Kernel Root Exploit via a ptrace() and execve() Race Condition
Let's have a look at a recent kernel local privilege escalation exploit!
Exploit Source: https://hxp.io/blog/79/hxp-CTF-2020-wisdom2/
Kernel Developer Walkthrough: https://www.youtube.com/watch?v=LORxdO1XUjY
Syscalls, Kernel vs. User Mode and Linux Kernel Source Code: https://www.youtube.com/watch?v=fLS99zJDHOc
How Do Linux Kernel Drivers Work? https://www.youtube.com/watch?v=juGNPLdjLH4
👕 T-Shirt Series: https://www.youtube.com/playlist?list=PLhixgUqwRTjwy6HCzLfwNzdrSrcrLOM4d
00:00 - Introduction
00:15 - Exploit PoC
00:39 - main()
00:52 - prepare_shellcode()
02:39 - mmap() shared memory to signal "ready" state
03:07 - fork() into [child] and [parent]
03:44 - [parent] wait for the child
04:00 - [child] unveil() loop
05:03 - [parent] ptrace ATTACH and POKE child
05:58 - [child] execve("passwd")
06:38 - [parent] PEEK entrypoint of child in loop
07:34 - [parent] child entrypoint changes!
07:49 - Exploit Walkthrough
09:20 - Root Shell via Shellcode
10:10 - Vulnerability Summary
10:37 - Which UNIX-like Kernel is this?
12:44 - The importance for Security Research
13:59 - Next Video and Resources
14:22 - Patreon and YT Members
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
-=[ 📄 P.S. ]=-
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
Видео Kernel Root Exploit via a ptrace() and execve() Race Condition канала LiveOverflow
Exploit Source: https://hxp.io/blog/79/hxp-CTF-2020-wisdom2/
Kernel Developer Walkthrough: https://www.youtube.com/watch?v=LORxdO1XUjY
Syscalls, Kernel vs. User Mode and Linux Kernel Source Code: https://www.youtube.com/watch?v=fLS99zJDHOc
How Do Linux Kernel Drivers Work? https://www.youtube.com/watch?v=juGNPLdjLH4
👕 T-Shirt Series: https://www.youtube.com/playlist?list=PLhixgUqwRTjwy6HCzLfwNzdrSrcrLOM4d
00:00 - Introduction
00:15 - Exploit PoC
00:39 - main()
00:52 - prepare_shellcode()
02:39 - mmap() shared memory to signal "ready" state
03:07 - fork() into [child] and [parent]
03:44 - [parent] wait for the child
04:00 - [child] unveil() loop
05:03 - [parent] ptrace ATTACH and POKE child
05:58 - [child] execve("passwd")
06:38 - [parent] PEEK entrypoint of child in loop
07:34 - [parent] child entrypoint changes!
07:49 - Exploit Walkthrough
09:20 - Root Shell via Shellcode
10:10 - Vulnerability Summary
10:37 - Which UNIX-like Kernel is this?
12:44 - The importance for Security Research
13:59 - Next Video and Resources
14:22 - Patreon and YT Members
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
-=[ 📄 P.S. ]=-
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
Видео Kernel Root Exploit via a ptrace() and execve() Race Condition канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Buffer Overflow Attack - ComputerphileReading Kernel Source Code - Analysis of an ExploitNintendo Hire me!!!!!!!!FPGA simulated on a GPU - GPURTL Google CTF Finals 2019 (reversing)Script Gadgets! Google Docs XSS Vulnerability WalkthroughGoogle Paid Me to Talk About a Security Issue!Researching MissingNo Glitch in PokemonHow To Learn Something New? - Game Devlog #1Best Operating Systems for Hacking?!What is a File Format?HackTheBox - OmniWhy Does MissingNo Duplicate Items???How Do Linux Kernel Drivers Work? - Learning ResourceReverse Engineering Obfuscated JavaScriptPatching Binaries (with vim, Binary Ninja, Ghidra and radare2)Solving Nintendo HireMe!!! with "Basic" MathExecutable Code Golf: Making Tiny Binaries for Constrained SystemsShellShock & Kernel Exploits - TryHackMe! 0dayNintendo Switch (NVIDIA Tegra X1) - BootROM VulnerabilityHOW FRCKN' HARD IS IT TO UNDERSTAND A URL?! - uXSS CVE-2018-6128