Exploiting Return Oriented Programming (ROP) tutorial - Binary Exploitation PWN101 скачать в хорошем качестве

Exploiting Return Oriented Programming (ROP) tutorial - Binary Exploitation PWN101

ROP tutorial step by step, explained in detail. We will understand how Return Oriented Programming works and how to use this exploitation technique to abuse (exploit) vulnerable binaries. We will understand the theory behind the technique and later put it into practice by exploiting an actual challenge from ROPEmporium. In order to understand ROP, the most important thing is to understand what the RET instruction does (which are its effects) when it gets executed. Knowing how the ESP/RSP and EIP/RIP registers are affected by it is fundamental. We can achieve the desired behavior by chaining together ROP gadgets (creating a ROP chain), abusing a buffer overflow and hijacking the exaction flow. Some quick notes after uploading the video: I forgot to include a good ROP reference from Exploit DB (Shaif El-Sherei): https://www.exploit-db.com/docs/engli... A ROP gadget is any instruction sequence that ends with an instruction that modifies the RIP register, typically a RET (but it could be any other instruction, like JMP). In the video, in order to keep things simple, I mentioned only the RET case. Yes, around 14:45 I mispronounce the word "contriving" :( References to learn more about ROP: ROP Emporium: https://ropemporium.com/ FuzzySecurity: https://www.fuzzysecurity.com/tutoria... Code Arcana: https://codearcana.com/posts/2013/05/... CTF101: https://ctf101.org/binary-exploitatio... Rapid7: https://www.rapid7.com/resources/rop-... Wikipedia: https://en.wikipedia.org/wiki/Return-... Information Security Lab: cs6265/2019/tut/tut06-01-rop.html Ired.team: https://www.ired.team/offensive-secur... Tools to find gadgets within a binary: ROPgadget: https://github.com/JonathanSalwan/ROP... Ropper: https://github.com/JonathanSalwan/ROP... Pwntools' ROP: https://github.com/Gallopsled/pwntool... Radare2: https://radareorg.github.io/blog/post... 00:00 - Intro 00:47 - More references to learn ROP 01:29 - What is ROP? 02:55 - What are ROP gadgets and chains? 04:19 - The RET instruction 06:06 - Drawing the RET instruction (legit epilogue) 07:53 - Drawing the attack 12:43 - Checking binary protections 13:43 - Executing the binary 13:56 - Crashing the binary 14:15 - Reversing the binary 14:50 - Spotting the vulnerability 15:30 - Reversing the binary 16:00 - Spotting a call to system() 16:36 - Starting to write the exploit 17:22 - Reversing the binary 17:37 - Calling convention of x64 18:24 - Checking strings 18:33 - Spotting the command to pass to system() 19:10 - Tools to find ROP gadgets 20:07 - Finding ROP gadgets in the binary 21:20 - Writing the exploit 22:38 - Drawing the exploit 25:00 - Executing the exploit 25:17 - Exploitation successful 26:00 - Outro[*] Exploit code, not people. LinkedIn:   / razvioverflow   Did you like the video? Found it useful? If you feel like lending a hand consider buying me a coffee (or three ☕), it really helps! https://ko-fi.com/razvioverflow https://paypal.me/razvigg Twitter: @Razvieu *Outro track: Etsu - Selcouth GG