Комментарии:
Wow that's pretty cool.
ОтветитьI think this is a perfect start
ОтветитьWhy would the executable file contain any information about the names of the functions?
ОтветитьThis is so freaking cool. Edit: i click on 1 video and watch all 3 related to it. Man this is so awesome.
Ответитьnow make a video on how to make your thing secure from this...
ОтветитьIf you use strace when running the program and overflow the buffer it actually shows you the password that it’s comparing your input to 😅 I found this out by accident.
Run: strace ./hacked
Then: overflow buffer
Once the seg faults you’ll see the output somewhere that states :
write(1. “Password: “, 10password: )
read(0, too_kool_4_skool
Thought you were John Hammond for a little bit and I was like "wow, he looks so different cleanshaven!"
ОтветитьHacking ideas.
ОтветитьThe title implies the solution is to just make the buffer longer. It should be called "what happens when you don't use fgets()"
ОтветитьInteresting for debugging your local code, but a "how to fix this hole" closing would be better for teaching.
ОтветитьI love you man
ОтветитьOK, this was, obviously, way oversimplified, with much more info available to us than would be to a typical attacker, but still it illustrates the principle of buffer overrun exploit, the most common of them all, very nicely.
ОтветитьCan't you use actual vulnerabilities?
Nobody uses gets anymore ...
It doesn't make sense.
What if we use strdup or fgets instead of gets, obviously gets is deprecated now.
Ответитьsmart
Ответитьcan u please tell me the distro ure using in this video
ОтветитьWhy would hacker have the execution file? And does this trick works on interpreted languages?
Ответитьthe Waffle House has found its new host.
ОтветитьIn no way did he start of the video by breaking bad.
ОтветитьThe more I look at C/POSIX, the more I find it horribly designed...
or perfectly designed for exploitation 😕
You couldn't do this in Ada !
Hey! I am loving the recent content but have to ask a question, arent operating systems increasingly protective over buffer overflows? Like modern windows versions make it near impossible from what I have heard.
Ответитьusing c or c++ is basically begging for getting hacked
Ответитьamazing man !!! thank you very much !!
ОтветитьWhy wouldn't your code be compiled as a PIE with ASLR and SSP? Buffer overflows while still a major problem deferring address resolution until runtime with a cannery to pick up accidental overruns would lessen the number of people that could feasible attack the process.
ОтветитьVery nice video; though how would you find the debug() address on windows?
ОтветитьI just discovered a whole new interest watching this video
ОтветитьAlso you can write 0x08049296.to_bytes(4, "little") to convert the address to bytes in little endianness
ОтветитьI like how you release this video after I had a project in my computer security class on performing buffer overflow attacks
ОтветитьGreat info! SUBSCRIBED
ОтветитьIf you have access to the compiled binary cant you just edit it and write a call to the debug function at the start of the program? I cant see why you would need to write a python exploit and overflow the buffer.
ОтветитьHow do we know (as hypothetical hackers) that we want to look for the debug() function?
Ответитьis it bad that i dont space my brackets? I have them attached to their control struct or function.
ОтветитьCybersecurity noob here; I have a question.
You only knew the address of debug() because you had access to the compiled executable. How would someone hack in over the net not knowing the address of the function?
Not into C at all but very educational and well explained. Thank you
ОтветитьI like your funny words magic man
ОтветитьIsnt the address of debug() function going to change when it is loaded into memory? I remember something like relocateable executable, but not sure.
ОтветитьTHANKS@!
ОтветитьSecurity on computers is just like security anywhere else, its all about how much security you need. For a lot of software, this exploit (except for the fact that it casuses a crash when the user inputs a password that is to long) is not something you need to worry about. For the same reason a pad lock is fine to use on your bike. Its hard enough to discourage people from even bothering because the benefit of breaking in is not worth the hassle of figuring out how. In my experience, buffer overflow attacks are (for any meaningful gains) usually way to hard to be a worth while endevaor (asides from possibly causing software to crash and using that to cause a service to be down).
Ответитьwell i use python not c so 🤷♂️
ОтветитьPlease keep uploading!
ОтветитьI am note even remotely a coder, but I did write a horribly if then nested piece of code in LUA in Minecraft with the ComputerCraft mod and have been wanting to make a mostly secure password Programm from scratch for me there, too. I wonder if I can break that like this too ...
ОтветитьNice video but honestly Java is far better
ОтветитьI have a question:
In c++, is the string standard library safe or is it vulnerable to similar attacks to what’s seen here?
i never seen some one use tail linux for coding or exploit finding or hacking
ОтветитьCan you make one of these videos with the arduino environment: methods such as Serial.read() etc ??
Ответитьthis is a GOLDEN content. Please keep it up. I love your channel it's unique.
Ответить