Can We Find a New Exploit Strategy? | Ep. 13

Channel:

Subscribers:

920,000

Published on December 14, 2021 2:53:44 PM ● Video Link: https://www.youtube.com/watch?v=Y8qljlUjEEM

Duration: 8:40

29,610 views

1,392

We are still looking for an exploit strategy for the sudo heap overflow. In this episode we look at a few crashes and decide to look into one particular case more deeply.

Complete Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Grab the files: https://github.com/LiveOverflow/pwnedit (sorry, repo is a bit behind the videos)

Homework libc source code: https://elixir.bootlin.com/glibc/glibc-2.31/source

Episode 13:
00:00 - Intro
00:36 - Recap of Episode 12
01:16 - Interpret Fuzzing Results | fengshui3
03:05 - Reproduction Script poc.py
04:16 - Heap Object Information not Useful
05:10 - Collect More Data on Crashes | fengshui4
05:32 - Looking at Crashes
06:35 - Intersting Crash in nss_lookup_function
07:00 - Homework

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

Other Videos By LiveOverflow

2022-03-16	Missing HTTP Security Headers - Bug Bounty Tips
2022-03-07	Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
2022-02-24	Exploiting Java Tomcat With a Crazy JSP Web Shell - Real World CTF 2022
2022-02-12	Sudo Exploit for (old) Ubuntu 20.04 LTS
2022-02-01	Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046
2022-01-18	Debugging The Failing sudoedit Exploit \| Ep.16
2022-01-11	Creating The First (Failed) Sudoedit Exploit \| Ep. 15
2022-01-03	Learning about nss (Linux Name Service Switch) During Sudo Exploitation \| Ep. 14
2021-12-24	Log4j Lookups in Depth // Log4Shell CVE-2021-44228 - Part 2
2021-12-17	Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228
2021-12-14	Can We Find a New Exploit Strategy? \| Ep. 13
2021-12-02	Authorization vs. Authentication (Google Bug Bounty)
2021-11-18	Developing GDB Extension for Heap Exploitation \| Ep. 12
2021-11-04	How Hackers Get Into Every Device!
2021-10-26	Design Flaw in Security Product - ALLES! CTF 2021
2021-10-17	Fuzzing Heap Layout to Overflow Function Pointers \| Ep. 11
2021-10-06	Video Essay about the Security Creator Scene
2021-09-26	Did you really find a vulnerability in Google? - ft. @PwnFunction
2021-09-19	Developing a Tool to Find Function Pointers on The Heap \| Ep. 10
2021-09-12	What Ethereum Smart Contract Hacking Looks Like
2021-09-04	Discussing Heap Exploit Strategies for sudo - Ep. 09

Tags:

Live Overflow

liveoverflow

hacking tutorial

how to hack

exploit tutorial