1 00:00:01,140 --> 00:00:02,370 Let me see this recording. 2 00:00:02,400 --> 00:00:02,700 All right. 3 00:00:02,700 --> 00:00:03,730 Welcome back. 4 00:00:03,750 --> 00:00:07,890 So let's go back, exit this. 5 00:00:08,280 --> 00:00:13,900 And we're going to find we're going to use a poll to a framework. 6 00:00:13,920 --> 00:00:17,100 Poll tools are actually pre-installed in this Docker container. 7 00:00:17,190 --> 00:00:21,030 So what we're going to do is we're going to add the following lines of code because poll tools makes 8 00:00:21,030 --> 00:00:23,910 binary exploitation on Linux extremely easy. 9 00:00:24,360 --> 00:00:26,160 So we're an import 10 00:00:30,030 --> 00:00:33,780 and then we're going to make an executable context binary. 11 00:00:33,780 --> 00:00:39,600 So executable equals context byte context that binary. 12 00:00:41,310 --> 00:00:43,710 That's because Elf. 13 00:00:47,300 --> 00:00:48,660 Dot slash mon. 14 00:00:52,330 --> 00:00:53,920 And what else? 15 00:00:54,100 --> 00:00:55,870 Go to the bottom of our code. 16 00:00:59,430 --> 00:01:07,290 Enter IO equals process as x path and then beneath. 17 00:01:09,220 --> 00:01:17,690 This line, where do you send line must interact. 18 00:01:19,840 --> 00:01:22,480 Now watch how it does this. 19 00:01:22,480 --> 00:01:26,260 Because normally we had to use a really awkward 20 00:01:28,600 --> 00:01:33,730 standard input output, you know, like read the payload, read it back to standard, I'll pipe it into 21 00:01:33,730 --> 00:01:39,540 bone because it uses get s that means it expects a as you can see, watch wall. 22 00:01:40,820 --> 00:01:43,240 Bobby Hi there. 23 00:01:43,240 --> 00:01:52,390 Bobby We can automate the power of this x vulnerable binary that I wrote myself using pen tools. 24 00:01:52,390 --> 00:01:53,620 So let's try this again. 25 00:01:54,310 --> 00:01:56,080 So nano exploit. 26 00:01:56,830 --> 00:02:00,160 Want to clear all of this out? 27 00:02:00,160 --> 00:02:01,780 Running in a debugger. 28 00:02:01,780 --> 00:02:02,680 We're going to run it. 29 00:02:03,010 --> 00:02:05,440 Python three exploit py. 30 00:02:11,530 --> 00:02:12,280 Let me see. 31 00:02:13,150 --> 00:02:14,920 Let me read the write ups again. 32 00:02:20,620 --> 00:02:22,810 Oh, I didn't import all that. 33 00:02:23,140 --> 00:02:25,250 Probably from home. 34 00:02:25,270 --> 00:02:26,350 Import star. 35 00:02:28,780 --> 00:02:29,890 Import star. 36 00:02:35,070 --> 00:02:36,690 They all process. 37 00:02:38,430 --> 00:02:39,720 Let's get on a path. 38 00:02:40,830 --> 00:02:41,100 Okay. 39 00:02:41,160 --> 00:02:43,290 I just simply use the wrong syntax. 40 00:02:44,800 --> 00:02:46,930 So let's go back and try this again. 41 00:02:54,760 --> 00:02:59,740 That's what our pi x y pi python. 42 00:02:59,740 --> 00:03:01,420 Three x pi. 43 00:03:04,750 --> 00:03:06,040 And we got our show. 44 00:03:06,430 --> 00:03:07,300 Who am I? 45 00:03:07,780 --> 00:03:17,110 ID route ID KD route less cat flag text. 46 00:03:17,890 --> 00:03:19,660 And we still have the flag again. 47 00:03:19,660 --> 00:03:26,830 So that's just introduction to pen tools because in our next exercise, we're going to use Python tools 48 00:03:26,830 --> 00:03:30,880 exclusively so we can actually use it. 49 00:03:30,880 --> 00:03:36,490 You don't have to with tools, you don't have to use things like struct pack, stuff like that. 50 00:03:36,490 --> 00:03:41,020 They actually have the own little functions to make it convenient, but certain versions of Python three, 51 00:03:41,020 --> 00:03:46,240 they don't actually have Python tools available in older versions of Python three. 52 00:03:46,240 --> 00:03:47,500 So we were forced to. 53 00:03:47,530 --> 00:03:52,570 So in those situations it's important to know about the Python C struct module, which is this. 54 00:03:55,330 --> 00:04:03,580 So don't forget to submit your flag to our quiz and move on to statutory bypasses.