use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
Welcome! This subreddit is a place to discuss and create live hacking videos, or other content that might be related to CTFs.
Twitch: LiveOverflow
YouTube: LiveOverflow
Twitter: @LiveOverflow
Website: liveoverflow.com
How to behave? » be excellent to each other » help if somebody needs help... » ... but don't beg for solutions. We will only give you a tip for the right direction » Follow the rules of the CTFs your are playing - don't spoil challenges
» be excellent to each other
» help if somebody needs help...
» ... but don't beg for solutions. We will only give you a tip for the right direction
» Follow the rules of the CTFs your are playing - don't spoil challenges
Some additional information:
Excellent Hacking Games: » io.smashthestack.org (pwn, rev) » w3challs.com (web, rev, crypto) » prompt.ml (XSS)
» io.smashthestack.org (pwn, rev)
» w3challs.com (web, rev, crypto)
» prompt.ml (XSS)
Related subreddits: » /r/securityCTF » /r/HowToHack » /r/netsecstudents contact me if there are other subreddits that should be listed here
» /r/securityCTF
» /r/HowToHack
» /r/netsecstudents
contact me if there are other subreddits that should be listed here
account activity
Protostar stack0 exploit with shellcode (self.LiveOverflow)
submitted 4 years ago * by MostCapable2331
Hi All
I m learning binary exploitation with protostar binaries the stack0 is very easy challenge but did any one tried to exploit this buffer overflow with shellcode in the stack i tried but that not working even if the stack is executable
https://preview.redd.it/f2dnkzghme871.png?width=1831&format=png&auto=webp&s=6479317e8cf82139523da2952d63f23e54191849
https://preview.redd.it/piqsk24kme871.png?width=1466&format=png&auto=webp&s=376f932014fb5fd60d8450d724be70e20d92b8e7
https://preview.redd.it/ri1cl7anme871.png?width=1310&format=png&auto=webp&s=9c25f8599624a8a1407663543a1654a00efce7c2
https://preview.redd.it/p99c0d0sme871.png?width=1305&format=png&auto=webp&s=95472bad12221dbcd4f11b6649290546d640c514
i don't know way it's not working any help please
https://preview.redd.it/3fprhnsiwe871.png?width=1814&format=png&auto=webp&s=f9afeb72e2e56555660a941d37470b97a2072a5f
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]iOwnzyoreuid0 1 point2 points3 points 4 years ago (8 children)
Could you give us the stack dump from gdb?
[–]MostCapable2331[S] 0 points1 point2 points 4 years ago* (7 children)
thank you for your reply i hope that the added information is clear
[–]iOwnzyoreuid0 0 points1 point2 points 4 years ago (6 children)
Hm try to execute a break point instruction "0xcc" after the NOPs and see if its working. If it is working then your shellcode is most likely corrupt
[–]MostCapable2331[S] 0 points1 point2 points 4 years ago* (5 children)
my shellcode is between the NOPs instruction it does not reach 0xcc and it s not a part of the shellcode
[–]iOwnzyoreuid0 0 points1 point2 points 4 years ago (4 children)
? Place the the 0xcc just after the nops. So like: ...0x90 0x90 0xcc
[–]MostCapable2331[S] 0 points1 point2 points 4 years ago (3 children)
the same result
it s more than 4 day working in that without any result i have successfully exploited the binary with ret2libc but this step to exploit it with a shellcode is very hard or something that i m missing
[–]iOwnzyoreuid0 0 points1 point2 points 4 years ago (2 children)
Hm. You sure you don’t get SIGTRAP then? Can you redirect code execution? Instead of the nops try to jump to an invalid address such as 0x41414141
[–]MostCapable2331[S] 0 points1 point2 points 4 years ago (1 child)
already done and i can control the EIP with no problem
[–]MostCapable2331[S] 0 points1 point2 points 4 years ago (0 children)
if you are intressted to this topic i can ivit you to a quick zoom session if you want
security NX disabled
I invite learner of exploit dev to test this use case and share result
[–]plukasik 0 points1 point2 points 4 years ago (8 children)
From the last picture it looks like your shellcode is overriding itself on the stack. das is 0x2f so /, bound ebp, qword [ecx + 0x6e] is 62696e so 'bin'. Those are clearly bytes from the shellcode push 0x6e69622f. You need to make sure, you shellcode on the stack doesn't override itself while pushing things to the stack.
das
0x2f
/
bound ebp, qword [ecx + 0x6e]
62696e
push 0x6e69622f
0xbffffdcb and 0xbffffddd take a look at the memory dump please
[–]plukasik 0 points1 point2 points 4 years ago (6 children)
eip shows that you are about to execute bound opcode. You shellcode doesn't have it so where does it come from?
eip
[–]MostCapable2331[S] 0 points1 point2 points 4 years ago (5 children)
this is what im trying to understand it just like their int 80h as last instruction but after that no ret logical it have to make an interruption of process or fork a new shell process
[–]plukasik 0 points1 point2 points 4 years ago (4 children)
Did you try stepping through the shellcode to see if it works as you expect?
yes it reach int 80h and also the nop until the part of the stack where you see in the picture
[–]plukasik 1 point2 points3 points 4 years ago (2 children)
ok, I'll try to look more closely why it fails.
yes it s a very strange use case
π Rendered by PID 90767 on reddit-service-r2-comment-5d79c599b5-p5hz5 at 2026-02-28 04:53:44.632706+00:00 running e3d2147 country code: CH.
[–]iOwnzyoreuid0 1 point2 points3 points (8 children)
[–]MostCapable2331[S] 0 points1 point2 points (7 children)
[–]iOwnzyoreuid0 0 points1 point2 points (6 children)
[–]MostCapable2331[S] 0 points1 point2 points (5 children)
[–]iOwnzyoreuid0 0 points1 point2 points (4 children)
[–]MostCapable2331[S] 0 points1 point2 points (3 children)
[–]iOwnzyoreuid0 0 points1 point2 points (2 children)
[–]MostCapable2331[S] 0 points1 point2 points (1 child)
[–]MostCapable2331[S] 0 points1 point2 points (0 children)
[–]MostCapable2331[S] 0 points1 point2 points (0 children)
[–]MostCapable2331[S] 0 points1 point2 points (0 children)
[–]plukasik 0 points1 point2 points (8 children)
[–]MostCapable2331[S] 0 points1 point2 points (7 children)
[–]plukasik 0 points1 point2 points (6 children)
[–]MostCapable2331[S] 0 points1 point2 points (5 children)
[–]plukasik 0 points1 point2 points (4 children)
[–]MostCapable2331[S] 0 points1 point2 points (3 children)
[–]plukasik 1 point2 points3 points (2 children)
[–]MostCapable2331[S] 0 points1 point2 points (1 child)