Thanks, I've been looking forward to the next episode ! 👏👏

@PinkDraconian

2 жыл бұрын

More to come! Very happy I finally got my foot down and made this one!

This is beautiful content man. I feel motivated to deep dive into pwning.

@PinkDraconian

4 ай бұрын

Thank you! Happy to fuel that pwning fire within you! 🔥

this helps me a lot to get the basics fast RESPECT

@PinkDraconian

2 жыл бұрын

Thank you! Let's become a hero in pwn!

In christmas holiday going on, I took a break from Bug Bounty as I felt burn out and so wanted to focus on pwn challenges of CTFs'. Man, this video and the playlist is so much fun. Thanks for making my holiday awsome bro. Cheers

@PinkDraconian

5 ай бұрын

Glad I could help! Happy holidays!

Awesome video! Thank you.

@PinkDraconian

Жыл бұрын

Glad you liked it!

I think you might be confusing terms. Least significant bit describes numbering on bit level. I think you meant little endian in this case. Also, the shebang is not processed by bash but the exec* family system calls process it. Forgot the most important part, great video! :)

@PinkDraconian

2 жыл бұрын

Hi! Thanks for your comments. I indeed switched those terms up there. I must've meant least significant byte (LSB) there, since afaik, that is the same as little-endian. I'm by far no expert in anything I'm saying here. I've been doing binary exploitation in CTFs for a couple of years now, but wanted to use this series to get everything I've learned down for others to use. So thank you for allowing me to get this concept straight in my head again. As for the shebang line, same thing. My bad :) It's these small things that you've seen thousands of times over the years and then mistakenly use in a wrong way. Thanks for correcting me there! Appreciate it!

Will you continue the series ? Amazing work ! Love your content

@PinkDraconian

7 ай бұрын

I wish I had the time

Superb quality as usual! 💜 5:50 could also do "print(io.recvlines(6))" to save some space

@PinkDraconian

2 жыл бұрын

I didn't know about recvlines! Thank you. In the rest of the video is use recvuntil and sendlineafter but I just want to keep it very basic there, so people wouldn't get confused 😀

cool stuff

@PinkDraconian

2 жыл бұрын

Thank you!

I actually love classic Python slicing so the code can be very straightforward =)

@PinkDraconian

2 жыл бұрын

Me too! Once you understand it, it results in such clean ways of getting what you need!

@8888UNIVERSE8888

2 жыл бұрын

@@PinkDraconian exactly!

would u continue this series ? i wonder cuz ur video kinda nice for someone new to this stuff like me. Anyway, i love this series, hope you can continue it !

@PinkDraconian

2 ай бұрын

Hiya, sadly, I do not have the energy or resources to continue this series. Best of luck on your journey!

Amazing video, but could you please put the binary challenge file in your github

@PinkDraconian

7 ай бұрын

I should do that!

Looooking forward to it, thank you soo much

@PinkDraconian

Жыл бұрын

You're so welcome!

can you please attach the challenge.c file in the github rep or anywhere else?

@PinkDraconian

Жыл бұрын

You can find all of that here: guyinatuxedo.github.io/01-intro_assembly/reversing_assembly/index.html

@sloughpacman

Жыл бұрын

@@PinkDraconian The ./challenge binary is not present either in your or tuxedo's github!!!! Why is it that you cannot make the binary available?

@PinkDraconian

Жыл бұрын

@@sloughpacman At this point, I genuinely don't know where that file is anymore 😅

Perhaps I'm going blind, but where's the challenge binary to download?

@PinkDraconian

Жыл бұрын

Sorry for the late reply. You can find them here: github.com/PinkDraconian/PwnZeroToHero-0x05-labs Link is also in the description.

@sloughpacman

Жыл бұрын

@@PinkDraconian Sorry to say that ./challenge binary is nowhere to be seen!

Does it work for GUI applications?

@PinkDraconian

2 жыл бұрын

Pwntools won't work with GUI applications, and that's a bit by design I guess. A very big focus in binary exploitation is to target applications running on remote hosts (As seen in CTFs) and you can't have a remote application spawn a GUI on your end. I hope that makes sense :)

@nobackupkiwi

2 жыл бұрын

@@PinkDraconian ​ It does, thanks. So this brings me another question: What advantages does Pwntools have over, for example, intel pin software where you can fuzz any kind of application?

@PinkDraconian

2 жыл бұрын

@@nobackupkiwi Pwntools has a bunch of advantages catered towards binary exploitation. This video was just the basics, but we will be going into way more depth in the future. Automating ROP chain creation / Format string vulns, ... much more is present there. Pwntools isn't a fuzzer, so with pwntools you can also easily switch between a program you're debugging locally, versus one running on a remote that you're actually trying to exploit.

If i not wrong then you are intigriti member ??

@PinkDraconian

Жыл бұрын

That is true! I work for Intigriti indeed :)

Can i use pwntools to connect gdbserver? I tried 'pwn.gdb.attach((ip,port))' but it was not work

@PinkDraconian

2 жыл бұрын

As far as I'm aware, this should be possible, but I've never experimented with gdbserver, so I don't think I'm qualified to try and help here :) Good luck!

@wellmarry7317

2 жыл бұрын

@@PinkDraconian thank you :)))