How Fuzzing with AFL works! | Ep. 02

Channel:
United States LiveOverflow
Subscribers:
920,000
Published on ● Video Link: https://www.youtube.com/watch?v=COHUWuLTbdk


Duration: 14:42
43,701 views
1,848

Let's investigate some issues we have fuzzing sudo with afl. And also explain how AFL works. After improving our fuzzing setup even more, we are finally read to start fuzzing sudo for real. Can we find the vulnerability now?

https://liveoverflow.com/support/

Grab the files: https://github.com/LiveOverflow/pwnedit/
milek7's blog: https://milek7.pl/howlongsudofuzz/

Sudo Research Episode 02:
00:00 - Recap
00:39 - Fixing AFL Crash Using LLVM mode
03:32 - Testing the AFL Instrumented Sudo Binary
04:11 - How Fuzzing with AFL works!
06:44 - Can AFL find the crash?
08:06 - Detour: busybox and argv[0]
09:48 - How could we discover "sudoedit"?
10:47 - Can AFL find "sudoedit" through magic?
11:25 - Include argv[0] in the testcases
13:06 - Parallel Fuzzing Setup

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/



Other Videos By LiveOverflow


2021-07-24Understanding C Pointer Magic Arithmetic | Ep. 07
2021-07-17Crazy Steam Phishing Page
2021-07-10What is a Browser Security Sandbox?! (Learn to Hack Firefox)
2021-07-02Root Cause Analysis With AddressSanitizer (ASan) | Ep. 06
2021-06-25Found a Crash Through Fuzzing? Minimize AFL Testcases! | Ep. 05
2021-06-18Understand Security Risk vs. Security Vulnerability!
2021-06-11Finding Buffer Overflow with Fuzzing | Ep. 04
2021-06-04Hacker Culture Meritocracy?
2021-05-22Troubleshooting AFL Fuzzing Problems | Ep. 03
2021-05-15Pentesting vs. Bug Bounty vs. Pentesting ???
2021-05-08How Fuzzing with AFL works! | Ep. 02
2021-04-29Why Pick sudo as Research Target? | Ep. 01
2021-04-22How SUDO on Linux was HACKED! // CVE-2021-3156
2021-04-15How To Protect Your Linux Server From Hackers!
2021-04-07Running Out Of Hacking Video Ideas
2021-04-05New Challenges Released for CSCG 2021 (including mine) #shorts
2021-04-01Security YouTuber Drama...
2021-03-17Hacking into Google's Network for $133,337
2021-03-03Start of Cyber Security Challenge Germany 2021 #shorts
2021-02-25Format String Exploit Troubleshooting Over Twitter - bin 0x11 b
2021-02-14How CPUs Access Hardware - Another SerenityOS Exploit


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
sudo
sudo edit
afl
fuzzing
fuzzer
afl_maybe_log
__afl_maybe_log
afl-fuzz
sudoedit
pwnedit
baron samedit
cve
root explit
priviledge escalation
buffer overflow
heap overflow
crash
heap malloc
memory corruption
fuzzing harness
american fuzzy lop
afl++
aflplusplus
doas