Kernel Root Exploit via a ptrace() and execve() Race Condition

Показать описание

Let's have a look at a recent kernel local privilege escalation exploit!

00:00 - Introduction
00:15 - Exploit PoC
00:39 - main()
00:52 - prepare_shellcode()
02:39 - mmap() shared memory to signal "ready" state
03:07 - fork() into [child] and [parent]
03:44 - [parent] wait for the child
04:00 - [child] unveil() loop
05:03 - [parent] ptrace ATTACH and POKE child
05:58 - [child] execve("passwd")
06:38 - [parent] PEEK entrypoint of child in loop
07:34 - [parent] child entrypoint changes!
07:49 - Exploit Walkthrough
09:20 - Root Shell via Shellcode
10:10 - Vulnerability Summary
10:37 - Which UNIX-like Kernel is this?
12:44 - The importance for Security Research
13:59 - Next Video and Resources
14:22 - Patreon and YT Members

-=[ ❤️ Support ]=-

-=[ 🐕 Social ]=-

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

Рекомендации по теме

Комментарии

Oh man, I loved this video! The explanations, the visuals, all just great! :)
Thanks for shining a light on our little project. <3

awesomekling

movie hackers: I have 6 screen 3 keybord, 4 mouse and I can read binary just by looking into it.
real hackers:pen and paper

esertekin

Linux kernel is vulnerable too!
Or was... the same race condition was discovered almost 20 years ago. CVE-2001-0317 :)
The exploit that was released then, used exactly the same approch, using "passwd" as a setuid child.
That make me think the idea is not so new, but still worth keeping in mind!

Shamouth

The way you simplify these things is amazing, I got interested in this stuff originally watching your binexp playlist and can honestly say its the best resource for beginners, never change :)

cyber

What!? Was the t-shirt "advents" series really not that well liked? I find that hard to believe, I really loved it!

Thanks for putting yourself out there and telling the stories behind each shirt!

nicodomino

I feel like liveOverflow videos are becoming more and mainstream. Really good!

drac.

One of the first live overflow videos I've watched in awhile... great video!

zyansheep

I love the energy of this guy. Unfortunately on YouTube, everybody is an expert, and by that logic they can think their understanding of the world is flawless - even if some of the people online are really smart, their narrow minded approach to how things should be done is counterproductive. The approach of this guy to talking about computer science-y stuff, is incredibly appealing. Definitely subbing.

simonfarre

This videos about operating systems are simply awesome man, keep going

danihp

very interesting topic!
I think its really sad that your december project got some negative response. For me it was very interesting and I also saw other people in the comments liking it very much! Keep up :-)

mitja

That's some quality content right here! Please do more!!!

zaspanyflegmatyk

This was such a great video. The explanation itself was great, but not only that, the production and editing was great! Clear and beautiful. Keep it up.

kanskejonasidag

Don't get discouraged by peoples talking bad about the T-Shirt series. I like it!

vin-goldi

Thanks! This kind of videos wakes my curiosity thanks a lot :)

bpbrainiak

Awesome! Can't wait for the kernel follow-up video!

nikoshalk

Really cool that you've actually checked out serenity OS!

lyrdh

It's always awesome working on a Unix kernel. What caught my attention the most is the exploit. Thanks very much for sharing this video👍

bertrandfossung

That is one awesome Exploit! Also I love the new setup!

somehow_sane

Wow, this exploit is awesome! your video made me understand every bit of the exploit, Thank you!

AnkitDasOfficial

I'm glad I finally have the knowledge to understand this, really a great idea

hamidcrazy

Kernel Root Exploit via a ptrace() and execve() Race Condition

Kernel Root Exploit via a ptrace() and execve() Race Condition

CVE-2019-13272 Exploit PoC | Linux Kernel 4.10 - 5.1.17 Exploit | Privilege Escalation

Kernel Dirty COW local root exploit Demonstration

OS haxx0ring: Local root exploit via partial munmap() kernel flaw

Common Linux Privilege Escalation: Using Kernel Exploits

007. Kernel Exploits | Windows Privilege Escalation

Linux Privilege Escalation using Kernel Exploit

Linux Privilege Escalation : Using Kernel Exploits || Dirty Cow ||CVE-2016-5195||

Privilege Escalation Techniques | 10. Linux Kernel Exploits

Search and Use Exploits From ExploitDB (Rooting Linux Kernel 2.6.39 - 3.2.2) — Instasec

Windows Privilege Escalation via Kernel exploit

Linux Privilege Escalation - Kernel Exploits

Race For Root: The Analysis Of The Linux Kernel Race Condition Exploit (SHA2017)

Linux Privilege Escalation - Kernel Exploits

Kernel Exploits-tryhackme (Linux Privilege Escalation)

CVE-2021-31440: Demonstrating a Local Privilege Escalation in the Linux Kernel eBPF Verifier

Linux Red Team Privilege Escalation Techniques - Kernel Exploits & SUDO Permissions

CVE-2009-2692 : Linux Kernel 2.x sock_sendpage() Local Ring0 Root Exploit

OS haxx0ring: Let's exploit a kernel paging bug to get root!

0day exploit Linux Kernel 4.4.x Ubuntu 16.04

CVE-2021-41073: Linux kernel v5.14.6 LPE

Poc - Privilege escalation - Linux Kernel 3.13 -

Linux kernel perf swevent init Local root Exploit

Windows Kernel Exploitation