LiveOverflow | Creating The First (Failed) Sudoedit Exploit | Ep. 15 @LiveOverflow | Uploaded 2 years ago | Updated 1 hour ago
WE CREATED OUR FIRST EXPLOIT! In this video we were able to control the loading of a malicious library. This can be used to execute our own code as root! But it only works when executing it as root; Executing it as a regular user doesn't work...
Grab the files: github.com/LiveOverflow/pwnedit
dlopen man page: man7.org/linux/man-pages/man3/dlopen.3.html
Complete playlist: studio.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/playlists
Episode 15:
00:00 - Intro
00:27 - Recap of Library Loading Exploit Idea
01:45 - Debug a Different Crash
02:28 - Can We Reach dlopen?
03:37 - Using Patterns to find Offsets
05:05 - Writing NULL bytes
05:54 - Create Execution Wrapper sudoenv
07:52 - Debugging the Debug Script
09:00 - Controlling The ni Struct
10:18 - Single Step Exploit Code
11:33 - Create Attack Shared Library
12:17 - First Successful Exploit?
12:58 - Doesn't Work for User
13:16 - Outro
-=[ β€οΈ Support ]=-
β per Video: patreon.com/join/liveoverflow
β per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ π Social ]=-
β Twitter: twitter.com/LiveOverflow
β Instagram: instagram.com/LiveOverflow
β Blog: liveoverflow.com
β Subreddit: reddit.com/r/LiveOverflow
β Facebook: facebook.com/LiveOverflow
WE CREATED OUR FIRST EXPLOIT! In this video we were able to control the loading of a malicious library. This can be used to execute our own code as root! But it only works when executing it as root; Executing it as a regular user doesn't work...
Grab the files: github.com/LiveOverflow/pwnedit
dlopen man page: man7.org/linux/man-pages/man3/dlopen.3.html
Complete playlist: studio.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/playlists
Episode 15:
00:00 - Intro
00:27 - Recap of Library Loading Exploit Idea
01:45 - Debug a Different Crash
02:28 - Can We Reach dlopen?
03:37 - Using Patterns to find Offsets
05:05 - Writing NULL bytes
05:54 - Create Execution Wrapper sudoenv
07:52 - Debugging the Debug Script
09:00 - Controlling The ni Struct
10:18 - Single Step Exploit Code
11:33 - Create Attack Shared Library
12:17 - First Successful Exploit?
12:58 - Doesn't Work for User
13:16 - Outro
-=[ β€οΈ Support ]=-
β per Video: patreon.com/join/liveoverflow
β per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ π Social ]=-
β Twitter: twitter.com/LiveOverflow
β Instagram: instagram.com/LiveOverflow
β Blog: liveoverflow.com
β Subreddit: reddit.com/r/LiveOverflow
β Facebook: facebook.com/LiveOverflow