Learning about nss (Linux Name Service Switch) During Sudo Exploitation | Ep. 14

Channel:

Subscribers:

920,000

Published on January 3, 2022 3:00:00 PM ● Video Link: https://www.youtube.com/watch?v=0ti-YgB2iR4

Duration: 11:32

35,601 views

1,804

To understand a crash in nss_load_function() better, we have to look at the libc source code. While doing this we find a very interesting exploit strategy using dlopen.

Grab the files: https://github.com/LiveOverflow/pwnedit
Read libc Code: https://elixir.bootlin.com/glibc/glibc-2.31/source

Episode 14:
00:00 - Intro
00:22 - Select Testcases For Crash Analysis
01:19 - Debug Crash in gdb
02:02 - Code Examples from grep.app
02:53 - Reading libc Source Code
04:43 - Learning about nss
05:29 - Reaching nss_lookup
06:00 - The service_user Struct ni
07:55 - nss_lookup_function
08:57 - The Crash Reason
09:58 - Exploit Brainstorming
10:57 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

Other Videos By LiveOverflow

2022-04-03	Breaching Security of Palais des Congrès (in Minecraft) #shorts
2022-04-01	I Spent 100 Days Hacking Minecraft
2022-03-24	I've been Hacking for 10 Years! (Stripe CTF Speedrun)
2022-03-16	Missing HTTP Security Headers - Bug Bounty Tips
2022-03-07	Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
2022-02-24	Exploiting Java Tomcat With a Crazy JSP Web Shell - Real World CTF 2022
2022-02-12	Sudo Exploit for (old) Ubuntu 20.04 LTS
2022-02-01	Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046
2022-01-18	Debugging The Failing sudoedit Exploit \| Ep.16
2022-01-11	Creating The First (Failed) Sudoedit Exploit \| Ep. 15
2022-01-03	Learning about nss (Linux Name Service Switch) During Sudo Exploitation \| Ep. 14
2021-12-24	Log4j Lookups in Depth // Log4Shell CVE-2021-44228 - Part 2
2021-12-17	Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228
2021-12-14	Can We Find a New Exploit Strategy? \| Ep. 13
2021-12-02	Authorization vs. Authentication (Google Bug Bounty)
2021-11-18	Developing GDB Extension for Heap Exploitation \| Ep. 12
2021-11-04	How Hackers Get Into Every Device!
2021-10-26	Design Flaw in Security Product - ALLES! CTF 2021
2021-10-17	Fuzzing Heap Layout to Overflow Function Pointers \| Ep. 11
2021-10-06	Video Essay about the Security Creator Scene
2021-09-26	Did you really find a vulnerability in Google? - ft. @PwnFunction

Tags:

Live Overflow

liveoverflow

hacking tutorial

how to hack

exploit tutorial

sudo

nss

dlopen

bane servuce switch

nssconf

nsswitch.conf

passwd

shadow

group

sudoedit

pwnedit

baron samedit

memory corruption

heap overflow

gdb

binary exploitation

buffer overflow

exploit strategy