Finding Buffer Overflow with Fuzzing | Ep. 04

Channel:

Subscribers:

920,000

Published on June 11, 2021 5:25:58 PM ● Video Link: https://www.youtube.com/watch?v=Do1Ri8TCF0Q

Duration: 10:06

41,523 views

1,927

AFL helped us to find a buffer overflow. Did we find a real crash in sudo? Let's investigate it.

Files on GitHub: https://github.com/LiveOverflow/pwnedit/tree/main/episode04
Blog Post: https://liveoverflow.com/finding-buffer-overflow-with-fuzzing/

Previous video and episode playlist: https://www.youtube.com/watch?v=W2kZnmchJhI&list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx&index=3&t=335s

Episode 04:
00:00 - Intro
00:28 - Looking at AFL crashes
01:25 - Investigate Crashes with gdb
03:35 - Debug Crash in AFL argv[] wrapper
04:27 - Fixing Buffer Overflow in AFL argv[] wrapper
05:19 - Setup Fuzzing Experiment with AFL++
07:11 - AFL UI Output Information

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

Other Videos By LiveOverflow

2021-08-26	using z3 to reverse a custom hash during a CTF be like #shorts
2021-08-19	can you hack this screenshot service?? - CSCG 2021
2021-08-11	C Code Review - Reaching Vulnerable Code in sudo \| Ep. 08
2021-07-31	DO NOT USE alert(1) for XSS
2021-07-24	Understanding C Pointer Magic Arithmetic \| Ep. 07
2021-07-17	Crazy Steam Phishing Page
2021-07-10	What is a Browser Security Sandbox?! (Learn to Hack Firefox)
2021-07-02	Root Cause Analysis With AddressSanitizer (ASan) \| Ep. 06
2021-06-25	Found a Crash Through Fuzzing? Minimize AFL Testcases! \| Ep. 05
2021-06-18	Understand Security Risk vs. Security Vulnerability!
2021-06-11	Finding Buffer Overflow with Fuzzing \| Ep. 04
2021-06-04	Hacker Culture Meritocracy?
2021-05-22	Troubleshooting AFL Fuzzing Problems \| Ep. 03
2021-05-15	Pentesting vs. Bug Bounty vs. Pentesting ???
2021-05-08	How Fuzzing with AFL works! \| Ep. 02
2021-04-29	Why Pick sudo as Research Target? \| Ep. 01
2021-04-22	How SUDO on Linux was HACKED! // CVE-2021-3156
2021-04-15	How To Protect Your Linux Server From Hackers!
2021-04-07	Running Out Of Hacking Video Ideas
2021-04-05	New Challenges Released for CSCG 2021 (including mine) #shorts
2021-04-01	Security YouTuber Drama...

Tags:

Live Overflow

liveoverflow

hacking tutorial

how to hack

exploit tutorial

afl

aflpp

afl++

american fuzzy lop

fuzzing

fuzzer

investigate crash

gdb

debugging

crashes

segfault

buffer overflow

fix bufferoverflow

stack smashing

exploit development

security research

binary exploitation

memory corruption