Finding Buffer Overflow with Fuzzing | Ep. 04

preview_player
Показать описание
AFL helped us to find a buffer overflow. Did we find a real crash in sudo? Let's investigate it.

Episode 04:
00:00 - Intro
00:28 - Looking at AFL crashes
01:25 - Investigate Crashes with gdb
03:35 - Debug Crash in AFL argv[] wrapper
04:27 - Fixing Buffer Overflow in AFL argv[] wrapper
05:19 - Setup Fuzzing Experiment with AFL++
07:11 - AFL UI Output Information

-=[ ❤️ Support ]=-

-=[ 🐕 Social ]=-

  1. LiveOverflow
  2. Live Overflow
  3. liveoverflow
  4. hacking tutorial
  5. how to hack
  6. exploit tutorial
Рекомендации по теме
Finding Buffer Overflow 0:10:06

Finding Buffer Overflow with Fuzzing | Ep. 04

Step1 Simple Buffer 0:01:33

Step1 Simple Buffer Overflow - Fuzzing

Fuzzing: Finding Your 0:38:52

Fuzzing: Finding Your Own Bugs and 0days! by Rodolpho Concurde (ROd0X)

Bug Hunting and 0:11:44

Bug Hunting and Exploit Development 3: Finding Flaws Using Fuzzing 2

Automated Fuzzing and 0:21:14

Automated Fuzzing and Testing For Buffer Overflow P5

WHY fuzzers MISSED 0:21:40

WHY fuzzers MISSED this buffer-overflow in Mozilla NSS library? 🤦‍♂️ (CVE-2021-43527 explained)...

Can We Find 0:08:40

Can We Find a New Exploit Strategy? | Ep. 13

Buffer Overflows Made 0:06:24

Buffer Overflows Made Easy - Part 6: Finding Bad Characters

Buffer Overflow 101: 0:14:57

Buffer Overflow 101: Ep 3 - Fuzzing the Target

Buffer Overflow - 0:01:19

Buffer Overflow - SPIKING!

Checking For Buffer 0:06:41

Checking For Buffer Overflow Possibility | Testing Lab Setup and Fuzzing | Buffer Overflow Learning

About Directed Fuzzing 0:30:48

About Directed Fuzzing and Use-After-Free: How to Find Complex & Silent Bugs?

Finding The .webp 0:24:11

Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)

Exploiting Stack Buffer 0:28:12

Exploiting Stack Buffer Overflow | Step by Step | Immunity Debugger | Explained |

Exploiting/Fuzzing with Metasploit 0:06:16

Exploiting/Fuzzing with Metasploit + Immunity Debugger (Vulnserver Buffer Overflow)

Fuzzing and exploit 0:10:09

Fuzzing and exploit development Buffer Overflow

OFFENSIVE PEN-TESTING | 0:31:20

OFFENSIVE PEN-TESTING | Chapter -4 Introduction to Buffer Overflows - Fuzzing | Part-2

Finding Security Vulnerabilities 0:18:53

Finding Security Vulnerabilities by Fuzzing and Dynamic Code Analysis

18 Fuzzing | 0:12:48

18 Fuzzing | buffer overflows | Hacking with kali | Hack The Planet

Fuzzing vulnserver (TRUN 0:02:35

Fuzzing vulnserver (TRUN command)

Buffer Overflows Made 1:43:21

Buffer Overflows Made Easy (2022 Edition)

Fuzzing: Finding Your 0:42:02

Fuzzing: Finding Your Own Bugs and 0days! by Rodolpho Concurde (ROd0X)

Buffer Overflows Made 0:08:54

Buffer Overflows Made Easy - Part 1: Introduction

Buffer Overflow - 0:09:30

Buffer Overflow - Part 2 - Finding EIP || OSCP

Комментарии
Автор

AFL finding a bug in AFL. The wonders of technology

LunarLambda
Автор

7:00 the image mirroring to match where you point to cracked me up for some stupid reason :D

u-ux
Автор

I love how other yt peeps put the ad in the middle of the video so you have to skip and all that and Chad LiveOverflow puts it at the end as a quick remark.

Great!

lukor-tech
Автор

Back to your roots. Love the content. Even when you branch out into new things. Keep them coming. =] You are a great teacher.

andrewrichardson
Автор

last time we got some paper like "reversing ida pro keygen with ida pro", now we got fuzzing AFL with AFL ... nice

ムワ-dn
Автор

Well good timing to check this out at the same time with diner.

peppiess
Автор

Thx for sharing those misses! IMHO this is much more valuable than .. I Fuzz .. I Found

warker_de
Автор

An issue with this video: When "grepping for sudoedit" to see if it found the bug at 1:12, REMEMBER that anything that ends in *edit works as well, so you should just grep for edit instead of sudoedit, such that if the fuzzer found something like "pwnedit", you'd know about it.

mmdts
Автор

Hey I have a request. Can ya make a video on showcasing amazing bugs in Android 12 from google's reward program?

ParamjitSingh-qbzn
Автор

5:19 the way you fixed it hurt my C knowledge

oxidiezed
Автор

I might check out the last 5 min before watching the next afl adventure lol. If anything is clear from this it's that afl out of the box is an utter pain unless you're an expert from another universe (or you coded it). Thanks for the vid

userou-igze
Автор

Hi liveoverflow i run into a problem with AFL.If i use it in 4GB RAM and core-i3 machine is there any problem comes up if i continue my fuzzing with AFL. please answer because i am in great dilemma.

jakepanda
Автор

Is that bunny a reference to something?

schizotaku
Автор

Why do I even watch these videos, I only know higher lever languages like java, js frontend, python. Assembly is another level

BassheadMusicConnoisseur
Автор

am not fuzzing expert so am not going to talk a lot,
i will say that the half of what you said i understand,
i think more "sudo" crashes will be introduced in next years, if am not mistaken, most of crashes goes back to how c language compiler work, or how system goes in understanding binaries,
Keep the good work, i have been flowing you since you started the channel,
Ps:am also E. E. E 😂but we didn't dive in programming, pure EE,
with luck 🌹

AliMShipleSYR
Автор

I want to learn Binary exploitation from scratch, where should i start?

skynet.yousha
Автор

How about a video just about clubmate?

creeperlolthetrouble
Автор

Installed doas.
Made an alias sudo="doas".
Where is your 0day now? lol

voxelfusion
Автор

6:53 why not just flip the entire shot for those 30 seconds instead of only when you point wrong?

sodiboo
Автор

How much knowledge I need to understand this video? I mean which terms. Please answer someone

mmesba