1
00:00:01,680 --> 00:00:02,350
Am I recording it?

2
00:00:02,370 --> 00:00:02,670
All right.

3
00:00:02,670 --> 00:00:03,200
Sorry.

4
00:00:03,210 --> 00:00:05,220
So I forgot about something else.

5
00:00:05,220 --> 00:00:05,970
In my exploit.

6
00:00:05,970 --> 00:00:07,380
In my practice exploit.

7
00:00:07,380 --> 00:00:12,240
I actually was missing a line, so I did not properly.

8
00:00:12,240 --> 00:00:17,340
Let me see where is attempt three?

9
00:00:17,580 --> 00:00:27,690
So I forgot about this gadget right here plus equals pieces before I knew I was doing something wrong.

10
00:00:28,000 --> 00:00:30,030
RSI return.

11
00:00:34,110 --> 00:00:48,420
And if we run this command so we just do echo swipe the previous one or echo attempt three dot py nano

12
00:00:48,420 --> 00:00:51,900
attempt 3.5 control this.

13
00:00:52,500 --> 00:00:54,330
And then we ran the exploit again.

14
00:00:56,990 --> 00:00:59,690
By the way, who am I?

15
00:01:01,610 --> 00:01:03,590
Fruit fly text.

16
00:01:04,400 --> 00:01:12,590
So before we go to our final phase of ASR bypasses, let's try to step through the functions.

17
00:01:12,950 --> 00:01:17,460
So we're going to put a breakpoint and then we're going to watch it as a copies.

18
00:01:18,230 --> 00:01:23,900
So what I what I want to put this breakpoint at C.

19
00:01:26,950 --> 00:01:29,110
Let's go back into Jeff.

20
00:01:29,920 --> 00:01:32,880
This is symbol vein.

21
00:01:36,090 --> 00:01:38,880
Disassemble re underscore me.

22
00:01:44,060 --> 00:01:50,180
And I think we should put a breakpoint somewhere around.

23
00:01:52,650 --> 00:01:53,490
Here.

24
00:01:55,720 --> 00:02:01,630
So we're going to do break greet underscore me plus.

25
00:02:07,520 --> 00:02:08,930
56 bytes.

26
00:02:12,320 --> 00:02:17,400
And what we can do is we can just output this the exploit code.

27
00:02:17,420 --> 00:02:27,710
So instead of just running attempt three python, three attempts, three pi into payload and then we're

28
00:02:27,710 --> 00:02:29,210
going to run it with the payload.

29
00:02:29,210 --> 00:02:32,120
So our pipe payload.

30
00:02:35,370 --> 00:02:37,170
And then we're going to hit our rock chain.

31
00:02:39,880 --> 00:02:41,070
So press.

32
00:02:44,080 --> 00:02:46,930
And we can actually step through our entire rope chain.

33
00:02:54,580 --> 00:03:00,070
But what we also want to do is we probably want to go straight to our CIS call.

34
00:03:00,670 --> 00:03:03,310
So what you can do is do brake

35
00:03:06,100 --> 00:03:06,880
system.

36
00:03:10,560 --> 00:03:20,190
And then we can delete our previous breakpoint, delete one and press C to hit our next breakpoint.

37
00:03:21,660 --> 00:03:28,860
And as you can see, we are now running a system call with the word shell on it.

38
00:03:31,810 --> 00:03:35,350
So that's just not a way of our solving our third solution.

39
00:03:38,100 --> 00:03:41,220
If you wanted to go back and step through the you can go right ahead.

40
00:03:42,240 --> 00:03:46,830
But this is a solution for basically copying a straight into the data section.

41
00:03:48,300 --> 00:03:53,760
I've been sorry, I just been annoyed by constant texts from my family.

42
00:03:53,760 --> 00:03:58,440
So, you know, I might just move out this recording.