2021-01-10

[public] 77.0K views, 6.40K likes, 33.0 dislikes audio only

LiveOverflow

Let's have a look at a recent kernel local privilege escalation exploit!

Exploit Source: https://hxp.io/blog/79/hxp-CTF-2020-wisdom2/

Kernel Developer Walkthrough: https://www.youtube.com/watch?v=LORxdO1XUjY

Syscalls, Kernel vs. User Mode and Linux Kernel Source Code: /youtube/video/fLS99zJDHOc

How Do Linux Kernel Drivers Work? /youtube/video/juGNPLdjLH4

👕 T-Shirt Series: https://www.youtube.com/playlist?list=PLhixgUqwRTjwy6HCzLfwNzdrSrcrLOM4d

00:00 - Introduction

00:15 - Exploit PoC

00:39 - main()

00:52 - prepare_shellcode()

02:39 - mmap() shared memory to signal "ready" state

03:07 - fork() into [child] and [parent]

03:44 - [parent] wait for the child

04:00 - [child] unveil() loop

05:03 - [parent] ptrace ATTACH and POKE child

05:58 - [child] execve("passwd")

06:38 - [parent] PEEK entrypoint of child in loop

07:34 - [parent] child entrypoint changes!

07:49 - Exploit Walkthrough

09:20 - Root Shell via Shellcode

10:10 - Vulnerability Summary

10:37 - Which UNIX-like Kernel is this?

12:44 - The importance for Security Research

13:59 - Next Video and Resources

14:22 - Patreon and YT Members

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Website: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.

LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.