutorials / explanations from others ♥️
better than liveoverflow
Just about died when the last flag was read.
The only time my alarm bells start ringing is when I find people got rick rolled in the comments before I finish the video.
👍👍
❤️
13:10 big brain
What's the drawing app that you're using?
this was a very interesting rickroll
I green to the whole writing code. Learing linux on a pie someone gave me. So to be able to have root access in a line is crazy to me. Havin Fun learning though.
9:35 Gnat!!
Is there permission control on setting PATH?
hello, can you explain web object injection attack ?
For level 2 couldnt you also enter -i as then zsh would spawn a interactive shell
In level 2, why does typing "zsh" for my 3 characters not open me a shell where I can type longer commands? If I try "zsh -c zsh" in my terminal it does what I expect it to do. Is the difference due to the way the "system" function works, or is it due to the way ncat works?
First time I've heard etc pronounced as etsy
we got ourshellves
On 5:17 I see a daywalker indeed
what about short symbolling link?
Get DamnPWNed
Thanks for the detailed explanation but I didn't get, how the executed commands get root access in the first place. You are starting for example level1 as a normal user. As the program is run as user it should not have access to that file. But why does it has access? If programs have access in general you could execute cat directly on the file and it would have access. But that's not the case, right? So is it because of the chmod u+s? So why don't you do chmod u+s on cat and directly read the file with cat instead of misusing another program? It's because you need root rights to set that flag right? But if you have root rights, to set that flag, why don't you use the same root rights to cat on the file? Actually the programs you wrote would be save if you didn't have put chmod u+s on them, right? So not the software is insecure the flag is. Shouldn't you tell people not to use chmod u+s then?
PWN how do you make your thumbnails
@PwnFunction
2 жыл бұрын
I draw in Adobe animate
Why don't you run zsh as a command inside the zsh -c ? That'd open another zsh shell for you right?
Anyone know what font the terminal is using?
@PwnFunction
3 жыл бұрын
Dank Mono
I actualy got them all first try(i knew how the system worked from windows)
My zsh doesn't let me change directories with that shorthand...
for #2, I would have run `sh` so that I can access a shell as root and run my cat command in there
I think you should increase the volume of the upcoming videos, because it's still difficult to listen to you even though I've already maxed out the volume of my phone.
Did I miss something or why exactly is the process of level 2 run as root?
@Gramini
3 жыл бұрын
Simulated human mistake maybe.
Can someone tell me what type of animation he uses
Did you really revealed your face in the latest noobOverflow video?
@PwnFunction
3 жыл бұрын
Ah hell nah, that was Lupin. I'll remain faceless.
Can u make a theme for Ubuntu with your color scheme pls ?
One question, how in the world did you get a shell on your *local wifi????*
What font are you using for your terminal? 🤤🤤
@PwnFunction
3 жыл бұрын
Dank Mono
@jeffreyson2820
3 жыл бұрын
@@PwnFunction everyone asking for the font but nobody for colorscheme. Please share it it looks great
Mannn, netcat removed -e flag right?? For security concerns??
So anything running on elevated permissions mustn't use the PATH variable...