2022-01-03

[public] 17.4K views, 1.82K likes, dislikes audio only

LiveOverflow

To understand a crash in nss_load_function() better, we have to look at the libc source code. While doing this we find a very interesting exploit strategy using dlopen.

Grab the files: https://github.com/LiveOverflow/pwnedit

Read libc Code: https://elixir.bootlin.com/glibc/glibc-2.31/source

Episode 14:

00:00 - Intro

00:22 - Select Testcases For Crash Analysis

01:19 - Debug Crash in gdb

02:02 - Code Examples from grep.app

02:53 - Reading libc Source Code

04:43 - Learning about nss

05:29 - Reaching nss_lookup

06:00 - The service_user Struct ni

07:55 - nss_lookup_function

08:57 - The Crash Reason

09:58 - Exploit Brainstorming

10:57 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Instagram: https://instagram.com/LiveOverflow/

→ Blog: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/