2021-12-14

[public] 10.0K views, 1.41K likes, dislikes audio only

LiveOverflow

We are still looking for an exploit strategy for the sudo heap overflow. In this episode we look at a few crashes and decide to look into one particular case more deeply.

Complete Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx

Grab the files: https://github.com/LiveOverflow/pwnedit (sorry, repo is a bit behind the videos)

Homework libc source code: https://elixir.bootlin.com/glibc/glibc-2.31/source

Episode 13:

00:00 - Intro

00:36 - Recap of Episode 12

01:16 - Interpret Fuzzing Results | fengshui3

03:05 - Reproduction Script poc.py

04:16 - Heap Object Information not Useful

05:10 - Collect More Data on Crashes | fengshui4

05:32 - Looking at Crashes

06:35 - Intersting Crash in nss_lookup_function

07:00 - Homework

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Instagram: https://instagram.com/LiveOverflow/

→ Blog: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/