Debugging The Failing sudoedit Exploit | Ep.16

Channel:

Subscribers:

920,000

Published on January 18, 2022 11:00:06 PM ● Video Link: https://www.youtube.com/watch?v=IEyK1VayvM4

Duration: 11:40

35,735 views

1,542

Our exploit doesn't work as the user. So now we need to investigate and figure out how we can make it work. We explore three options and implement additional code, but nothing seems to work.

Grab the files: https://github.com/LiveOverflow/pwnedit

Episode 16:
00:00 - Intro
00:23 - How To Debug The Failing Exploit?
00:49 - Core Dumps
01:49 - Wait in Execution Wrapper to Attach gdb
02:28 - Difference Running sudoedit as root vs. user?
03:00 - Option 1: Bruteforce Offsets Perfectly
03:38 - Option 2: Fengshui as user
04:18 - Option 3: Analyze Our Failing Crash
04:48 - Comparing Option 1 vs. 2
05:45 - Implementing Option 1
07:56 - Implementing Option 2
09:16 - Running Option 2
10:03 - It Doesn't Work in Docker
11:11 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

Other Videos By LiveOverflow

2022-04-16	Awkward VLOG at Nullcon Berlin 2022
2022-04-10	Minecraft, But It's Reverse Engineered...
2022-04-03	Breaching Security of Palais des Congrès (in Minecraft) #shorts
2022-04-01	I Spent 100 Days Hacking Minecraft
2022-03-24	I've been Hacking for 10 Years! (Stripe CTF Speedrun)
2022-03-16	Missing HTTP Security Headers - Bug Bounty Tips
2022-03-07	Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
2022-02-24	Exploiting Java Tomcat With a Crazy JSP Web Shell - Real World CTF 2022
2022-02-12	Sudo Exploit for (old) Ubuntu 20.04 LTS
2022-02-01	Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046
2022-01-18	Debugging The Failing sudoedit Exploit \| Ep.16
2022-01-11	Creating The First (Failed) Sudoedit Exploit \| Ep. 15
2022-01-03	Learning about nss (Linux Name Service Switch) During Sudo Exploitation \| Ep. 14
2021-12-24	Log4j Lookups in Depth // Log4Shell CVE-2021-44228 - Part 2
2021-12-17	Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228
2021-12-14	Can We Find a New Exploit Strategy? \| Ep. 13
2021-12-02	Authorization vs. Authentication (Google Bug Bounty)
2021-11-18	Developing GDB Extension for Heap Exploitation \| Ep. 12
2021-11-04	How Hackers Get Into Every Device!
2021-10-26	Design Flaw in Security Product - ALLES! CTF 2021
2021-10-17	Fuzzing Heap Layout to Overflow Function Pointers \| Ep. 11

Tags:

Live Overflow

liveoverflow

hacking tutorial

how to hack

exploit tutorial