🦇 Decoding the Bat Computer: Buffer Overflow EXPLOITED! 🦇

Gotham's secrets are vulnerable! In this video, we crack the defenses of the "Bat Computer" – a binary riddled with a buffer overflow vulnerability. Watch as we step into the shadows, reverse engineer the code, and pop a shell with expertly crafted shellcode!

Just like Batman analyzing crime scenes, we'll dissect the binary using Ghidra and GDB, revealing the hidden vulnerability. We'll show you how to find the critical offset, overwrite the return address, and unleash our own shellcode to gain control.

🔥 What you'll learn in the Batcave: 🔥

• Reverse engineering "Bat Computer" binaries.
• Identifying and exploiting buffer overflow vulnerabilities.
• Utilizing Ghidra and GDB for forensic analysis.
• Crafting and executing shellcode to seize control.
• Building local and remote exploits to claim the prize.

⏱️ Mission Breakdown: ⏱️

• 00:00 Infiltration Protocols Initiated
• 00:55 Initial Triage of the Bat Computer
• 4:58 Static Analysis in Ghidra (Bat-Vision Mode)
• 14:18 Analysis Overview: The Bat-Plan
• 14:32 Crashing the Bat Computer
• 15:38 Debugging the Bat Computer with GDB
• 16:00 Locating Main in the Bat Computer's Core
• 17:00 Crashing the Bat Computer in GDB (Again!)
• 19:22 Deciphering LEAVE/RET Instructions
• 22:00 Pinpointing the Offset: The Bat-Signal
• 24:28 Overwriting RSP: Taking Control
• 28:41 Shellcode Deployment (Attempt 1: Glitch in the System!)
• 29:47 Shellcode Deployment (Attempt 2: Mission Success!)
• 32:01 Examining the Local Exploit: The Bat-Gadget
• 33:00 Executing the Local Exploit: Bat-Tech Engaged
• 33:48 Remote Exploit: Claiming the Bat Computer's Secrets!
• 34:06 Securing the Flag: Gotham's Data Secured
• 34:14 Mission Debriefing

🔗 Bat-Links: 🔗

• Exploits: https://github.com/Jaybailey216/CrackmeSolutions/tree/main/pwnchallenges/bat_computer
• Shellcode: http://shell-storm.org/shellcode/files/shellcode-905.php

Resources:

• Download my VM here: https://drive.google.com/drive/folders/1SvyC1C2AkuaC-FNWvY0_Bhh-OhzZ5pJb?usp=sharing
• Download the binary here: https://www.hackthebox.eu/home/challenges/download/168 (The binary is password protected: hackthebox)

Connect with Me:

• Instagram: Instagram
• Twitter: Twitter
• Mastodon: Mastodon
• Blog: https://jaybailey216.com

👍 Subscribe to become a master of the Bat Computer! 👍

#reverseengineering #idapro #reversingwithbailey #crackme #simd #ghidra #binaryanalysis #security #bufferoverflow #pwn #batcomputer

License: How to Exploit a Buffer Overflow Vulnerability © 2021 by Jay Bailey is licensed under CC BY-NC-SA 4.0