Ctrl Menu
Web Portal
10:33 May 15, 2021
XSS a Paste Service - Pasteurize (web) Google CTF 2020
Web Portal
_ Minimize
Full View
Guide View
Open
Back
Forward
Go
|<
>
O
>|
10:33 / 11:11
XSS a Paste Service - Pasteurize (web) Google CTF 2020 @LiveOverflow
updated 4 years ago
XSS a Paste Service - Pasteurize (web) Google CTF 2020
LiveOverflow 2020-09-09 | Easy web challenge from the Google CTF. XSS a paste service. John Hammond: youtube.com/watch?v=voO6wu_58Ew Gynvael part 1: youtube.com/watch?v=0wUDA0oh8sQ Gynvael part 2: youtube.com/watch?v=OYP9hvy4MHQ Challenge: capturetheflag.withgoogle.com/challenges/web-pasteurize Pasteurize: pasteurize.web.ctfcompetition.com -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Website: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
LiveOverflow 2022-11-28 | Let's talk about how we can implement a reach hack in minecraft. After knowing how it works, it seems so obvious. But it took me over 14h to figure out myself :D Minecraft Protocol: https://wiki.vg/Protocol#Set_Player_Position Community Showcase: EnderKill98 Watch the full playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG Episode 18: 00:00 - Intro TPAura / InfAura 00:51 - Basic Reach Hack 01:59 - Other Player's PoV 02:42 - Extended Reach Attack 04:03 - Basic Implementation Walkthrough 05:04 - Why Stupid Names for Hacks?! 05:21 - Teleport Challenge: The Vault 07:23 - EnderKill98 -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Cat Coordinate Exploit 1.19.2
LiveOverflow 2022-11-20 | I tried to hide a new base far away, but players quickly found it. Let me tell you how they did it. Shoutout to TP-Overflow: P1x3lPro (found cat exploit), Overlord2036, Enderkill98, 7H3, MonkeySaint, 19MisterX98 Community Showcase: DarkMetalMouse Watch the full playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG Episode 17: 00:00 - Intro 00:24 - 1.19.2 Demo Mode 01:00 - Let's Play: New Base Storage Area 03:44 - Hopper Sorter Plugin 06:08 - Reach Hack Showcase 09:24 - Let's Play: Minecart System 11:14 - Cats in Minecraft are Evil 12:23 - Tamed Cat AI Behavior Exploit 17:14 - Look Direction Triangulation 19:38 - Environments: Snowball Challenge 21:48 - Community Showcase: DarkMetalMouse Coordinate Cracking -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
What is a Server? (Deepdive)
LiveOverflow 2022-11-10 | With this video I explain my ~17y/o self what a "Server" is. We look at server software and servers in datacenters to understand how the word is used. Chapters: 00:00 - Intro to "What is a Server?" 00:47 - Wikipedia Server Definition 01:42 - Game Servers 02:50 - Client and Server Communication 04:30 - Web Servers 05:10 - A Server is just a Program 06:38 - A Server is just a Computer 08:30 - Server Hardware 10:10 - What is Server Software? 11:54 - Servers are Everywhere 14:00 - Related Terms and Thought Experiment 17:04 - Outro =[ ❤️ Support ]= → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join =[ 🐕 Social ]= → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Server Griefed and New Beginnings ...
LiveOverflow 2022-10-31 | I was bullied and kicked out. So I traveled very very far away to establish a new base. In the process I moved the world from 1.18.2 to 1.19.2, forcing everybody to upgrade their hacks and find the new IP. But can you also find my new base? Episode 9 Seedcracking: youtube.com/watch?v=gSxcDYCK_lY&list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG&index=11 Watch the full playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG Showcase: LeBogo, Philipp_DE, Nocturne, AliFurkan and Cheesburger - github.com/homelyseven250/rusty-pinger/blob/main/src/main.rs Episode 14: 00:00 - Intro 02:38 - A New Beginning ... 04:28 - Improved Fly Hack 07:44 - Improved XRay Mod 10:48 - Automatic Farming 13:19 - Trading Bot 16:48 - My New Base 18:01 - The Old Server 19:15 - Community Showcase 20:50 - LeBogo's Placeholder Bot -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
LiveOverflow 2022-10-21 | How bad is it to leak your IP address? VPN providers want us to believe it is dangerous, but I wanted to share my thoughts on the matter. Minecraft:HACKED youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG OALabs about VPNs: youtube.com/watch?v=hR5YOV__gGk Chapters: 00:00 - Intro 01:05 - What are IP Addresses? 01:41 - IP Addresses are Public! 02:24 - Router NAT 03:50 - Legal Implication of Shared IPs 04:35 - DS-Lite / Carrier Grade Nat 05:40 - Static IP Address 06:45 - Impact of Leaking an IP 08:05 - Denial of Service Attacks 09:10 - ISP vs. VPN Privacy Implication 11:16 - What is a Privacy Issue? 12:09 - Leaking Minecraft Player IPs 12:59 - "If you care about privacy, don't connect to anything with your IP" 13:55 - IPv4 vs. IPv6 15:02 - Use TOR! 15:48 - Conclusion 16:44 - OALabs Shoutout -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
LiveOverflow 2022-10-12 | Telling the story how code review lead to the discovery of a common mistake plugin developers make. It also affects worldguard. However is it really worth fixing? Maizuma Games: youtube.com/c/MaizumaGames/videos WorldGuard: github.com/EngineHub/WorldGuard HackForums: hackforums.net/showthread.php?tid=5495770 Episode 13: 00:00 - Intro 01:03 - State of Griefing on the Server 04:00 - Research Motivation 05:26 - Building Club Mate Bottle Challenge 06:08 - Challenge Bypasses 08:24 - WorldGuard Region Entry Protection 09:24 - Code Review of Movement Packets 10:49 - Building the Club Mate Fountain Ruin 11:38 - WorldGuard Bypass Showcase 12:11 - Minecraft 1.9 AntiCheat Bypass 12:55 - Should this be fixed? 14:30 - Community Showcase: DarkReaper Credits/Comments from DarkReaper: Hack based on: github.com/BleachDev/BleachHack Special thanks to wagyourtail for optimizing EventlessFly: github.com/wagyourtail github.com/GreenScripter/sign-restorer Episode 14 Teaser: youtube.com/watch?v=RlKGdMwwRJg -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
The Origin of Cross-Site Scripting (XSS) - Hacker Etymology
LiveOverflow 2022-10-03 | Why is it called "XSS"? Where does it come from and who influenced this type of website vulnerability? Full Playlist "The History of XSS": youtube.com/playlist?list=PLhixgUqwRTjyakFK7puB3fHVfXMinqMSi Hotmail "Attackments": web.archive.org/web/19981205221020/http://because-we-can.com/attackments/default.htm Which freemail services are safe: web.archive.org/web/19981207041804/http://because-we-can.com:80/all/compare.htm Article about XSS: web.archive.org/web/19990117001239/http://www.news.com/News/Item/0,4,25792,00.html ; web.archive.org/web/19990117001239/http://www.news.com/News/Item/0,4,25792,00.html Microsoft Press Release: web.archive.org/web/19990117001239/http://www.news.com/News/Item/0,4,25792,00.html Microsoft XSS FAQ: web.archive.org/web/19990117001239/http://www.news.com/News/Item/0,4,25792,00.html CA-2000-02: web.archive.org/web/19990117001239/http://www.news.com/News/Item/0,4,25792,00.html Chapters: 00:00 - Intro and Recap 01:35 - XSS's 10th Birthday 02:51 - Talking to David Ross 03:47 - Cross-frame Security Issues 04:43 - Hotmail ATTACKMENTS 06:40 - Breeding Ground for XSS 08:05 - Microsoft in 1999 09:48 - "Cross-Site Scripting" Name Origin 11:56 - CERT Advisory CA-2000-2 13:30 - Do you remember XSS? =[ ❤️ Support ]= → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join =[ 🐕 Social ]= → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
LiveOverflow 2022-09-23 | In August 1996, Internet Explorer joined the JavaScript security scene after they added JScript. During this era from around 1996-2000, tons of bugs were found what we would call today "Universal Cross-site Scripting". I find this word confusing, but looking back at the history, we can try to make sense of it. Jabadoo Security Hole in Explorer 4.0: seclists.org/bugtraq/1997/Oct/85 Aleph One on Jabadoo: seclists.org/bugtraq/1997/Oct/87 Georgi Guninski "IE can read local files": seclists.org/bugtraq/1998/Sep/47 Georgi's Resume (HIRE HIM!): https://j.ludost.net/resumegg.pdf "Cross-frame security policy": seclists.org/bugtraq/2000/Jan/93 Episode 01 - First JS Bug: youtube.com/watch?v=bSJm8-zJTzQ Episode 02 - Three JS Security Researcher: youtube.com/watch?v=VtcA58555lY Episode 03: 00:00 - Intro to the "Age of Universal XSS" 01:16 - JavaScript Security in Netscape 1996 01:52 - JScript Vulnerability in Internet Explorer 03:38 - Georgi Guninski: IE can read local files (1998) 05:12 - Who is Georgi Guninski? 06:36 - Georgi Guninski: IE 5 circumventing cross-frame security policy 09:41 - David Ross from Microsoft about Georgi 10:16 - "Cross-Frame" Browser Bugs 11:17 - Universal Cross-Site Scripting 12:15 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
The End Of Humans In Minecraft
LiveOverflow 2022-09-13 | Hackers keep finding my server and ruin everything. Maybe it's time to end it. Watch full series: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG Chunkbase Seed Map: chunkbase.com/apps/seed-map#LiveOverflow61374546 Enjoys Building Spawn House Time-lapse: youtube.com/watch?v=dfPeM2siWOY The random dev setup video I used: youtube.com/watch?v=YOBt2SABHlM Cubiomes: github.com/Cubitect/cubiomes Episode 12: 00:00 - Intro 00:46 - Let's Play: The Item Sorter 02:23 - Let's Play: Exploring Spawn Area 04:05 - Thoughts on the Server Community 04:54 - Let's Play: Plans for the End 05:53 - How I got the LiveOverflow server Seed 06:56 - Tutorial: Defeat The Final Minecraft Level 08:02 - Anti-human Plugin Development 10:09 - How Server Plugins Work 12:41 - Teaser: Jungle Secrets =[ ❤️ Support ]= → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join =[ 🐕 Social ]= → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
The Three JavaScript Hacking Legends
LiveOverflow 2022-09-04 | In this video we talk about the first JavaScript vulnerabilities in 1997, and how the field was dominated by three "XSS" legends. Bugtraq 1997 - LoVerso: seclists.org/bugtraq/1997/Jun/88 LoVerso Website: web.archive.org/web/19970607122219/http://www.osf.org/~loverso/javascript LoVerso dir.html PoC: web.archive.org/web/19970607185809/http://www.osf.org/~loverso/javascript/dir.html Tasty Bits from the Technology Front: web.archive.org/web/19970803213858/http://www.tbtf.com/archive/02-27-96.html TBTF about Netscae 2.0b3: web.archive.org/web/19970803220511/http://www.tbtf.com/archive/12-02-95.html Scott Weston on TBTF: web.archive.org/web/19970803220702/http://www.tbtf.com/resource/b2-privacy-bug.html Bugtraq about Bug Bounty 1995: seclists.org/bugtraq/1995/Oct/12 Episode 01: youtube.com/watch?v=bSJm8-zJTzQ Episode 03: youtube.com/watch?v=gVblb-QhZa4 Episode 02: 00:00 - Intro 00:45 - First JavaScript Vulnerability 02:00 - John Robert LoVerso 03:19 - First Directory Browse Vulnerability 04:16 - Comparison to My Exploit 05:13 - John Tennyson 05:44 - Tasty Bits from the Technology 06:16 - Netscape's Bug Bounty 06:48 - Scott Weston history stealing 08:12 - The Three Legends of JavaScript Security 08:59 - The Year 1996 09:31 - JavaScript can't claim to be secure 10:25 - ECMAScript: JavaScript Specification 11:13 - Next Episode Teaser -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Minecraft Force-OP Exploit!
LiveOverflow 2022-08-25 | We investigate how Herobrine got OP on my server and we look back at the network protocol vulnerability I reported in march. vktec: youtube.com/c/vktec/videos Minecraft Protocol Vulnerability: youtube.com/watch?v=i-2UgCDdhpM Minecraft:HACKED Playlist: youtube.com/watch?v=Ekcseve-mOg&list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG Episode 11: 00:00 - Let's Play: State of Server 03:56 - Let's Play: Massive Roller Coaster! 06:06 - Brainstorming Force-OP Methods 07:39 - Discovering XSS Payload 09:50 - Debugging Root Cause in JavaScript 11:59 - Scanning for XSS Issues 13:39 - Let's Play: Spawn Griefing Mystery 14:23 - Another Minecraft Protocol 0day! 18:05 - AES/CFB8 Self-Synchronizing 20:26 - Security Research Conclusion -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Discover Vulnerabilities in Intel CPUs!
LiveOverflow 2022-08-11 | In this video we explore the basic ideas behind CPU vulnerabilities and have a closer look at RIDL. This video is sponsored by Intel and their Project Circuit Breaker: projectcircuitbreaker.com How to Benchmark Code Execution Times: intel.com/content/dam/www/public/us/en/documents/white-papers/ia-32-ia-64-benchmark-code-execution-paper.pdf Anders Fogh: https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/ Speculose: arxiv.org/abs/1801.04084 RIDL Paper: mdsattacks.com/files/ridl.pdf Foreshadow PoC: github.com/gregvish/l1tf-poc/blob/master/doit.c Sebastian Österlund: https://osterlund.xyz/ Chapters: 00:00 - Intro & Motivation 00:57 - Concept #1: CPU Caches 01:57 - Measure Cache Access Time with rdtscp 05:00 - Concept #2: Out-of-order Execution 06:11 - CPU Pipelining 07:13 - Out-of-order Execution Example 09:19 - CPU Caching + Out-of-order Execution = Attack Idea!! 10:33 - Negative Result: Reading Kernel Memory From User Mode 13:45 - Pandoras Box 14:23 - Interview with Sebastian Österlund 17:24 - Accidental RIDL Discovery 19:31 - NULL Pointer Bug 21:50 - Investigating Root Cause 23:28 - Conclusion 24:24 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Code Review vs. Dynamic Testing explained with Minecraft
LiveOverflow 2022-08-07 | Maybe you are wondering how people can figure out crazy stuff in Minecraft. Generally there are two techniques: dynamic testing or reading code. So which method is better? 2No2Name (original finder) Zombie AI: youtube.com/watch?v=0HvXMFwaYss docm77: youtube.com/watch?v=BoVMWNeVLf4&t=2148s Episode 10: 00:00 - Let's Play: Building Timelapse 01:16 - Code Review vs. Dynamic Testing 02:29 - Example #1: Creeper Farm Code Review 04:10 - Example #2: Fall Damage Dynamic Testing 05:45 - docm77 Zombie Prank on Hermitcraft 06:55 - How to Find The Zombie AI Bug 10:03 - Does it Affect Other Mobs? 11:16 - Other Players on the Server 12:00 - Let's Play: Bee Farm Timelapse -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Self-Learning Reverse Engineering in 2022
LiveOverflow 2022-07-31 | There exist some awesome tools nowadays to accelerate your self-education for reverse engineering. godbolt and dogbolt are amazing to quickly learn basic assembly and reversing. Compiler Explorer: godbolt.org Decompiler Explorer: dogbolt.org C code example: github.com/LiveOverflow/liveoverflow_youtube/blob/master/0x05_simple_crackme_intro_assembler/license_1.c Introducing Decompiler Explorer - https://binary.ninja/2022/07/13/introducing-decompiler-explorer.html 00:00 - Intro 00:23 - Motivation 01:00 - How to c? 02:11 - godbolt Basic Usage 03:40 - Function Call on x64 04:30 - Intel vs ARM assembly 05:22 - godbolt Compiler Options 05:50 - Enable gcc O3 Compiler Optimization 06:35 - Decompiler Explorer dogbolt 07:16 - Comparing Decompiled main() 08:25 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
The Same Origin Policy - Hacker History
LiveOverflow 2022-07-23 | In 1995 Netscape invented JavaScript (LiveScript) and it marked the start of client-side web security issues. In this video we explore this history and learn about the same origin policy (SOP). Cookies Explained: web.archive.org/web/19970605224124/http://help.netscape.com/kb/client/970226-2.html Netscape 2.0b1 LiveScript: web.archive.org/web/20021212124306/http://wp.netscape.com:80/eng/mozilla/2.0/relnotes/windows-2.0b1.html Netscape 2.0b2 JavaScript: web.archive.org/web/20041211182909/http://wp.netscape.com/eng/mozilla/2.0/relnotes/windows-2.0b2.html JavaScript Documentation: web.archive.org/web/19970613234917/http://home.netscape.com/eng/mozilla/2.0/handbook/javascript/index.html Netscape 2.02 Security Fixes: web.archive.org/web/20030711134218/http://wp.netscape.com/eng/mozilla/2.02/relnotes/windows-2.02Gold.html#Security2 Netscape 3: web.archive.org/web/20020808153106/http://wp.netscape.com:80/eng/mozilla/3.0/handbook/javascript/advtopic.htm#1009533 Bugtraq Java Applet RCE: seclists.org/bugtraq/1996/Jun/27 Donate to Web Archive: archive.org/donate Chapters: 00:00 - Intro and Motivation 00:43 - How the Internet Works 01:43 - Online Services in 1994/95 03:08 - JavaScript Released in 1995 04:40 - HTML frames and framesets 05:16 - Cross-Domain Attack Example 06:54 - Fixing the Attack 08:00 - The First Web Exploit? 08:37 - The Same Origin Policy (SOP) 09:35 - Historical Context: Crashes, Java Applets, ... 11:06 - Outro and Shoutout -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
LiveOverflow 2022-07-13 | Some players found my server and imprisoned me... SeedcrackerX: github.com/19MisterX98/SeedcrackerX Texture Rotation: github.com/19MisterX98/TextureRotations Mathew Bolan Seedcracking: youtube.com/watch?v=8CKh4x4iK38&list=PLke4P_1UHlmB8sB1oGdcea4SeBH0yZy5B Episode 09: 00:00 - Intro 00:27 - Reviewing Server Logs 01:53 - Leaking Server IP 03:16 - Other Server Scanning Projects 03:54 - Getting Imprisoned! 05:17 - Escaping the Maze 07:40 - PIN Code Door 08:29 - Jumping Puzzle 09:37 - Failing Final Quiz 10:41 - The Well of Death 12:07 - Seedcracking with SeedcrackerX 13:27 - Attacking Blurry Seed 15:56 - Manual Seedcracking with 19MisterX98 16:37 - Step 1: Copy an Area From Video 18:30 - What is a "Random Seed" 16:37 - Step 2: Finding Coordinates Through Texture Rotation 24:58 - Step 3: Cracking Seed Through Tree Leaves 26:13 - How a Minecraft Tree Generates 26:33 - World Seed, Population Seed, Chunk Seed, ... 32:15 - Text Seed vs. Number Seed -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
A Deeper Look at Hacking Laws
LiveOverflow 2022-07-03 | A deeper look into the german hacking laws to see what kind of actions are illegal. There are some surprising edge cases and lots of room for debates. Obviously this video is not legal advice. I forgot about StGB 263a "Computer Fraud" in this video. It's also interesting to speculate about interpretations, however it focuses on financial losses and your intention to enrich yourself. So as security researchers it's less applicable, because we don't look for financial gains. Useful links: Translated German Criminal Law: https://www.gesetze-im-internet.de/englisch_stgb/ Der Hahn erklärt Cyber-Strafrecht: youtube.com/watch?v=EDqOCxdJSPE 00:00 - Intro and Motivation 01:15 - German Criminal Law 02:57 - StGB 202b - Phishing/MITM 03:55 - StGB 202c - Collecting Credentials 04:33 - StGB 202a - Hacking 04:59 - Example #1: Basic IDOR 06:20 - Example #2: Path Traversal 07:01 - OPTAIN ACCESS to Data 08:25 - Example #3: Minecraft log4shell Scanning 09:30 - Example #4: Technical Limitations? 10:44 - "Vulnerability" or "Exploit" not part of the Law 11:38 - Hacking Attempt is NOT Punishable 12:41 - StGB 202c - Hacking Tools 13:50 - Interpretation by German Federal Court 15:49 - StGB 303a - Data Manipulation 16:50 - StGB 303b - Computer Sabotage 17:13 - Example #5: Hacking a Bank! 18:41 - Hacking with Permissions? 19:50 - Conclusion -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
LiveOverflow 2022-06-24 | Let's explore how Minecraft can be customized. The knowledge we gain from that is very useful to identify interesting attack surface. Timber Forge: youtube.com/channel/UC606Jh3yjNj40dcVuMwtUCw McMakistein: youtube.com/user/McMakistein Information leak in Minecraft 1.8: blog.punkeel.com/2018/09/12/minecraft-18-info-leak Fuzzing Java: youtube.com/watch?v=kvREvOvSWt4 Chapters: 00:00 - Intro 00:44 - Herobrine's Bunker 03:06 - Researching Creepers 05:16 - SUPER FAST BUILD MODE 06:43 - How Custom Models Work 11:33 - Attack Surface Overview 12:44 - Resource Pack Security Research 20:46 - Open Server Experiment -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
The State of log4shell in Minecraft Months Later
LiveOverflow 2022-06-12 | Laws are complicated and internet wide scanning is a bit of a grey area. So I wonder, what is ethical? Did I cross a line? What do you think? Log4shell explained: youtube.com/watch?v=w2F67LbEtnk Log4j in Minecraft by John Hammond: youtube.com/watch?v=7qoPDq41xhQ limited ldap server by leonjza: github.com/leonjza/log4jpwn/blob/master/pwn.py Docker Minecraft Server: github.com/itzg/docker-minecraft-server Episode 07: 00:00 - Intro 01:37 - Let's Play: 05:24 - Building Spider XP Farm 06:05 - Ethical Internet Scanning? 12:20 - Minecraft Hosting Business 19:35 - Log4shell Scan Results 25:45 - Conclusion -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Could I Hack into Google Cloud?
LiveOverflow 2022-06-03 | Google announced the Google Cloud Platform (GCP) Prize 2021 - 133.337$ for the best bug bounty report for the Google Cloud Platform. Reading writeups is important to stay up to date and learn about different attacks. In this video I go over the 6 winners and share my thoughts. This video is sponsored by Google. The announcement: security.googleblog.com/2022/06/announcing-winners-of-2021-gcp-vrp-prize.html Winning submissions: #1 https://www.seblu.de/2021/12/iap-bypass.html ($133,337) #2 github.com/irsl/gcp-dhcp-takeover-code-exec ($73,331) #3 mbrancato.github.io/2021/12/28/rce-dataflow.html ($73,331) #4 irsl.medium.com/the-speckle-umbrella-story-part-2-fcc0193614ea ($31,337) #5 https://lf.lc/vrp/203177829 ($1001) #6 docs.google.com/document/d/1-TTCS6fS6kvFUkoJmX4Udr-czQ79lSUVXiWsiAED_bs ($1000) GCP Prize 2020: youtube.com/watch?v=g-JgA1hvJzA GCP Prize 2019: youtube.com/watch?v=J2icGMocQds Google Paid Me to Talk About a Security Issue! youtube.com/watch?v=E-P9USG6kLs Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046 youtube.com/watch?v=kvREvOvSWt4 ---- 00:00 - Intro GCP Prize 2021 01:05 - 6. "Command Injection in Google Cloud Shell" by Ademar Nowasky Junior 03:36 - 5. "Remote code execution in Managed Anthos Service Mesh control plane" by Anthony Weems 08:31 - 4. "The Speckle Umbrella story — part 2" by Imre Rad 11:33 - 3. "Remote Code Execution in Google Cloud Dataflow" by Mike Brancato 15:47 - 2. "Google Compute Engine VM takeover via DHCP flood" by Imre Rad 20:12 - 1. "Bypassing Identity-Aware Proxy" by Sebastian Lutz 22:42 - Summary and Conclusion 23:58 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Scanning The Internet for Minecraft Servers
LiveOverflow 2022-05-19 | I want to show you another Minecraft related project of mine. I tried to scan the whole internet for servers. For what? Well.... you will see. Did 2b2t Griefers Just Do The Impossible? youtube.com/watch?v=fvbVnT-RW-U Griefing Jeb's Private Server w/ Babbaj, orsond, Zetrax, and _Aaron_ youtube.com/watch?v=vrjf33A2Vkc Maybe jeb_ server grief was fake? youtube.com/watch?v=lk70_G32jvg Hermitcraft 9 Episode 4: The Base Is DONE! youtube.com/watch?v=6coT21RT7HQ masscan: github.com/robertdavidgraham/masscan Mongo Express: github.com/mongo-express/mongo-express dramatiq: dramatiq.io/guide.html Episode 06: 00:00 - Let's Play: Building 04:21 - Some Thoughts on Griefing 09:42 - Griefing vs. Reporting Vulnerabilities 11:05 - Building a Minecraft Server Scanner 17:48 - Exploring the Data 19:44 - Griefing Random Servers 24:36 - Let's Play: Iron and Sugarcane Farm 26:18 - Outro Copyright Music: C418 - Minecraft Soundtrack -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Crafting a Minecraft 0day...
LiveOverflow 2022-05-08 | In this video I show off my new XRay mod, we go mining, almost die in the Nether and discover a vulnerability in the Minecraft Protocol. Just another normal Minecraft:HACKED episode! Checkout ilmango: youtube.com/c/ilmango SciCraft: twitter.com/scicraft_ XRay Mod Inspriation: github.com/ate47/Xray Minecraft Protocol: https://wiki.vg/Protocol_Encryption AES CFB: en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB ) The Bug Report MC-249235: bugs.mojang.com/browse/MC-249235 Episode 05: 00:00 - Intro: ilmango/SciCraft shoutout 01:16 - XRay Mod 02:12 - Let's Play: Mining & Enchantments 05:16 - Mojang to Microsoft Account Migration 11:15 - Let's Play: The Nether 13:42 - Auditing Minecraft Encryption Protocol 16:14 - Attacker Observes Traffic 16:51 - Attacker Controls Malicious Server 21:07 - Auditing AES/CFB8 Encryption 24:00 - Proof of Concept Attack 26:00 - Reporting to Mojang 27:19 - Let's Play: Herobrine Copyright Music: C418 - Minecraft Soundtrack -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
LiveOverflow 2022-05-01 | In this episode we start by exploring the basic AFK fishing farm. While building a potato farm we learn about the scientific method and how we can apply it to Minecraft to find a new fishing farm design for 1.19. Unfortunately we are still on 1.18.2, so we have to develop our own autofish mod. From the newly found programming experience we then are able to develop our own fly hack and bypass the server flying detection! Simple AFK Treasure Fish Farm Concept for 1.19 Sculk Sensor:youtube.com/watch?v=L-g9ml6wzgM Easy Carrot & Potato Crop Farm Tutorial | Simply Minecraft (Java Edition 1.17/1.18)youtube.com/watch?v=A8DQYpk5944 MrTroot/autofish github.com/MrTroot/autofish Trolling 2b2t Players with a "Magic Carpet" youtube.com/watch?v=Ze9a-I-kFt4 Episode 04: 00:00 - Intro 01:23 - AFK Fishing Farm Explained 05:30 - Let's Play: Villager Breeder & Potato Farm 07:00 - The Scientific Method 10:27 - Inventing a 1.19 AFK Fish Farm 12:25 - Developing AutoFish Mod 18:14 - Bypassing Server Flying Detection 23:32 - Flying without Elytra! 24:52 - Outro Music: C418 - Minecraft Soundtrack -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
LiveOverflow 2022-04-20 | In this episode of Minecraft Hacked we are going to look into client mods and talk about cheating in general. Fabric Example Mod: github.com/FabricMC/fabric-example-mod Mixin Examples: fabricmc.net/wiki/tutorial:mixin_examples Mixin Wiki: github.com/SpongePowered/Mixin/wiki Shulker Dupe mod by 0x3C50: github.com/Coderx-Gamer/shulker-dupe FredOverflow: youtube.com/watch?v=WPDV3LgUL2E Episode 03: 00:00 - Let's Play: Enderpearl Glitch 02:10 - Let's Play: Caving 04:07 - What is Cheating? 14:00 - How to Code Client Mods 15:30 - Hacks: Java Bytecode Modification 21:15 - Let's Play: Return to Surface Music: C418 - Sweden -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Awkward VLOG at Nullcon Berlin 2022
LiveOverflow 2022-04-16 | I attended Nullcon berlin 2022 in Berlin. Finally met a lot of people I haven't seen in a long time, and also met lots of new people. Nullcon: nullcon.net/berlin-2022 Card game: thecodeck.com Magic Word Writeup: ctftime.org/writeup/33233 advertisement: This video is labeled as an ad, but this video was not sponsored by nullcon. I just do it to make sure German regulators cannot complain. -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Minecraft, But Its Reverse Engineered...
LiveOverflow 2022-04-10 | In this episode we learn how Minecraft servers are implemented by looking at PaperMC and tracing the dependencies. Turns out the custom Minecraft servers rely on decompiling the server source code! It's insane what this Minecraft community has created. Paper Server: github.com/PaperMC/Paper Minecraft EULA: minecraft.net/en-us/eula Fabric Intermediary Mappings: github.com/FabricMC/intermediary Fabric Yarn Mappings: github.com/FabricMC/yarn/tree/1.18.2-pre3/mappings/net/minecraft Grab the files: github.com/LiveOverflow/minecraft-hacked Minecraft:HACKED Playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG Episode 02: 00:00 - Let's Play: Map Exploration 02:47 - How Does Minecraft Help With Hacking? 06:06 - Introduction to Minecraft Servers 09:13 - Minecraft Reverse Engineering 17:03 - Let's Play: The Return to Base Music: C418 - Minecraft Soundtrack -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Breaching Security of Palais des Congrès (in Minecraft) #shorts
LiveOverflow 2022-04-03 | Having a bit of fun on the official Minecraft server from Emmanuel Macron (French President). Disclaimer: This is not an ad, I'm not French, I have no stake in this election, I just love Minecraft. The Minecraft:HACKED Playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG Grab the files: github.com/LiveOverflow/minecraft-hacked -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
I Spent 100 Days Hacking Minecraft
LiveOverflow 2022-04-01 | I got addicted to Minecraft, so I decided to hack it. I know this is a weird video for this channel, but it was really fun to combine Minecraft storytelling with technical tutorials. The result is a very unique hacking tutorial that hopefully can reach lots of new people. I hope you enjoy it! Game Hacking Pwn Adventure Series: youtube.com/playlist?list=PLhixgUqwRTjzzBeFSHXrw9DnQtssdAwgG Devlog Hacking Game: youtube.com/playlist?list=PLhixgUqwRTjwrqAY_YDWllMw4e5E89E3x Quarry: github.com/barneygale/quarry The Minecraft:HACKED Playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG Grab the files: github.com/LiveOverflow/minecraft-hacked Episode 01: 00:00 - Let's Play: The Spawn 02:24 - About This Project 06:33 - Let's Play: First Adventure 08:20 - Motivation to Research the Protocol 10:21 - Setup Local Server 13:17 - Network Protocol Analysis Copyright Music: C418 - Sweden -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Ive been Hacking for 10 Years! (Stripe CTF Speedrun)
LiveOverflow 2022-03-24 | Celebrating my 10 years of hacking and my 7 years on YouTube! In 2012 I came across my first hacking CTF. Stripe organized a Capture the Flag competition with 6 levels to learn about different vulnerabilities. This is what it all started for me. Cyber Security Challenge Germany: https://cscg.live NFITS donations: https://nfits.de/spenden/ Stripe CTF Announcement stripe.com/blog/capture-the-flag CTF Wrap Up web.archive.org/web/20120531152105/stripe.com/blog/capture-the-flag-wrap-up Files/Sources: github.com/stripe-ctf/stripe-ctf io.smashthestack: io.netgarage.org ey! Look for patterns youtube.com/watch?v=Jpaq0QkepgA Sudo Exploit Walkthrough youtube.com/watch?v=TLa2VqcGGEQ&list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx GitLab 11.4.7 Remote Code Execution - Real World CTF 2018 youtube.com/watch?v=LrLJuyAdoAg Chapters: 00:00 - Background Story 01:27 - The StripeCTF Blogpost 03:11 - Setting up StripeCTF VM 04:01 - level01: system() 05:50 - level02: PHP Path Traversal 07:10 - level03: Array OOB 10:57 - level04: Buffer Overflow 14:13 - level05: Python Pickle 17:04 - level06: Timing Attack 19:28 - CTF Playing vs. Reading Writeups 20:57 - level06: Blocked I/O 24:21 - Reflecting on the CTF 26:02 - Cyber Security Challenge Germany 28:03 - To Be Continued... -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Missing HTTP Security Headers - Bug Bounty Tips
LiveOverflow 2022-03-16 | In this video we talk about various HTTP headers that can improve or weaken the security of a site. And we discuss how serious they are in the context of Google's bug bounty program. Find the full playlist with videos for Google here: youtube.com/playlist?list=PLY-vqlMAnJ9bGoI82H1BB8BE4A8H2OCA- Chapters: 00:00 - Background Info 03:11 - Intro 03:53 - HTTP Security Header Overview 04:38 - Example #1: X-Frame-Options 06:43 - Example #2: Content-Security-Policy (CSP) 08:16 - Example #3: Strict-Transport-Security (HSTS) 10:44 - Example #4: Cross-Origin Resource Sharing (CORS) 13:12 - Example #5: Cookie Security Flags (HttpOnly) 14:25 - Summary 15:23 - Outro *advertisement because the video was originally produced for Google: bughunters.google.com/learn/videos/5956774821363712/bug-hunter-university-videos -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
LiveOverflow 2022-03-07 | In this video we perform a code audit of Api6 and discover a default configuration that can be escalated to remote code execution. CVE-2022-24112: seclists.org/oss-sec/2022/q1/133 GitLab: liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018 Challenge files: github.com/chaitin/Real-World-CTF-4th-Challenge-Attachments/tree/master/API6 Chapters: 00:00 - Intro 01:09 - Initial Application Overview 02:15 - Discussing Approaches 03:56 - Reading Documentation 04:57 - Initial Attack Idea 06:15 - Identifying Attack Surface 08:46 - Discovering Batch Requests 09:18 - Bypassing X-Real-IP Header 10:15 - Testing the Exploit 11:11 - Reporting the Issue 12:16 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Exploiting Java Tomcat With a Crazy JSP Web Shell - Real World CTF 2022
LiveOverflow 2022-02-24 | This was a hard web CTF challenge involving a JSP file upload with very restricted character sets. We had to use the Expression Language (EL) to construct useful primitives and upload an ascii-only .jar file. Alternative writeups: github.com/voidfyoo/rwctf-4th-desperate-cat/tree/main/writeup Fuzzing log4j with Jazzer: youtube.com/watch?v=kvREvOvSWt4 -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Sudo Exploit for (old) Ubuntu 20.04 LTS
LiveOverflow 2022-02-12 | This is the end. We finally develop a working sudoedit exploit for Ubuntu 20.04. Grab the files: github.com/LiveOverflow/pwnedit Grab the iso: old-releases.ubuntu.com/releases/20.04 Full Playlist: youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx Second Channel: youtube.com/c/LiveUnderflow Twitch: twitch.tv/liveoverflow Episode 17: 00:00 - Intro 00:42 - Ubuntu VM Setup 02:09 - Fuzzing sudoedit 02:51 - Revisiting an Old Issue 04:11 - Exploring _tsearch Crashes 06:49 - Creating PoC Exploit 08:22 - Minimize and Testing Exploit 09:06 - Fuzzing Statistics 10:48 - Conclusion 11:52 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046
LiveOverflow 2022-02-01 | After the log4shell (CVE-2021-44228) vulnerability was patched with version 2.15, another CVE was filed. Apparently log4j was still vulnerable in some cases to a denial of service. However it turned out that on some systems, the issue can still lead to a remote code execution. In this video we use the Java fuzzer Jazzer to find a bypass. Jazzer Java Fuzzer: github.com/CodeIntelligenceTesting/jazzer Anthony Weems: twitter.com/amlweems 00:00 - Intro 00:54 - Chapter #1: The New CVE 03:38 - Chapter #2: Disable Lookups 05:43 - Chapter #3: Vulnerable log4j Configs 07:52 - Chapter #4: The Remote Code Execution 10:53 - Chapter #5: Parser Differential 12:57 - Chapter #6: Differential Fuzzing 16:07 - Chapter #7: macOS Only 18:15 - Chapter #8: Increase Impact 19:03 - Summary 19:58 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Debugging The Failing sudoedit Exploit | Ep.16
LiveOverflow 2022-01-18 | Our exploit doesn't work as the user. So now we need to investigate and figure out how we can make it work. We explore three options and implement additional code, but nothing seems to work. Grab the files: github.com/LiveOverflow/pwnedit Episode 16: 00:00 - Intro 00:23 - How To Debug The Failing Exploit? 00:49 - Core Dumps 01:49 - Wait in Execution Wrapper to Attach gdb 02:28 - Difference Running sudoedit as root vs. user? 03:00 - Option 1: Bruteforce Offsets Perfectly 03:38 - Option 2: Fengshui as user 04:18 - Option 3: Analyze Our Failing Crash 04:48 - Comparing Option 1 vs. 2 05:45 - Implementing Option 1 07:56 - Implementing Option 2 09:16 - Running Option 2 10:03 - It Doesn't Work in Docker 11:11 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Creating The First (Failed) Sudoedit Exploit | Ep. 15
LiveOverflow 2022-01-11 | WE CREATED OUR FIRST EXPLOIT! In this video we were able to control the loading of a malicious library. This can be used to execute our own code as root! But it only works when executing it as root; Executing it as a regular user doesn't work... Grab the files: github.com/LiveOverflow/pwnedit dlopen man page: man7.org/linux/man-pages/man3/dlopen.3.html Complete playlist: studio.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/playlists Episode 15: 00:00 - Intro 00:27 - Recap of Library Loading Exploit Idea 01:45 - Debug a Different Crash 02:28 - Can We Reach dlopen? 03:37 - Using Patterns to find Offsets 05:05 - Writing NULL bytes 05:54 - Create Execution Wrapper sudoenv 07:52 - Debugging the Debug Script 09:00 - Controlling The ni Struct 10:18 - Single Step Exploit Code 11:33 - Create Attack Shared Library 12:17 - First Successful Exploit? 12:58 - Doesn't Work for User 13:16 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Learning about nss (Linux Name Service Switch) During Sudo Exploitation | Ep. 14
LiveOverflow 2022-01-03 | To understand a crash in nss_load_function() better, we have to look at the libc source code. While doing this we find a very interesting exploit strategy using dlopen. Grab the files: github.com/LiveOverflow/pwnedit Read libc Code: elixir.bootlin.com/glibc/glibc-2.31/source Episode 14: 00:00 - Intro 00:22 - Select Testcases For Crash Analysis 01:19 - Debug Crash in gdb 02:02 - Code Examples from grep.app 02:53 - Reading libc Source Code 04:43 - Learning about nss 05:29 - Reaching nss_lookup 06:00 - The service_user Struct ni 07:55 - nss_lookup_function 08:57 - The Crash Reason 09:58 - Exploit Brainstorming 10:57 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Log4j Lookups in Depth // Log4Shell CVE-2021-44228 - Part 2
LiveOverflow 2021-12-24 | In this video we dig a layer deeper into Log4j. We get a quick overview how Log4j is parsing lookup strings and find the functions used in WAF bypasses. Then we bridge the gap to format string vulnerabilities and figure out why the noLookups mitigation has flaws. Part 1 - Hackers vs. Developers // CVE-2021-44228 Log4Shell: youtube.com/watch?v=w2F67LbEtnk My lamest GitHub repo ever: github.com/LiveOverflow/log4shell -- 00:00 - Intro 00:38 - Chapter #1: Log4j Lookups in Depth Debugging 03:50 - Log Layout Formatters 06:56 - Chapter #2: Secure Software Design 09:21 - Chapter #3: Format String Vulnerabilities 13:58 - Chapter #4: noLookups Mitigation 15:15 - Final Worlds 15:42 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228
LiveOverflow 2021-12-17 | Let's try to make sense of the Log4j vulnerability called Log4Shell. First we look at the Log4j features and JNDI, and then we explore the history of the recent log4shell vulnerability. This is part 1 of a two part series into log4j. Log4j Issues: 2013: issues.apache.org/jira/browse/LOG4J2-313 2014: issues.apache.org/jira/browse/LOG4J2-905 2017: issues.apache.org/jira/browse/LOG4J2-2109 Log4j 2 Security: logging.apache.org/log4j/2.x/security.html German Government Warning: https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=3 Cloudflare: blog.cloudflare.com/exploitation-of-cve-2021-44228-before-public-disclosure-and-evolution-of-waf-evasion-patterns A JOURNEY FROM JNDI/LDAP MANIPULATION TO REMOTE CODE EXECUTION DREAM LAND: blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf whitepaper: blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf --- 00:00 - Intro 01:05 - BugBounty Public Service Announcement 02:23 - Chapter #1: Log4j 2 03:38 - Log4j Lookups 04:15 - Chapter #2: JNDI 06:01 - JNDI vs. Log4j 06:35 - Chapter #3: Log4Shell Timeline 07:33 - Developer Experiences Unexpected Lookups 09:51 - The Discovery of Log4Shell in 2021 11:08 - Chapter #4: The 2016 JNDI Security Research 11:56 - Java Serialized Object Features 13:27 - Why Was The Security Research Ignored? 14:44 - Chapter #5: Security Research vs. Software Engineering 16:49 - Final Words and Outlook to Part 2 17:23 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Can We Find a New Exploit Strategy? | Ep. 13
LiveOverflow 2021-12-14 | We are still looking for an exploit strategy for the sudo heap overflow. In this episode we look at a few crashes and decide to look into one particular case more deeply. Complete Playlist: youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx Grab the files: github.com/LiveOverflow/pwnedit (sorry, repo is a bit behind the videos) Homework libc source code: elixir.bootlin.com/glibc/glibc-2.31/source Episode 13: 00:00 - Intro 00:36 - Recap of Episode 12 01:16 - Interpret Fuzzing Results | fengshui3 03:05 - Reproduction Script poc.py 04:16 - Heap Object Information not Useful 05:10 - Collect More Data on Crashes | fengshui4 05:32 - Looking at Crashes 06:35 - Intersting Crash in nss_lookup_function 07:00 - Homework -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Authorization vs. Authentication (Google Bug Bounty)
LiveOverflow 2021-12-02 | Authorization and Authentication can be confusing. In this video we look at their differences, and then focus on valid and invalid authorization bugs. advertisement: this video was commissioned by the Google Vulnerablity Rewards Program for their site bughunters.google.com watch all BHU videos here: youtube.com/playlist?list=PLY-vqlMAnJ9bGoI82H1BB8BE4A8H2OCA- 00:00 - Intro 00:33 - Authentication vs. Authentication 02:04 - Complex Systems with Permissions and Roles 02:42 - Example #1: Permission Complexity 04:16 - "Fixes" for Authorization Bugs 04:48 - Roles vs. Permissions 05:53 - What are Authorization Bugs? 06:52 - Example #2: Confusing Invalid Auth "Bugs" 08:22 - Summary -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Developing GDB Extension for Heap Exploitation | Ep. 12
LiveOverflow 2021-11-18 | We aren't getting anywhere... So we write a new tool to analyse the heap objects located after our overflowing buffer. Complete Playlist: youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx Grab the files: github.com/LiveOverflow/pwnedit (sorry, repo is a bit behind the videos) gef for gdb: github.com/hugsy/gef Episode 12: 00:00 - Intro 00:12 - How to Find Controllable Heap Allocations? 00:50 - Tracing free()! 01:21 - Finding Recognizable Strings on the Heap 01:58 - More Environment Variables 03:26 - fengshui2.py Script Changes 04:19 - Wrong Rabbit Hole... 05:20 - Some Other Research Attempts 06:47 - (gdb) gef Extension - Analyse the Heap Objects 09:03 - Heap Tracing Results 09:51 - Developing fengshui3.py 10:52 - First Peak at Script Results -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Can Hackers Get Into Every Device?
LiveOverflow 2021-11-04 | Have you ever heard the sentence that every device can be hacked? I have talked to several security researchers who have experience in hacking Browsers, iPhones and more, to figure out if this is true. And if it's true, should you be worried? You should worry more about Phishing: youtube.com/watch?v=NWtm4X6L_Cs @steventseeley: twitter.com/steventseeley @s1guza: twitter.com/s1guza @itszn13: twitter.com/itszn13 @xerub: twitter.com/xerub @gf_256: twitter.com/gf_256 / youtube.com/channel/UCmYAXMxue6UdEPfAPxA0E8w --- 00:00 - Can Every Device Get Hacked? 00:53 - Collaboration 02:24 - Law of Security: The More Complexity, The More Insecure 03:20 - Proof #1: Zerodium 04:55 - Proof #2: Phone Vendor Security Updates 05:33 - Proof #3: Hacking Competitions 06:28 - "Can You Find The Vulnerabilities Alone?" 09:27 - "Weaponized" (or Operationalized) Exploits 10:35 - The Original Question Is Useless 11:18 - Risk Of Your Device Getting Hacked? 12:32 - The Economics Of The Attacker 14:30 - Who Should Be Worried About 0days? 15:11 - Attack On Security Researchers 16:06 - What Can You Do Against Hackers? 18:15 - Trick Against Smartphone Hacking 19:22 - Summary and Conclusion 21:21 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Design Flaw in Security Product - ALLES! CTF 2021
LiveOverflow 2021-10-26 | In this video we are exploring a theoretical security product that automagically encrypts user data securely. But it has a fundamental design flaw which can be exploited. Challenge Files: github.com/LiveOverflow/ctf-cryptowaf Walkthrough: youtube.com/watch?v=ZKrABs-N9wA BugBountyReportsExplained: youtube.com/c/BugBountyReportsExplained 00:00 - Intro 01:33 - Background Story 02:55 - What is CryptoWAF? 04:16 - Implementing Encryption 05:06 - Encryption Challenges 06:59 - Implementing Decryption 07:02 - Design Flaw 08:26 - Exploiting the Design Flaw 09:06 - Leaking Database 10:04 - WAF Bypass 11:04 - Conclusion 12:07 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Fuzzing Heap Layout to Overflow Function Pointers | Ep. 11
LiveOverflow 2021-10-17 | After we found some function pointers we could use for exploitation, we instructed sudo to find their heap locations. And then we are developing a script to find a heap layout usable for exploitation. Complete Playlist: youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx Grab the files: github.com/LiveOverflow/pwnedit Episode 11: 00:00 - Intro 00:40 - The Research Plan 02:09 - Collecting Heap Information 02:40 - Testing the "Instrumentation" - First Problem 04:00 - Understanding Heap Information Output 04:34 - Heap Fragemntation Explained 05:10 - Which Inputs to Control? 05:35 - Writing the Fuzzing Heap Layouts Sripts 07:37 - Development Challenges 08:28 - The Script Results! 09:30 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Video Essay about the Security Creator Scene
LiveOverflow 2021-10-06 | I wrote an article about the state of the YouTube Hacker Scene for Phrack. I hope you enjoy this reading. The article can be read here: http://phrack.org/issues/70/15.html#article --=[ Missing parts: 1. Remember the hacking videos without audio using notepad to communicate? That's definitely a part of the history that should have been included in this article. --=[ References: How SUDO on Linux was HACKED! // CVE-2021-3156 youtu.be/TLa2VqcGGEQ?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx XSS on Google Search - Sanitizing HTML in The Client? youtube.com/watch?v=lG7U3fuNw3A Identify Bootloader main() and find Button Press Handler youtu.be/yJbnsMKkRUs?list=PLhixgUqwRTjyLgF4x-ZLVFL-CRTCrUo03 [0] Lenas Reversing for Newbies (2006) web.archive.org/web/20070524043123/http://www.tuts4you.com/download.php?list.17 [1] thebroken by Kevin Rose archive.org/details/thebroken_xvid [2] Hak5 - Episode #1 youtube.com/watch?v=SUEXCCWMfXg [3] Notacon 2007 Part 1 youtube.com/watch?v=HXSZ4PRLUDU [4] CSAW CTF challenge 2.exe, 3.exe and 4.exe flag retrieval youtube.com/watch?v=_Ld1cD9d7tI [5] Beginner Challenge #1... youtube.com/watch?v=tdqJ8NEcJUM [6] Phrack issue #69 - International scenes [7] reddit.com/r/WatchPeopleCode [8] livectf REDEMPTION by geohot 7/27/2014 youtube.com/watch?v=td1KEUhlSuk [9] Let's Hack Livestream - exploit-exercises.com (2015) youtube.com/watch?v=HBnPY77JtqY [10] The Heap: dlmalloc unlink() exploit - bin 0x18 youtube.com/watch?v=HWhzH--89UQ [11] Hacking Livestream #1: ReRe and EZPZP youtube.com/watch?v=XWozhb1ZOyM [12] Life of an Exploit: Fuzzing PDFCrack with AFL for 0days youtube.com/watch?v=8VLNPIIgKbQ [13] HackTheBox - Popcorn youtube.com/watch?v=NMGsnPSm8iw [14] Live CTF v2: ... youtube.com/watch?v=D7uXE_lEzxI [15] SMT in reverse engineering, for dummies youtu.be/b92CW-NZ3l0 [16] GoogleCTF - XSS "Pasteurize" youtu.be/voO6wu_58Ew [17] Hacking into Google's Network for $133337 youtu.be/g-JgA1hvJzA [18] support.google.com/youtube/answer/2801964?hl=en [19] Data breaches, phishing, or malware? Understanding the risks of stolen credentials dl.acm.org/doi/abs/10.1145/3133956.3134067 [20] Zero to Hero Pentesting youtu.be/qlK174d_uu8?list=PLLKT__MCUeiwBa7d7F_vN1GUwz_2TmVQj [21] How the Apple AirTags were hacked youtu.be/_E0PWQvW-14 [22] FuzzOS: Day 1, starting the OS youtu.be/2YAgDJTs9So [23] How We Hacked a TP-Link Router and Took Home $55,000 in Pwn2Own youtube.com/watch?v=zjafMP7EgEA [24] tiktok.com/@malwaretech --=[ Chapters: 00:00 - Intro 00:21 - 0. About the Author 00:50 - 1. Preamble 02:00 - 2. Before 2014 04:40 - 3. My Start in 2015 08:50 - 4. Today's Scene 15:50 - 5. Final Words 16:39 - Some Thoughts 20:06 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Did you really find a vulnerability in Google? - ft. @PwnFunction
LiveOverflow 2021-09-26 | This video was created in collaboration with @PwnFunction and was comissioned by Google VRP. Checkout @PwnFunction excellent YouTube channel! Read the article here: bughunters.google.com/learn/improving-your-reports/avoiding-mistakes/6082745027264512 -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Website: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Developing a Tool to Find Function Pointers on The Heap | Ep. 10
LiveOverflow 2021-09-19 | We develop a helper script to find function pointers we could maybe overwrite with our heap overflow. This is another episode in the sudo series. Complete playlist:youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx Grab the files: github.com/LiveOverflow/pwnedit Episode 10: 00:00 - Intro 00:46 - Research Idea 01:29 - Collecting Data 02:20 - Developing Python Script 03:34 - Finding Potential Function Pointers 04:01 - Verify if pointers are usable 05:07 - Function Pointer Candidate #1 05:58 - Function Pointer Candidate #2 06:47 - Evaluate the Research Methodology 08:00 - What's Next? -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Website: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
What Ethereum Smart Contract Hacking Looks Like
LiveOverflow 2021-09-12 | In this video you can see me working over 10h on hacking an Ethereum smart contract. The attack was done on a private chain, so no actual Ethereum users have been affected. This was a challenge called `Montagy` from the Real World CTF 2019 competition. Even though this was part of a competition, the methodology and technologies used are the tools used in real-life Ethereum hacking as well. More Ethereum hacking: - Ethereum Smart Contract Hacking #1 - Real World CTF 2018: youtube.com/watch?v=ozqOlUVKL1s - Jump Oriented Programming: Ethereum Smart Contract #2 - Real World CTF 2018: youtube.com/watch?v=RfL3FcnVbJg - Ethereum Smart Contract Backdoored Using Malicious Constructor:youtube.com/watch?v=WP-EnGhIYEc 00:00:00 - Backstory 00:03:58 - Smart Contract Challenge Overview 00:20:17 - Blockchain Transaction Investigation 00:22:13 - Rough Plan & Research Setup 00:34:27 - Looking more into the Contracts 00:41:18 - Debugging with remix 01:08:43 - What we learned so far 01:09:31 - Researching custom hash 01:34:26 - Breaking hash algorithm with z3 02:02:37 - Realizing winning condition is different... 02:03:20 - Developing exploit pwn.js 02:15:10 - Exploit doesn't work... debugging. 02:31:30 - Exploit finally works 02:33:55 - Sending Exploit to the Team in China 02:35:05 - The Flag 02:36:10 - Opinion and Conclusion -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Website: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow
Discussing Heap Exploit Strategies for sudo - Ep. 09
LiveOverflow 2021-09-04 | We have a heap buffer overflow, but how can we exploit this now? Let's discuss some of the possible strategies. Grab the files: github.com/LiveOverflow/pwnedit We made the thumbnail together on stream: youtube.com/watch?v=71h-AqXut7A Episode 09: 00:00 - Intro 00:35 - Option 1: Exploit Heap Metadata 02:42 - Option 2: Exploit Data on Heap 04:18 - Heap Feng Shui 06:04 - Failure...? 07:04 - We Could Fuzz the Heap 08:08 - To Be Continued... -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Website: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow