I've been Hacking for 10 Years! (Stripe CTF Speedrun)

Подписаться 886 тыс.

Просмотров 67 тыс.

50% 1

Celebrating my 10 years of hacking and my 7 years on RU-vid!
In 2012 I came across my first hacking CTF. Stripe organized a Capture the Flag competition with 6 levels to learn about different vulnerabilities. This is what it all started for me.
Cyber Security Challenge Germany: cscg.live
NFITS donations: nfits.de/spenden/
Stripe CTF Announcement stripe.com/blog/capture-the-flag
CTF Wrap Up web.archive.org/web/201205311...
Files/Sources: github.com/stripe-ctf/stripe-ctf
io.smashthestack: io.netgarage.org/
ey! Look for patterns • ey! Look for patterns
Sudo Exploit Walkthrough • How SUDO on Linux was ...
GitLab 11.4.7 Remote Code Execution - Real World CTF 2018 • GitLab 11.4.7 Remote C...
Chapters:
00:00 - Background Story
01:27 - The StripeCTF Blogpost
03:11 - Setting up StripeCTF VM
04:01 - level01: system()
05:50 - level02: PHP Path Traversal
07:10 - level03: Array OOB
10:57 - level04: Buffer Overflow
14:13 - level05: Python Pickle
17:04 - level06: Timing Attack
19:28 - CTF Playing vs. Reading Writeups
20:57 - level06: Blocked I/O
24:21 - Reflecting on the CTF
26:02 - Cyber Security Challenge Germany
28:03 - To Be Continued...
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Instagram: / liveoverflow
→ Blog: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow

Наука

Опубликовано:

27 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 119

@joeymelo2882 2 года назад

"Evil revo wolf" is a great hacker name tho!

@vaisakhkm783 2 года назад

Of course🤣

@d3adstarr 2 года назад

Yes lol

@pwnearth5505 2 года назад

😂

@Emre-qc6cf 2 года назад

agreed:) cTfOv3R again after these ten years with a more sudden and brutal way:)

@kylethecat6398 2 года назад

PwnCat

@flow-xx8dx 2 года назад

I totally understand the high one gets from first shell execution (it was immensely rewarding for me). CTF is really awesome. Although I am not into cyber-sec, I enjoy these videos and actually helps me become aware of vulnerabilities! It would be cool if you would like into exploiting neural networks too. Since there are lot of organization using NN these days, it definitely has a lot of attack space!

@CurrentlyObsessively 2 года назад

Like what?

@HA7DN 2 года назад

It is always amazing to see someone taking what is started to be their hobby to the level you did. Congratulations for you 10 years, I see you enjoyed every second of it, and that is the most important about it. Thank you for making educational videos about CTFs, I am sure you inspired many of us to start a career in IT sec, and even more to start playing CTFs as a hobby. We are very grateful for your inspiration!

@antruong7174 2 года назад

Congrattulations ♥️♥️ you’re the one who helps me a lot when i start this career

@secinject814 2 года назад

Thanks for all your hard work and content over the years, I highly appreciate it!

@jpierce2l33t 2 года назад

Congratulations man, love your videos and your passion for this stuff is downright *contagious!* And as we all know, that's definitely what it takes!

@sofiaknyazeva 2 года назад

First congrats! I learn something new whenever I got your amazing live tests with great explanations. Keep it up, it is huge knowledge for everyone, who is interested in CTF and vulnerability research. Alright, let's continue. Peace.

@MeriaDuck 2 года назад

24:10 That final solution looks like how hacking is displayed in movies! The hours and hours that lead up to that point are just not as cinematic. -edit- more precise timestamp

@malbacato91 2 года назад

one of LO's older challenge writeups had one of these he had done deliberately with the /r trick. don't think I'll find it tho, 7 active years on youtube really doesn't lend itself for searching obscure clips like that

@Schwuuuuup 2 года назад

Kudos for the was of presentation: the retrospective explaining as a voice over for a recorded screen capture with split-screen, that looks and feels like you are doing it "right now" is quite engaging. On the downside it promotes the idea, that hacking is fast like in Hollywood movies and not some tedious hour long labor... but you mention it all the time, how long it takes, so it's fine by me.

@jefeke76 2 года назад

congrats for your 7 years youtubing and doing an amazing job at it. Continue to spread the hacker manifesto spirit !

@RicoNNect82nd 2 года назад

Thx for sharing your experience from the days back then.. Cant stop being amazed 😮

@exit81dave 2 года назад

This was the first CTF I ever finished and the shirt is one of my prized possessions. Thanks for the memories

@logiciananimal 2 года назад

Congratulations on your achievements!

@ashleypursell9702 2 года назад

congrats! 10 years of infose twitter tho might get to me personally id be dead inside

@josephseth5318 2 года назад

Happy 0x0Ath Anniversary coach 🥳, you've been a superb teacher for 0x0A Years

@dhinaperfect 2 года назад

Congrats 👏 👏 man you're great keeping doing

@MygenteTV 2 года назад

Man! you are on a level of your own. this is crazy, the stuff you know not everyone knows it

@Jennn 2 года назад

How Fun~! Thank You for Your Contributions to the World ❣️

@horsied 2 года назад

I took a RE class in Uni and this reminded me of everything I learned. thanks

@itaybarok9405 Год назад

Great Video. Cool CTF

@user-ko7oo2qg1g 2 года назад

Haven't watched the full video yet. But first, Congratulations!👍👍 The kind of thorough understanding you've gained over these years, most people don't reach that level even after having 20-25 years of experience.(It's my opinion based on the kind of people I've met) I think it is mostly because not everyone has the same mindset about this field, career, and life in general. And that's actually sad. Keep making great content! Back to the video..

@satyajitchandankar418 2 года назад

@S how did you put an image infront of your name in your youtube username

@SuperSohaizai 2 года назад

@@satyajitchandankar418 that's a badge, which shows the user joined as member

@satyajitchandankar418 2 года назад

@@SuperSohaizai omg

@syedimran90 2 года назад

Congratulations 🎉🎉🎉🎉

@TheWarriorOffHardcore 2 года назад

Congratulations!👍👍

@git-tauseef 2 года назад

Back then 10 yrs you were still 20+ yrs ahead of me 😂❣️

@vaisakhkm783 2 года назад

🙃30 + ahead of me....

@TheConstantLearnerGuy 2 года назад

You have been inspiring me for last 5 years.

@Mrx-dw4py 2 года назад

@Liveoverflow congratulations bro... Already 10 years making and learn hacking

@logmanoriginal 2 года назад

I'm late to the party but nonetheless, congratulations for your 10+7 years anniversaries :)

@Emre-qc6cf 2 года назад

Lovely. Well spent 10 years. Thank you very much for being such a great inspiration @LiveOverflow. Your "wolf" is not "live".

@fabiorj2008 2 года назад

Hi, Its a nice video and a nice ctf. One VM with a lot of concepts to learn. There is no more this today.,

@dimaswiki6550 2 года назад

Thx for what I learned in your channel, this channel is very helpful for me. once again thx "evil revo wolf"

@haraprasadghosh2727 2 года назад

Congratulations

@markuscwatson 2 года назад

I love this channel

@Xdavidel 2 года назад

Very inspiring. BTW, notice in challenge 6 the the dots are printed to stderr while echo write to stdout. This means you could send stdout somewhere else (i.e. 1>/dev/null) and attack again using the dots as correct character indicator.

@LiveOverflow 2 года назад

Wouldn’t work, because the problem is not that it’s printed on a different pipe. But that it forks and prints.

@Ben68tv 2 года назад

Congratulations 🎉😁 can you recommend someone in German who makes videos about it? I would also like to switch to IT security, but learning extra English at the same time will then be too much 🙈

@soreat_u6230 2 года назад

The experience of learning new things by reviewing the past is 温故而知新.

@jerryplayz101 2 года назад

18:40 - if the for loop is synchronous, couldn't you inject into the loop and override control - with return pointers and whatnot - RCE style??

@SoreBrain 2 года назад

More videos like this!

@donzabonanza 2 года назад

Very talented guy

@secureitmania 2 года назад

I start my journey in 2016 by doing overthewire bandit CTF shell games.

@lame_lexem 2 года назад

9:10 aww thanx for shutout "evil wolf" :)

@Th31nf1d31 2 года назад

I went from understanding and following you at level02 to being completely lost by level03... I always think, yeah I'm ready to start my offensive security journey, then you pull the rug from under me and I realise I'm not even close.

@xdtimetoastergaming273 2 года назад

dw you will get there one day, just keep practicing and learning and having fun. try not to focus on the huge goals that you arent ready for.

@Th31nf1d31 2 года назад

@@xdtimetoastergaming273 Thank you for the kind reply 🙂. You are right. I would love to turn a passion into a career, that could support my family. That is where I am putting too much pressure on myself! Peace x

@Mr.Exquisite 2 года назад

Lol you really must be into 'reversing' (pun intended) when even the 32-bit little-endian representation of your nick totally makes sense :D Greetings from Austria!

@j3r3miasmg 2 года назад

It's kind of hilarious that protostar is still in your list of VMs (03:38).

@adamhuk3624 2 года назад

Great video, I like the different types of attacks/challenges. I understand that using python2 for exploitation is often easier and more code can be found especially on older writups. But could you try and use python3 in the future?

@adamhuk3624 2 года назад

Sorry, I actually realized that you were running these on the old vm,so python2 is most likely all it had

@LiveOverflow 2 года назад

exactly ;) for personal use I have moved completely to python3

@megumin_6548 2 года назад

Evil Wolf is such a great name

@sykta0036 2 года назад

Für ein Anfänger den selbst SSH-Zugriff überrascht hat, mit wenigen Programmierkenntnissen so ein schweres CTF zu schaffen, Hut ab! 🎉 Hast du Literatur welche du empfehlen würdest? 😄

@asantoshkumarachary2692 2 года назад

❤️❤️❤️

@jaymarkmarquez7633 2 года назад

What an amazing 10 years past. I still have a long way to go.

@beanyys1158 2 года назад

Is there still anything like stripe CTF on the internet that covers the same stuff that S CTF covered?

@0xbro 2 года назад

I really liked how this video was set up. The technical content is always great, but I really liked the exposition and execution of this video. Did you abandon full script writing in favor of bullet points to make it? Or did you memorize parts of the script and just play them as if they were improvised? I know it's a bit of an odd question, but I'm really fascinated by the making and behind the scenes of your videos (in addition to the content itself, of course).

@LiveOverflow 2 года назад

I read it all off the screen and teleprompter;) full script as always

@0xbro 2 года назад

@@LiveOverflow Wow, I would have never imagined that! Really well done :) Thanks!

@jan-lukas 2 года назад

CSCG is indeed a great opportunity to start hacking! There are quite a lot of time intensive but pretty easy challenges, which is exactly what beginners like me should get!

@nafisnur5268 2 года назад

Can u reaally make a video about what is really important you learnt after all these 10 years? What should we as a novice learner focus on ?

@LiveOverflow 2 года назад

CTFs :P

@nomms 2 года назад

Do IT stuff, learn to code, do some programming projects that interest you, do CTFs. Liveoverflow has a video talking about this, it's one of his most popular. The more you understand about how computers work and are architected the easier this stuff comes.

@syedimran90 2 года назад

@@LiveOverflow I am also looking to do but from where should I start...?

@whiteflameME 2 года назад

@@syedimran90 this is what that video is about. Basically gather information about how computers work, learn programming in different languages, and have a mindset of "how can it fail" Look it back. There is no step by step tutorial for that. CTFs are.

@syedimran90 2 года назад

@@whiteflameME okay, But I am week in learning programming language.

@anmol3543 2 года назад

👍🏻

@Chromehounds96 2 года назад

Bro, I'm certified OSCP and a few of these challenges were quite a ways beyond me. How were you able to solve these challenges with no exploitation experience? I am so impressed

@MeriaDuck 2 года назад

Evil revo wolf! ♥

@toxicass100 2 года назад

I've find out challenge on netgarage has been changed and it's got a completely new puzzles. I'm trying to solve it now, but really stuck with level03 with off-by-one overflow. Did someone solved it?

@georgehammond867 2 года назад

are you doing IT jobs interviews for other companies?

@x3ICEx 2 года назад

Transcript (wrong) 0:00 ally. I have been coding throughout my teenage years, and even in 2009 in high school 0:33 I had a class assignments about databases, and I explained SQL injections. So I had

@yy6u 2 года назад

rip cc at beginning

@johnz743 2 года назад

Hi Liveoverflow I tried to follow along your video. but I failed to ssh to level01. it says /bin/bash refused everytime I ssh to level01 account. I try also to search about the problem and tried possible solution but still i couldn't find the solution. please help me to solved this problem I been having this for two days still failed to connect with level01. thank you so much whoever response to my question. 🙏

@hahwul 2 года назад

😊

@tkdevlop 2 года назад

Waiting for this year April 1st

@x3ICEx 2 года назад

Transcript 0:00 i have been in i.t security for 10 years 0:03 and i want to celebrate by going back to 0:06 where it all started i want to go over 0:08 the first vulnerabilities that i have 0:10 exploited 10 years ago and see how i 0:13 think about them today when people ask 0:15 me when did you start with hacking 0:17 usually i say around 2012 because 2012 0:21 is the year when i discovered capture

@m.e.q.l.l.e4465 2 года назад

You really remind me of Christian Slater from Mr.Robot

@shitzu4429 2 года назад

Hi can you teach about Linux and Raspberry pi?

@reastle1307 2 года назад

I am still on the wargames level 2 in bandit wargames 😂

@DM-qm5sc 2 года назад

Are you trying to look like Mr. Robot? Because this is how you start...

@D0w0ge 2 года назад

YESS MINECRAFT

@the_real_cookiez 2 года назад

LOL @ that furry shoutout 👀

@MrTechguy365 2 года назад

The furry shout-out was unexpected

@Zooiest Год назад

unexpected, but very appreciated!

@devchaudhary78 2 года назад

Dude looks like mr. robot

@Roberto_Garcia_ 11 месяцев назад

Hacking involves: Any individual that enters into any device comment using telegraphic signal, today know as digital or analog signal. Hacking must be done on those that are certified to be a threat to each and every United States of North American citizen and/or loved ones. Hacking must be presented to a federal judge by pursued, who must have beyond a reasonable doubt, that the individual(s) are intentionally using their device for purposes of defrauding for any reason against each and every United States of America Citizen or any of humanity on the Global Planet Earth. Otherwise the intent of a hacker can lay upon those supervisor and managers first then the hacker, for overstepping their authorization. A city judge can not give authorization nor a county or state judge is authorized to overstep a federal judges assumed choice to give authorization within the sovernity of the United States of North America.

@malbacato91 2 года назад

I have a bad feeling about something...

@TuRnARePlaY 2 года назад

..wird dringend Zeit für ne neue Kamera.

@LiveOverflow 2 года назад

Willst du mir eine kaufen?

@beanyys1158 2 года назад

@@LiveOverflow lol. I thought this was an old video until I saw the 13 min ago on your comment.

@TuRnARePlaY 2 года назад

@@LiveOverflow habs mir jetzt 4 stunden überlegt aber ich muss dir leider absagen :(

@Krewz 2 года назад

My name is simply “the hacker”

@youAmera 2 года назад

there is target - russia aggression machine! Would be great if you could assist attacking them.

@vaisakhkm783 2 года назад

😶are you going cripto'meme' route!?....

@xghost4469 2 года назад

I'm a skid

@ThistleBlue 2 года назад

Damn Earthers, restricting their CTFs to themselves, but yeah..Martians can GTFO! Belt for life!

@LiveOverflow 2 года назад

I get this reference. Good one! :D

@kh0kh0 2 года назад

huh, for a second I though you meant cryptocurrency mining. phew...

@roomy6 2 года назад

@dantehumbertdavel.5633 2 года назад

@filoofox9934 2 года назад

U look fuckin cute with glasses

@algot34 2 года назад

It was informational but a tint of too much bragging. Saying "I saw the solution instantly" for each puzzle is unnecessary.

@LiveOverflow 2 года назад

It was about reflecting back. I did these challenges 10 years ago for the first time. Of course they are now easy. With this video I can show people that stuff that is hard, will become easy after some time. That’s not bragging. That’s showing you that you can get there too

@user-zi8jn1go8k 2 года назад

I tried to set up this VM and first I got a bunch of errors saying it could not find folders /var/chroot-rw/home/levelXX so I created them manually and the first script was happy (finished with 'Done.' message) Then after sudo /etc/init.d/level05 start I get "Starting CTF level05 python server [fail]" - is that how it's supposed to be?