Creating The First (Failed) Sudoedit Exploit | Ep. 15

preview_player
Показать описание
WE CREATED OUR FIRST EXPLOIT! In this video we were able to control the loading of a malicious library. This can be used to execute our own code as root! But it only works when executing it as root; Executing it as a regular user doesn't work...

Episode 15:
00:00 - Intro
00:27 - Recap of Library Loading Exploit Idea
01:45 - Debug a Different Crash
02:28 - Can We Reach dlopen?
03:37 - Using Patterns to find Offsets
05:05 - Writing NULL bytes
05:54 - Create Execution Wrapper sudoenv
07:52 - Debugging the Debug Script
09:00 - Controlling The ni Struct
10:18 - Single Step Exploit Code
11:33 - Create Attack Shared Library
12:17 - First Successful Exploit?
12:58 - Doesn't Work for User
13:16 - Outro

-=[ ❤️ Support ]=-

-=[ 🐕 Social ]=-

  1. LiveOverflow
  2. Live Overflow
  3. liveoverflow
  4. hacking tutorial
  5. how to hack
  6. exploit tutorial
Рекомендации по теме
Creating The First 0:13:44

Creating The First (Failed) Sudoedit Exploit | Ep. 15

Stop Using 'sudo 0:07:05

Stop Using 'sudo vim' IMMEDIATELY and Do This Instead (sudoedit)

Debugging The Failing 0:11:40

Debugging The Failing sudoedit Exploit | Ep.16

How do you 0:04:11

How do you make Windows boot first instead of Ubuntu?

10 yr old 0:01:53

10 yr old sudo bug causes Heap Overflows and Privilege Escalation in unpatched Linux & Unix syst...

Ubuntu: How can 0:02:05

Ubuntu: How can I change the default editor of the sudoedit command to be vim? (2 Solutions!!)

sudoedit: why use 0:02:27

sudoedit: why use it over sudo vi? (2 Solutions!!)

Why Pick sudo 0:14:57

Why Pick sudo as Research Target? | Ep. 01

How to create 0:06:12

How to create Factory Restore setting in Ubuntu 16.04,17.04 ,Linux mint

sudo -u <user> 0:02:24

sudo -u <user> <cmd> vs sudoedit

Exploit Sudo & 0:09:08

Exploit Sudo & Become a Superuser with SUDO_KILLER [Tutorial]

99% Vim users 0:00:50

99% Vim users don't know this | Vim write with sudo trick

Decade old Sudo 0:33:51

Decade old Sudo vulnerability allows attackers to gain root privileges on Linux CVE-2021-3156

Unix & Linux: 0:01:50

Unix & Linux: Using sudoedit in a script (non-interactively)

How SUDO on 0:19:56

How SUDO on Linux was HACKED! // CVE-2021-3156

How to do 0:01:19

How to do sudo edit in MC?

$2 Dev Board 0:10:39

$2 Dev Board - What's The Catch? W806 Microcontroller Review

How can I 0:03:31

How can I solve this error I get when I commit changes on an SVN repository from the Ubuntu...

Use sudoedit to 0:02:13

Use sudoedit to add user to sudo group? (2 Solutions!!)

Entrust KeyControl: Using 0:01:26

Entrust KeyControl: Using vSphere Encryption to Encrypt a VM

Sudo: You're Doing 1:11:21

Sudo: You're Doing it Wrong

How To Install 0:06:17

How To Install Team Viewer Remote support software for Ubuntu 18.04, 16.04,12.04 Using Termimal.

Security - CVE-2021-3156 0:04:46

Security - CVE-2021-3156 Ubiquiti UniFi Cloud Key Patch

Ubuntu Server Sudo 0:09:08

Ubuntu Server Sudo Commands

Комментарии
Автор

Damn, I'm on the edge of my seat now! This is so exciting! Keep going!

lepsycho
Автор

This serie is absolutely amazing. Loving it!

erwinheitzman
Автор

I suggest the user env variables as are different as root

TheRazackk
Автор

I understand exactly nothing how this works but but it is still interesting to watch 🙃

SazianNULL
Автор

Great series! You make it sound so interesting that it feels like I'm only watching a 3 minute video, but suddenly it's 13 minutes later XD

rikschaaf
Автор

Excellent explanation! I was thinking about it for well long time. Nave had no time to try it, work... And the comments are also great!

valshaev
Автор

Wow this is more better than most of the modern anime, specifically the user part at the end.

moeg
Автор

Such an amazing channel— you’re a legend

xdcountry
Автор

aaah cliffhangers after cliffhangers.. But great work!

dominic
Автор

thanxx for sharing such a valuable experience with us content was very much informatic

vrushabhpatil
Автор

My best bet here is that the user env variables are different than users. There's probably a little more to it that I can't even begin to figure out. Either way, this is all really really interesting

ThePurpleTux
Автор

I love this content, kind of sad That the end of this serie is near

BlackNetworkBit
Автор

if the next one works ill need it to update the old ubuntu computers if uni. The haven't been updated in a WHILE (probably from 2016)

wallmenis
Автор

Hi! Unfortunately the playlist link is broken in the description

simplyhexagon
Автор

"Segmentation Faul, Fuck" oh how many times I have muttured that to myself

lklikea
Автор

just realized that it's been 8 months since the first episode of the series... where has my time went lmao?

nullderef
Автор

i have one question, why is one of your disks name(the disk os is installed on im assuming) is "redstarOSX"?

generallyunimportant
Автор

There's a lot of people (including MentalOutlaw channel) say sudo has a lot of vulnerability and doas is better. Please exploit doas to prove them wrong

KangJangkrik
Автор

Does this exploit works on android phone to?? As i want to install nethunter on my phone but bootloader unlock stucks i have installed tmux planning to execute this vulnerability by dowloading old version if it gives me the key yo unlock boot loader… so aggain

activelearner
Автор

Well, now you just wisit NSO's website and liquidate the exploit...

shapelessed
welcome to shbcf.ru