Learn to exploit a heap overflow vulnerability in a detailed video walkthrough of the "Leek" pwn challenge from Angstrom CTF 2023. Master binary exploitation techniques by following along with a step-by-step demonstration of overwriting null bytes between user input and secret data chunks, manipulating puts() function behavior, and repairing chunk headers for continued execution. Explore essential tools like Ghidra for code analysis, GDB with pwndbg for debugging, and PwnTools for exploit development. Progress through key concepts including heap chunk structure, vulnerability analysis, and remote server testing while working towards obtaining the flag after successfully leaking and submitting random bytes 100 times. Perfect for beginners interested in capture the flag competitions, penetration testing, and offensive security.
Heap Overflow Exploitation Tutorial - Leek Pwn Challenge
Overview
Syllabus
Start:
Patch lib-c pwninit:
Test the program functionality:
Check the binary protections checksec:
Analyse decompiled code ghidra:
Recap of analysis:
PwnTools script:
Setup breakpoints:
Debug with GDB pwndbg:
Heap recap chunk structure:
Reviewing vulnerability / exploit:
Finish PwnTools script:
Test against remote server:
Final recap:
End:
Taught by
CryptoCat
