2022-01-11

[public] 24.1K views, 3.27K likes, dislikes audio only

LiveOverflow

WE CREATED OUR FIRST EXPLOIT! In this video we were able to control the loading of a malicious library. This can be used to execute our own code as root! But it only works when executing it as root; Executing it as a regular user doesn't work...

Grab the files: https://github.com/LiveOverflow/pwnedit

dlopen man page: https://man7.org/linux/man-pages/man3/dlopen.3.html

Complete playlist: https://studio.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/playlists

Episode 15:

00:00 - Intro

00:27 - Recap of Library Loading Exploit Idea

01:45 - Debug a Different Crash

02:28 - Can We Reach dlopen?

03:37 - Using Patterns to find Offsets

05:05 - Writing NULL bytes

05:54 - Create Execution Wrapper sudoenv

07:52 - Debugging the Debug Script

09:00 - Controlling The ni Struct

10:18 - Single Step Exploit Code

11:33 - Create Attack Shared Library

12:17 - First Successful Exploit?

12:58 - Doesn't Work for User

13:16 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Instagram: https://instagram.com/LiveOverflow/

→ Blog: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/