Developing GDB Extension for Heap Exploitation | Ep. 12

Channel:

Subscribers:

920,000

Published on November 18, 2021 3:31:03 PM ● Video Link: https://www.youtube.com/watch?v=tzUrYsQRHfs

Category:

Tutorial

Duration: 11:41

38,852 views

1,413

We aren't getting anywhere... So we write a new tool to analyse the heap objects located after our overflowing buffer.

Complete Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Grab the files: https://github.com/LiveOverflow/pwnedit (sorry, repo is a bit behind the videos)

gef for gdb: https://github.com/hugsy/gef

Episode 12:
00:00 - Intro
00:12 - How to Find Controllable Heap Allocations?
00:50 - Tracing free()!
01:21 - Finding Recognizable Strings on the Heap
01:58 - More Environment Variables
03:26 - fengshui2.py Script Changes
04:19 - Wrong Rabbit Hole...
05:20 - Some Other Research Attempts
06:47 - (gdb) gef Extension - Analyse the Heap Objects
09:03 - Heap Tracing Results
09:51 - Developing fengshui3.py
10:52 - First Peak at Script Results

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

Other Videos By LiveOverflow

2022-02-24	Exploiting Java Tomcat With a Crazy JSP Web Shell - Real World CTF 2022
2022-02-12	Sudo Exploit for (old) Ubuntu 20.04 LTS
2022-02-01	Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046
2022-01-18	Debugging The Failing sudoedit Exploit \| Ep.16
2022-01-11	Creating The First (Failed) Sudoedit Exploit \| Ep. 15
2022-01-03	Learning about nss (Linux Name Service Switch) During Sudo Exploitation \| Ep. 14
2021-12-24	Log4j Lookups in Depth // Log4Shell CVE-2021-44228 - Part 2
2021-12-17	Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228
2021-12-14	Can We Find a New Exploit Strategy? \| Ep. 13
2021-12-02	Authorization vs. Authentication (Google Bug Bounty)
2021-11-18	Developing GDB Extension for Heap Exploitation \| Ep. 12
2021-11-04	How Hackers Get Into Every Device!
2021-10-26	Design Flaw in Security Product - ALLES! CTF 2021
2021-10-17	Fuzzing Heap Layout to Overflow Function Pointers \| Ep. 11
2021-10-06	Video Essay about the Security Creator Scene
2021-09-26	Did you really find a vulnerability in Google? - ft. @PwnFunction
2021-09-19	Developing a Tool to Find Function Pointers on The Heap \| Ep. 10
2021-09-12	What Ethereum Smart Contract Hacking Looks Like
2021-09-04	Discussing Heap Exploit Strategies for sudo - Ep. 09
2021-08-28	"Controversial Security" // BSides Berlin 2021
2021-08-26	using z3 to reverse a custom hash during a CTF be like #shorts

Tags:

Live Overflow

liveoverflow

hacking tutorial

how to hack

exploit tutorial

heap

gdb script

gdb extension

gef extension

debugging

heap analysis

heap allocation

malloc

free

breakpoints

exploitation

memory corruption

segfault

scripting

python

sudo

sudoedit

sudo samedit

information security course

heap overflow

how to exploit the heap

heap overflow vs stack overflow

heap overflow tutorial

security research