C Code Review - Reaching Vulnerable Code in sudo | Ep. 08

Channel:
United States LiveOverflow
Subscribers:
920,000
Published on ● Video Link: https://www.youtube.com/watch?v=RZiGBjrOLY8


Category:
Review
Duration: 8:04
28,468 views
1,534

A bit more code review of sudo to understand why it's vulnerable and what the conditions are to get there.

Full Playlist: https://www.youtube.com/watch?v=TLa2VqcGGEQ&list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx

Grab the files: https://github.com/LiveOverflow/pwnedit

Episode 08:
00:00 - Intro
00:18 - The Heap Overflow
02:27 - Identifying the Conditions to Reach the Vulnerable Code
03:00 - The sudo Modes
03:40 - Sudo is Escaping The Arguments!
04:25 - How to Skip the Escaping?
05:16 - The Curious Case of "sudoedit"
06:15 - Exploring Alternative sudo modes
07:05 - Outro
07:35 - #ads

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/



Other Videos By LiveOverflow


2021-10-26Design Flaw in Security Product - ALLES! CTF 2021
2021-10-17Fuzzing Heap Layout to Overflow Function Pointers | Ep. 11
2021-10-06Video Essay about the Security Creator Scene
2021-09-26Did you really find a vulnerability in Google? - ft. @PwnFunction
2021-09-19Developing a Tool to Find Function Pointers on The Heap | Ep. 10
2021-09-12What Ethereum Smart Contract Hacking Looks Like
2021-09-04Discussing Heap Exploit Strategies for sudo - Ep. 09
2021-08-28"Controversial Security" // BSides Berlin 2021
2021-08-26using z3 to reverse a custom hash during a CTF be like #shorts
2021-08-19can you hack this screenshot service?? - CSCG 2021
2021-08-11C Code Review - Reaching Vulnerable Code in sudo | Ep. 08
2021-07-31DO NOT USE alert(1) for XSS
2021-07-24Understanding C Pointer Magic Arithmetic | Ep. 07
2021-07-17Crazy Steam Phishing Page
2021-07-10What is a Browser Security Sandbox?! (Learn to Hack Firefox)
2021-07-02Root Cause Analysis With AddressSanitizer (ASan) | Ep. 06
2021-06-25Found a Crash Through Fuzzing? Minimize AFL Testcases! | Ep. 05
2021-06-18Understand Security Risk vs. Security Vulnerability!
2021-06-11Finding Buffer Overflow with Fuzzing | Ep. 04
2021-06-04Hacker Culture Meritocracy?
2021-05-22Troubleshooting AFL Fuzzing Problems | Ep. 03


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
sudo
pwnedit
sudoedit
sudo baron samedit
qualys
code review
c code
security code
secure code
strcmp
strcpy
strlen
code audit
binary exploitation
security research