How SUDO on Linux was HACKED! // CVE-2021-3156
The most comprehensive video covering the sudo vulnerability CVE-2021-3156 Baron Samedit. I spent two weeks on rediscovering, analysing and exploitation of the sudoedit heap overflow. We will talk about fuzzing, code review, exploit strategies, heap feng shui and developing the exploit.
https://liveoverflow.com/support
Article: https://liveoverflow.com/critical-sudo-vulnerability-walkthrough-cve-2021-3156/
Binary Exploitation Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN
PwnFunction's Binary Exploitation Playlist: https://www.youtube.com/playlist?list=PLI_rLWXMqpSkAYfar0HRA7lykydwmRY_2
Full CVE-2021-3156 Advisory: https://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
Qualys Blog: https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
milek7's blog on fuzzing sudo: https://milek7.pl/howlongsudofuzz/
00:00 - Intro and Motivation
01:33 - afl: Fuzzing argv[]
03:22 - afl: sudo vs. sudoedit
04:27 - afl: Fuzzing setuid Process
06:49 - Fuzzing Conclusion
07:11 - Code Review: Identify Risky Code Through Isolation
09:39 - Code Review: Bypass Safe Conditions
11:15 - Exploit Strategy: Modern Mitigations
12:25 - The service_user Object Overwrite Technique
13:48 - Heap Feng Shui via Environment Variables
14:57 - Bruteforce Script to Find Exploitable Conditions
15:39 - Find and Analyse Useful Crashes
16:31 - Exploitability Analysis Conclusion
17:13 - Qualys Researchers Knew nss From Stack Clash
17:47 - Sudoedit Exploitable on macOs?
18:32 - Research Conclusion
19:27 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео How SUDO on Linux was HACKED! // CVE-2021-3156 канала LiveOverflow
https://liveoverflow.com/support
Article: https://liveoverflow.com/critical-sudo-vulnerability-walkthrough-cve-2021-3156/
Binary Exploitation Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN
PwnFunction's Binary Exploitation Playlist: https://www.youtube.com/playlist?list=PLI_rLWXMqpSkAYfar0HRA7lykydwmRY_2
Full CVE-2021-3156 Advisory: https://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
Qualys Blog: https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
milek7's blog on fuzzing sudo: https://milek7.pl/howlongsudofuzz/
00:00 - Intro and Motivation
01:33 - afl: Fuzzing argv[]
03:22 - afl: sudo vs. sudoedit
04:27 - afl: Fuzzing setuid Process
06:49 - Fuzzing Conclusion
07:11 - Code Review: Identify Risky Code Through Isolation
09:39 - Code Review: Bypass Safe Conditions
11:15 - Exploit Strategy: Modern Mitigations
12:25 - The service_user Object Overwrite Technique
13:48 - Heap Feng Shui via Environment Variables
14:57 - Bruteforce Script to Find Exploitable Conditions
15:39 - Find and Analyse Useful Crashes
16:31 - Exploitability Analysis Conclusion
17:13 - Qualys Researchers Knew nss From Stack Clash
17:47 - Sudoedit Exploitable on macOs?
18:32 - Research Conclusion
19:27 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео How SUDO on Linux was HACKED! // CVE-2021-3156 канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Hacking into Google's Network for $133,337I Made A Water Computer And It Actually WorksHow Singapore Uses Science to Stay CoolI Hacked Into My Own CarHow Do Linux Kernel Drivers Work? - Learning ResourceWhat is a File Format?Protect Linux Server From HackersUsing My Python Skills To Punish Credit Card ScammersAnalysing a Firefox Malware browserassist.dll - FLARE-On 2018Nintendo Switch (NVIDIA Tegra X1) - BootROM VulnerabilityMinetest Circuit Challenge - Google CTF 2019 QualifierFormat String Exploit Troubleshooting Over Twitter - bin 0x11 bSolving Nintendo HireMe!!! with "Basic" MathHacking Competition in Zhengzhou China - Real World CTF Finals 2018Coding Adventure: Ant and Slime SimulationsIT Security Career AdviceWhy MissingNo Multiplies Items!Researching MissingNo Glitch in PokemonDoes Hacking Require Programming Skills?let's hack your home network // FREE CCNA // EP 9