Pwntools & GDB for Buffer Overflow w/ Arguments (PicoCTF 2022 #43 'buffer-overflow2') 

Don't be sorry. It is important for people that are new to programing to see that despite how talented and or expierenced one is that we stil can get stumbled up on things even if it is a miss spelling that can eat away hours of your time. Great job as always and thank you.

I'm trying to get started in the infosec field after completing an unrelated undergraduate degree. It's fascinating stuff, but it's very easy to get discouraged. Seeing John encounter difficulties and work around them is inspirational. If a seasoned pro has a hard time with PicoCTF, that makes me feel a lot better about having a tough time applying the theory I'm learning.

thanks for the video! it'll help a lot for the upcoming cyber apocalypse

Thanks for all the work you do it's very educative can't wait to see the next one

I'm currently learning exploit development, ur vids r rly helpful man, they give me a general idea for such things

Thank`s you John.

Super cool, hadnt seen pwntools or gef before this, but I love how clean that exploit script looks once it was done.

super informative video!!

Very nice

Seeing you struggle was so inspiring and encouraging. If you also have trouble sometimes then it's okay for me to struggle with almost all of the challenges 🤣

Great python pwntool and gdb tutorial

You the best!

Nothing to be sorry about, John. The topic of these videos require a longer video. I love working along on these with you and I feel good when I figure things out around the same time you do, or at least I understand what you're talking about. It means I learned well form your videos so far. Thank you!

I take a stab at Advent of Code every year, usually hitting the wall a bit over halfway through, and all I wanted last year was to make it on a leaderboard for the first time. I knew I'd have to do it with the easiest challenges in the first week, and it eventually happened to where I had "completed" a challenge fast enough that I would've finally made it. I was done and working in under two minutes... or I would have been except I had that same + instead of += typo on a line. It took me another 30 minutes of trying to find nonexistent bugs like index errors or off-by-ones before I realized the problem.... so maybe this year will be the year instead. As others have said don't beat yourself up over it because it happens to the best of us. At the same time showing these occasional struggles over simple oversights greatly humanizes the process. It reminds us that even professionals can tunnel vision themselves away from a solution that was firmly in their grasp. Keep up the awesome work, John!

Pwn tools seems to be targeting walk throughs which is hell helpful !!

Huntington beach California here

Hello, John! Read about subparser for argparse ;)

John please do more videos related to Buffer overflow ...

I'm sure John knows this and is just using argparse manually to learn and teach. But, for anyone interested, `pwn template` actually gives you a template for your exploit including local/remote support.

cool

Arg 1to transfer arg 2

John, these are great vids- thanks! just starting out and really like rev eng but aside from CTF's , how is this an in demand skill for the real world?

Very cool! How many hours you spend per day doing this stuff before you know what you're doing from daily work to late night I suppose? :)

Hi John, thanks for another great video! I have a question about reading the value of ebp, when you have set it to cafef00d. I know the ebp+0x8 is cafec00d but when I do the "x $ebp+0x8" it prints " \360\376\312 \360\003". Why is that? 🙂

dude i did pretty much the exact same thing, i dont understand that when i put the address of win it would jump there and anything following that would just get moved into the eip register preventing me from stepping through win.

Part 2

Integer value given? Integer over /underflow what tlime.

I don’t know Seth Rogan was in infosec

Not 0?

44:58 armchair programming here, but (not x OR no y) is just (x AND y)

man still playing pico ctf 🕴..

Byipas

R vilu number what uuink k collections.

f̸̫̱̑̒͋͂͐͋̋̐̕u̶̼̻̦̥͔̍̈́͒̆͗̃̀͂͆̚z̶̨̨̢̛̲̰̯̹͍͚͕̒͑z̸̡̛͙̖͖y̵̪̜̞͇̜͕̏̅̈́͌̀̎̕L̶̢̛̫͉͓̙̏͛̓̈́̽o̴̪͈͓̮͐̋̐̇͒̑͊̊̕ģ̷̭͕̽͊̈́̋̀͛́ỉ̵̼̮̹̖̙̣̘͔̞͜c̵̙͙̍̈́̈́̄͆̌̆̈́͘F̶̦̈̆̏̊̈́̈́͘͝Ṭ̴̛͙̺̰̬͇̫̟̞̃̀̈́́̚̚͝W̶̬̺͓̯͕̿̒

Haaa part 2, 3, 4 opening 🪟