We write our first real exploit to get root access. Solving stack5 from exploit-exercises.com with a simple Buffer Overflow and shellcode.
Run into some problems (illegal instruction):
Stack Level 5:
-=[ 🔴 Stuff I use ]=-
→ Microphone:*
→ Graphics tablet:*
→ Camera#1 for streaming:*
→ Lens for streaming:*
→ Connect Camera#1 to PC:*
→ Keyboard:*
→ Old Microphone:*
US Store Front:*
-=[ ❤️ Support ]=-
→ per Video:
→ per Month:
-=[ 🐕 Social ]=-
→ Twitter:
→ Website:
→ Subreddit:
→ Facebook:
-=[ 📄 P.S. ]=-
All links with “*” are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
#BufferOverflow #BinaryExploitation #Shellcode
Tag: shellcode, live hacking, live ctf, buffer overflow, let’s hack, shellcode, exploit-exercises, exploit-exercises.com, gdb, shellstorm, bufferoverflow, debugging, code execution, stack overflow, eip, rip, return pointer, smash the stack, stack smashing, stack, overflowing the return pointer, how to hack, hacking tutorial, reverse engineering, information security, ethical hacking, infosec
Xem Thêm Bài Viết Về Mẹo Hay Khác: https://meocongnghe.vn/meo-hay
Nguồn: https://meocongnghe.vn
But how we get root privileges? Why not user?
Great video! Thank you. How can I determine how long my nop slide should be?
This really helps when encountering the Illegal Instruction during getting root!
https://www.reddit.com/r/LiveOverflow/comments/akcu9r/need_help_with_protostar_stack5/
-> Note: try to add more offset in eip (e.g. 0xbffff7b0 + 70 works fine for me)
Just a little reminder, at 8:18 he's adding 30 as a decimal value to the address. I was wondering why I still got an 'illegal instruction' message, until I checked in dbg only to see that it added 30 as a decimal value and not as hex. This resulted in my offset being to small and not hitting in the NOPs. Using 'x30' resolved this issue and I got the 'Trace/breakpoint trap'. When you get your head around this stuff it's really fascinating. Thanks for the great videos!
i am converting from script kiddie to proper user , i know the pain now , script works at first , but my programms dont lol
Thanks for the video this was extremely helpful. Keep up the great work sir! Your content is 👌.
im doing reverse engineering on the reverse engineering that ur teaching me lol, terms apply looking every 5 second of info from google to understand the whole video but i love it
if it apperas nuts at first few times – really just return to it few days later. I understood so much better after one week not thinking about it
floating point exception instead of illegal instruction at 6:21 anyone??
Why do you +30 to the eip @8:20?
Fucckkkkk!!! I've been scratching my head over for this for days !
very interesting, thanks! keep it up dude!
this whole thing can only happen if the stack is executable right?(basically NX disabled)
Hey can you help me? When I try to put an adress into the instruction pointer, the adresses change all the time. In your video, the adresses remain the same. What am I doing wrong?
For those getting SEGMENTATION FAULT when trying to execute the shellcode (INT3 interrupt), here's the solution:
recompile your code with this option "-z execstack" to make the stack memory executable.
Hi,
After successfully executing shellcode
I just wanted to know why my shellcode process always exits after a single command like "ls"…
Anyone tried this on their base machine ? not while on ssh protostar ? because it dosent work on Linux 5.5.0-1parrot1-amd64 kernel ! or it doesn't related to kernel and I am doing something wrong ??
to generate the alphabet one can use this one-liner: "".join([4*chr(a) for a in range(97, 120)]). Also metasploit framework has a utility for index finding
This was a great intro to buffer overflows. It was a bit little challenging to get working on modern 64bit Linux system, but finally figured it out. It would be really cool to see an updated video on this. Keep up the good work man!
3:37 op code "xCC" (INT3)
8:09 NOP sled
9:03 shellcode database
10:27 shell without input
9:07 another good tool, especially if you're using Linux, is MSFVenom… Sure you've heard of it, a lot of different exploits to chose from, can generate shellcode without certain chars, of a certain size etc
Found a newer version
I only have one though….
Great video.
I'm running this on ubuntu 16.04 on VM, and I can't run shell as root even though i set setuid, setgid, and set ownership of the program to root. Why is it not working?
Davy Wybiral x86 is good on esp ebp stuff