Buffer Overflows: A Symphony of Exploitation

Подписаться 84 тыс.

Просмотров 67 тыс.

50% 1

⚠️* Disclaimer:
The information presented in this video is for educational purposes only. It is not intended to be used for illegal or malicious activities. The creator and any individuals involved in the production of this video are not responsible for any misuse of the information provided. It is the responsibility of the viewer to ensure that they comply with all relevant laws and regulations in their jurisdiction.
I really hope you enjoyed this video! Comment "0x41414141" if you read this!
🔖 My Socials:
avatar/mascot made with picrew: picrew.me/en/image_maker/1108773
- full credits to the artist: / mimisentakosen
- visit her shop: coconala.com/services/1871766...
official discord server: dsc.gg/crow-academy
crows-nest.gitbook.io/
github.com/cr-0w
/ cr0ww_
💖 Support My Work
/ cr0w
ko-fi.com/cr0ww
www.buymeacoffee.com/cr0w
Join this channel to get access to perks:
/ @crr0ww
🖥️ Extra Resources:
ropemporium.com/
github.com/rosehgal/BinExp
📹 Videos/Channels Mentioned:
TCM's BOF Playlist:
• Buffer Overflows Made ...
LiveOverFlow's Python2 vs Python3:
• Python 2 vs 3 for Bina...
🎵 Music Credit goes to Ian Taylor, and Adam Bond (a variety of OSRS OSTs): Created using intellectual property belonging to Jagex Limited under the terms of Jagex's Fan Content Policy. This content is not endorsed by or affiliated with Jagex.
The images and music used in this video are used under the principle of fair use for the purpose of criticism, comment, news reporting, teaching, scholarship, and research. I do not claim ownership of any of the images/music and they are used solely for the purpose of enhancing the content of the video. I respect the rights of the creators and owners of these images and will remove any image upon request by the rightful owner.
Copyright Disclaimer under section 107 of the Copyright Act of 1976, allowance is made for “fair use” for purposes such as criticism, comment, news reporting, teaching, scholarship, education, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing.
🕰️ Timestamps:
00:00 - Intro
00:31 - Background
02:25 - What is a Buffer Overflow?
05:06 - Secure Example
07:21 - Insecure Example
07:52 - Prerequisites
09:03 - Exploitation Checklist
10:16 - Assembly Basics
11:56 - Common Pitfalls
12:43 - Getting Our Hands Dirty
19:07 - Exploiting The Binary
20:37 - Bonus
21:05 - Challenge
29:50 - Outro

Наука

Опубликовано:

26 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 228

@mongru Год назад

Now this is the content I wanted to see

@crr0ww Год назад

>:)

@phantompuma228 Год назад

Honestly, I know basically nothing about hacking, yet this was so digestible and entertaining!

@crr0ww Год назад

AH ❤️ tysm that’s the plan!! :)

@honeish4662 Год назад

PLEASE I BEG YOU KEEP SHARING YOUR KNOWLEDGE IN THAT WAY, THAT'S A BANGER

@crr0ww Год назад

AAAA THANK YOU SO MUCH :"))!! , AND WILL DO :D

@MindlessMurphy555 Год назад

Love the way this was put together, very entertaining as well as informative!!

@crr0ww Год назад

thank you so much! :)))

@gurucode.studio Год назад

I thought RU-vid is very poor when we talk about this type of content until I found your channel 🤩🤩

@crr0ww Год назад

thank you so much for the kind words :’)

@toddwright3619 Год назад

That is the most comprehensive example of how a buffer overflow works that I have ever seen in a video. I have only seen it explained in books on the subject. That was a well done video and most programmers have no idea how important it is to check buffers because most don't know anything about how the processor actually works. This would be a good video for all programmers to see. I am not a professional programmer, it is a hobby interest for me but it is also a hobby interest to learn how the circuitry in the computer at the logic level actually works so it naturally makes since to me how the overflow attack works. Well done.

@crr0ww Год назад

Todd, I wanted to take a moment to write out a special message for you. Something about your message really pulled on some heartstrings for some reason, so number 1, thank you so much for the kind words, seriously it means so much to me. Secondly, I completely get what you're saying. It's inherently a pretty technical subject to cover, I mean there are so many moving parts and most of them are seriously pretty low-level in relation to the CPU; and the 1s and 0s therein. As you were saying, most programmers have probably heard of these kinds of attacks but since they typically use such a high-level/highly-abstracted language that handles memory management and does garbage collecting for them, it can very easily slip their minds which, 100% downplays the severity of it. It's because of this reason that I decided to make a video so that ALL of us, as a community - hackers, programmers, infantile water lizards, etc. could learn about these kinds of vulnerabilities :) Thank you so much for commenting, Todd. Keep up the great work as well! I hope you stick around! :D

@naltun4702 Год назад

Easily the best video on buffer overflows I've seen. Thanks!

@crr0ww Год назад

thank you so much for watching

@Cyanbland_ 11 месяцев назад

This video is awesome! Thank you for putting the effort!

@martinguti95 Год назад

Loved the format! Keep at it man! :)

@crr0ww Год назад

thank you so much, enrique 🥹❤️ will do ! : )

@Gobillion160 Год назад

LMAO IVE REWATCHED THIS LIKE 10 TIMES NOW AND JUST NOTICED THE OSRS MUSIC IN THE BACKGROUND

@crr0ww Год назад

BRO LMAO

@Anonymous-im9yz 4 месяца назад

Thank you man this vid show me the whole pic and and imporve my understanding thank you again

@user-qo2mn6yr1n 2 месяца назад

This is literally the only video about buffer overflow which made it so simple, i could understand.

@crr0ww Год назад

join our official discord: dsc.gg/crow-academy

@crckrbrrs 2 месяца назад

especially if you're a femboy :3

@fabiorj2008 Год назад

Love the video. Amazing. Despiste about all usefull explanation I cant stop think about your teminal theme. Keep going and thanks for your time.

@zer0day463 Год назад

Really loved this masterpiece, you deserve billion subs

@crr0ww Год назад

😂 thank you so much, i really appreciate it!

@zer0day463 Год назад

@@crr0ww glad you did

@eddr98 Год назад

Love the content and loving the background RuneScape music

@crr0ww Год назад

thank you!

@hutch-uu322 4 месяца назад

Love your stuff man. I want to be like you when I grow up :)👍

@thesuperflexibleflyingtaoi8866 Год назад

awesome! Fun to watch and listen!

@hexadecimalhexadecimal5241 11 месяцев назад

amazing vid, love the osrs music!! you can return to a function thats never called in a program ------> *brain implodes*

@MrSevenEleven Год назад

This is so refreshing, in a sea of lame-ass videos of dudes with Guy Fawkes masks talking about "hacking like Mr. Robot." I love your videos.

@milescolon1793 Год назад

i love your content Crow!

@crr0ww Год назад

appreciate 'cha, thank you so much

@jensnielsen8612 Год назад

Great video! One thing about the secure example, although that specific version is not insecure, it's important to note that dependent on the size of your buffer (even if you only read the buffer size in) can become insecure. When taking input into a buffer with read, it's usually pretty smart to only read untill the 2nd to last byte. Eg. if you have a buffer of size 200, you read in 199 bytes, this is because read does not supply a NULL byte or anything to terminate the string for you. Why is this an issue? If you're for example printing a string where input is supplied with read, and you're printing using the %s modifier. Printf will print untill a NULL byte is hit. If your buffer happens to be 8 byte aligned the user may fill up the 8 byte buffer completely, without a NULL byte. The printf will subsequently print those 8 bytes and whatever is found in memory afterwards, if whatever is found happens to not be a NULL byte. This is a leak primitive. As an example I took your secure program and changed the buffer size to 256 and the read size to 256. So char buf[256] and read(0,buf,256). Output looked as follows: AAAAA..

@crr0ww Год назад

:O that was fascinating... (you really DO learn something new everyday xD)!! seriously, thank you so much for such a detailed explanation; I had a blast reading this and will definitely try to tinker with this soon (right now, I'm following the malloc maleficarum and working on the house of force - really exciting stuff!) :D!! AND THANK YOU SO MUCH for subscribing and the kind words, Jens! :')

@jensnielsen8612 Год назад

@@crr0ww heap stuff is where it gets really exciting! Looking forward to see what videos you might make on it! If you're diving into heap stuff I can recommend using pwndbg instead of peda for debugging btw. As it has bindings for checking the heap and free bins. This makes it a lot easier to keep track of what's going on instead of having to manually parse the heap to figure out what's going on 👌

@crr0ww Год назад

@@jensnielsen8612 I 100% agree; this heap stuff is insanely intriguing (oh and you best believe I'm going to make a video on heap exploitation :)) I've already got pwndbg running and have been using it religiously recently xD, and MAN is it magnificent :D tysm for having this little interaction with me, jens! you really made my day :)

@hoblikdlouhovlasy2431 Год назад

Nice work buddy, keep it up!

@crr0ww Год назад

thank you so so much!! :D

@matteobucci6517 Год назад

This is the channel I've been looking for for aaaaaages

@timlositomusic Год назад

This is an amazing video. Thank you!

@crr0ww Год назад

thank you so much

@Kyle_Hacks Год назад

bro im invested in this channel

@crr0ww Год назад

AA THANK YOU SO MUCH, that's so nice 🥲❤

@offensive-operator Год назад

Broooooooooooooo!!!! please continue manking videos like this one pleasseeeee!. that was really fun

@crr0ww Год назад

thank you so much, that's so nice!! :"D there are some videos planned right now just hold on a littttttle longer ;)

@originalni_popisovac Год назад

im your 99th subscriber, keep going to 100!

@crr0ww Год назад

thank you so so much!! we made it to 100!! :D

@originalni_popisovac Год назад

@@crr0ww man you have 344 subs now

@crr0ww Год назад

@@originalni_popisovac it's so crazy!! i know the channel has been growing so fast : )

@mofokenginnocent6378 Год назад

i love it just needed a reminder

@realjame Год назад

Cool video, hope you go viral soon.

@crr0ww Год назад

i REALLY appreciate that, thank you so much! :)

@ajayshripal4027 2 месяца назад

Best video made on buffer exploitation

@antruong7174 7 месяцев назад

best quality channel

@arandominternetuser5614 Год назад

first video? this is great!

@crr0ww Год назад

thank you so much!! that means so much to me :'D

@sperpflerperberg8147 Год назад

This was an awesome video!

@crr0ww Год назад

thank you so much! that’s so kind of you :) i’m glad you enjoyed it

@CloseCallss 10 месяцев назад

i swear your so entertaining how do you evencome up w this

@recomended4494 Год назад

0x41414141 Loved the video, I never really understood buffer overflows even though I have been exposed to it for a while. The video is well structured and the comedy makes the digesting of such technical information smooth. May I know what OS you're using? It looks really cool. Thanks again for the video, expected to see a lot more on technical/niche cyber topics.

@crr0ww Год назад

0x41414141 🫡 Thank you so much for the comment, I'm so glad you enjoyed it; that makes all of this super worth it

@abhishekkaith1686 Год назад

Time to write every program in rust 😅

@laurentiustefan398 Год назад

It is as if all the brain of the internet condensed into this channel

@noorkhara1429 Год назад

this video made me giggle as well as taught me something

@crr0ww Год назад

i'm so glad!! thank you :)

@tabotkevin8116 Год назад

Hello Crow, I love your content and I just stumbled on it yesterday. One other thing caught my attention, please can you make a mini series showing how you mod(riced) your operating system, and the fonts and zsh shells and theme you are using? It looks so good!

@crr0ww Год назад

thank you so much!! that means so much to me :') and of course! i have a ricing/modding series already planned for the future, stay tuned! :D

@taurusrising5243 Год назад

Heeyyyy!! Mama Murphy approves this channel!! Much love buddy!!

@crr0ww Год назад

AAAA THANK YOU SO MUCH!

@roxel849 Год назад

LOVE your way man. +1 sub

@crr0ww Год назад

thank you so much! :D

@gabrielguedes197 11 месяцев назад

Amazing video! tltr - can you tell me which programs you have been using to making your videos? I have been thinking about making videos like yours, but in Portuguese (I’m from Brazil), and with a defensive approach/perspective. But I have no idea how to do it, I just have the content knowledge and some digital notes. What kind of programs I have to learn about, to make an animated video like this

@wetfish412 Год назад

absolute gold

@F16_viper_pilot Год назад

0x41414141 Happened to stumble upon your channel recently, and quite happy I did. As a very seasoned (old) IT guy, I find your videos highly educational, and I love your sense of humor and all the little drawings and such! Keep up the great work!

@crr0ww Год назад

thank you so much! : ) im so glad you enjoyed it, that's very kind of you

@donmo1461 Год назад

Awesome!

@crr0ww Год назад

you’re awesome

@CuriouslyWatching Год назад

0x43434343 15:34 You just dissed all the Indians in all tech comment sections😈😈😂

@BruceAlmighty1 Месяц назад

Osrs music made this video 10x better, gg

@SpaghettiRealm Год назад

Great content. Subscribed!

@crr0ww Год назад

thank you so much, yassine! :D

@SpaghettiRealm Год назад

@@crr0ww thank you for producing such an informative and entertaining content. Keep up ♡

@Cdaprod Год назад

This is my jam

@flightman2870 Год назад

39 seconds into the video *Subbed cos good animation

@crr0ww Год назад

thank you so much!! :D

@bdnugget Год назад

The Runescape music was confusing since I'm playing it while watching this vid but the music doesn't match the area where I am in the game

@crr0ww Год назад

LMAOOO mb XDD

@Gobillion160 Год назад

amazing video

@crr0ww Год назад

appreciate you

@HTWwpzIuqaObMt Год назад

Οh thats some good content. I guess im your 47th sub hahah keep it up

@crr0ww Год назад

i will always remember you, lil skeleton >:) thank you so much

@HTWwpzIuqaObMt Год назад

@@crr0ww ❤️

@aalekhmotani3877 Год назад

Amazing 🔥

@crr0ww Год назад

hehe tysm bro! :D

@neuxell Год назад

every time i hear that runescape music, all i can think of is waiting literal hours to play the game, just on that menu...

@crr0ww Год назад

trust me, i feel you. there is no game like runescape : ') just hearing the music and editing it brought me back straight to lumbridge. those were the days :')

@marcoantonio7648 Год назад

YES, Harry Potter hacking mad. The videos that I need in MY BLOOD

@crr0ww Год назад

😂😂 LET’S GOOO tysm for commenting xD

@korsate Год назад

nice video! i am now hacker boy 9000

@crr0ww Год назад

glad to be of service, hacker boy 9000!

@victorbonato843 5 месяцев назад

pretty cool

@mr_0_0 Год назад

Damn the algorithm is in your favor man

@crr0ww Год назад

looks like my sacrifice to the youtube gods actually paid off >:)

@davidwong2836 Год назад

I logged in my Google account just to liked and say that I enjoyed all your content!

@crr0ww Год назад

i appreciate that so much, thank you! : )

@samthelamb0718 5 месяцев назад

you should make a video about heap exploitation, or maby a series??

@raphaelradespiel9970 Год назад

Thank you father log. Great video, in gonna go overflow some buffers now

@crr0ww Год назад

of course my son, thou shall floweth over any buffer thou shall see ❤️🥹

@raphaelradespiel9970 Год назад

@@crr0ww father is it biblical cannon to tattoo 0xDEADBEEF on my arm?

@crr0ww Год назад

@@raphaelradespiel9970 if the necro-cow calleth to you, let thine deadbeef in >: )

@raphaelradespiel9970 Год назад

@@crr0ww thanks mate, in all seriousness, I really enjoyed your video. Got me in the mood to try this out. Good balance of e entertainment and education

@crr0ww Год назад

@@raphaelradespiel9970 thank you so much that means so much 😭❤️❤️

@DexieTheSheep Год назад

Great explanations! Just curious, does that background music use the Mother 3 soundfont?

@crr0ww Год назад

thank you so much for commenting! :D ahhh as much as i love the mother/earthbound games and music, I didn't use it here : ( I used music from a game called "old school runescape" : )

@DexieTheSheep Год назад

@@crr0ww ah i thought the timpani and the high hat sounded familiar but ig not. :)

@ruycr4ft Год назад

Nice video! Stack Based BoFs are cool, but an idea, what do you think about ROP BoFs? I think those are the most triky ones ahahahahah Anyways, very cool video!!

@crr0ww Год назад

thank you so much! ROP is definitely one of my favourite techniques, there are also some variants of ROP itself XD (sROP, etc.), I'll be sure to cover it :>

@every0ne Год назад

What'd you use to make this video? It looks great

@crr0ww Год назад

tysm : ) i used davinci resolve to make this (& all my other vids)

@LetsPkBro Год назад

Hey crow just curious - first time learning about some of this stuff. What if their are no functions "worth exploiting" if that makes any sense. I guess the idea is that it gives you access to return any function within the program itself and that's beneficial but seems like it could be pointless if their is nothing worth exploiting? Can you do any function "injection"? That might not make any sense haha.

@crr0ww Год назад

hey, that's actually more common than what you might think! : ) in that scenario, it's a bit trickier but it can still definitely be done. that's when you'd want to look at something like using ROP for your exploit(s) :) hope that helps

@user-hk3yv2jg4o Год назад

what os is this? and thanks for the great content!

@crr0ww Год назад

thank you so much

@cynical5062 Год назад

Cool video!

@crr0ww Год назад

thank you so much! : )

@cynical5062 Год назад

@@crr0ww Of course! I'm always happy to hand out credit where it's due (and it's definitely due here). Your art style is cute and your videos are informative. Keep it up! Have a nice day, cheers from Canada!

@lukasm09 10 месяцев назад

so we were given a task in university where we should exploit a program with a buffer overflow as we were learning about assemly at that time. Didn't understand shit so that's why i'm here. BUT: Can you actually expect to face programs where you can use buffer overflows or is software secure enough for that?

@crusader_ 3 месяца назад

How's your xxd printing ascii on the right? my one only shows hex values in output

@comosaycomosah Год назад

Hmmm your voice sounds familiar but didnt recognize old channel

@costelinha1867 Год назад

This video is kinda interesting... although I also find it super scary that I find this video interesting.

@crr0ww Год назад

ahhh balanced as all things should be >:) thank you so much!

@DONTLAUGH Год назад

High quality

@crr0ww Год назад

thank you

@mikey10006 Год назад

Good video :)

@crr0ww Год назад

thank you so much :D！

@Mauzy0x00 Год назад

I'm happy I ran into this video.

@crr0ww Год назад

thank you so much : D!!

@Mauzy0x00 Год назад

@@crr0ww :) Subscribed, I’ll be following your content

@crr0ww Год назад

@@Mauzy0x00 YOU'RE THE BEST TYSM 😭♥

@antonlomakin7872 6 месяцев назад

Hey, somehow I am facing "not found in pattern buffer" when trying to find an EIP offset. What could be the reason and do you have some guidelines where I can look deeper in this EIP process? thanks!

@droot-tc4sk Год назад

Nice desktop environment. Could you please share your desktop environment configuration details

@crr0ww Год назад

sure : ), i might put the config files up eventually but for now, here's what I'm working with: OS: kali WM: bspwm bar: polybar compositor: picom launcher: rofi notifs: dunst terminal : alacritty colourscheme: catpuccin mocha font: iosevka hope that helps! :)

@adamvalt6609 Год назад

Hi, amazing video about the basics! what is the poffset tool used at 13:51? 0x41414141 :)

@crr0ww Год назад

hi thank you so much for the sweet comment! oh, and 0x41414141 🫡

@adamvalt6609 Год назад

@@crr0ww oh, so tools from metasploit. Thanks!

@SomeGuyWatchingYoutube 2 месяца назад

If you have a FreeBSD router, with 1024 rx and tx descriptors is it more or less safe to give windows 1023 rx/tx buffers or 1025 rx/tx buffers?

@alexander_adnan Год назад

This sounds like Chicago or LA

@sinatra02 Год назад

mouse!!!

@crr0ww Год назад

where??? kill it!!

@viktorvertesi8565 Год назад

Hello Guys! Does anyone know what distro is he using and also the customization on it? Would help me a lot! Thanks :) Great vid!

@crr0ww Год назад

hey! just using kali that i riced up a bit : ) I might make a dedicated repository with my config files, but here's what I'm working with rn: OS: kali WM: bspwm bar: polybar compositor: picom launcher: rofi notifs: dunst terminal : alacritty colourscheme: catpuccin mocha font: iosevka hope that helps

@viktorvertesi8565 2 месяца назад

Thanks @@crr0ww for your reply! still lovin' your content!

@dawsondittus4785 Год назад

So even if there is an exploitable buffer in someone code, if you don't have access to a function that is also useful, then it doesn't really matter? Assuming RX/DEP is present?

@user-hd3pz2ow1b 4 месяца назад

nice

@yeoh4001 Год назад

Hey, at 12:24 the command r < pattern.txt, when r is some kind of alias (as i got it). What is the full command?

@crr0ww Год назад

hi, the "r < pattern.txt" is the same thing as running "run < pattern.txt" : ) hope that helps

@fateennavid Год назад

Hello! I am actually learning these stuffs and also about cybersecurity in general as a newbie, and I want to ask something. If you come across this comment, please feel free to answer :3 I have been getting SIGABRT error instead of SIGESEV error as mentioned in the video, been facing some problems for that. Can anyone explain why and how is this happening? and also, how to bring sigesev error as demonstrated?

@DaniloTodorovic 11 месяцев назад

I have had the same issue. I tried writing more characters into the buffer (for example, 5000 worked for me in the sense that it gave me SIGSEV error, but the contents of my EIP (RIP in my case) register are not repeating 'A's but (vmovdqa ymm1,YMMWORD PTR [rdi+0x1]) instead. I would like to know what the issue is as well. Edit: I just thought of this, but could the issue be with the CPU architecture, since I have an AMD CPU? Could the difference between Intel and AMD CPUs be causing the difference in behavior?

@jaramaster1498 Месяц назад

Hey, What linux distro you using?

@supreme-erg9875 Год назад

what version of gdb are you using?

@crr0ww Год назад

in this video, i was using gdb-peda: github.com/longld/peda

@detroilions11 Год назад

What font are you using?

@crr0ww Год назад

hi, it's "iosevka" hope that helps : P

@helloworldtest Год назад

which os are u using mate?

@crr0ww Год назад

just a simple little kali vm :)

@8-bit510 Год назад

what color scheme you are using ?

@crr0ww Год назад

cattpuccin mocha! : )

@opusdei1151 Год назад

What kind of shell are you using?

@crr0ww Год назад

ZSH : ) the terminal is alacritty with a cattpuccin mocha colourscheme hope that helps

@opusdei1151 Год назад

@@crr0ww Thank you very much

@user-jl9ox9ln8x Год назад

Do you use arch?

@crr0ww Год назад

i do! (arch btw

@yashsakhare5399 8 месяцев назад

Could've been made more easier if explained slowly while typing and doing instead of explaining first and doing it practically, later in which we miss some points which are not effectively described. But good stuff if you already know ASM and have a basic idea what buffer is..

@wesleyoliveira6570 Год назад

What about rust binaries? Is it possible?

@crr0ww Год назад

100% it's definitely possible to have buffer overflows occur in rust binaries; albeit it's a bit harder because rust is definitely one of the more "memory-safe" languages out there (from what i've seen/heard, i've yet to actually program in rust) thank you for commenting : ) !

@s_i_m_o_n_e_n_g_e_l Год назад

Does rust stop this?

@crr0ww Год назад

from what I know about rust (not a rust programmer unfortunately xD), it's a very "memory-safe" language that has a really good garbage collector, a borrow checker, and other mechanisms to prevent attacks like this. Although, you could 1000% still force this vulnerability to occur within rust code