Thanks again always for the informative and entertaining learning resources. You are a large part of why I pursued a career in computer engineering, and now as a successful engineer I cannot overstate how much you've helped me find what I'm passionate about. I offer you all my good vibes, my dude. Prost prost prost.
You, sir, are one of the most honest TH-camrs when it comes to sponsor deals. That plug you did for Linode was perfect. No awkward segues, not in-your-face, and completely on topic with what you were talking about. Linode is the only company who has legitimately made me think to myself, "Now, whose affiliate link should I use?"
I had an on-site interview for an engineering role on Friday and oddly enough during my lunch with some of the team we talked about all your content! Love these videos!
For the git repo, rather than using folders to store the data from each episode, you could use git branches/tags so people can view the repo in a specific point in time and it is more of an accumulation of all things you have done so far rather than discrete folders per video.
Thanks for sharing your great videos. Considering your videos which are mostly on attack simulation, I think learning how to code safely known as blue teaming is also as valuable as red teaming.
Pretty crazy I think I accidentally did that I piss somebody off on the other end of it. No expert here just stumbling upon things and thanks for the encouragement it's like a video game reminds me when I first started playing asteroids. Except it doesn't take as many quarters LOL anyway thanks fellows getting stuff I don't follow all of it yet but I'm working on it. Thank you.
I actually tried following a similar procedure after your first video using AFL++ ... Kept getting a error regarding shmat() whenever I tried running sudo with afl-fuzz...
@@LiveOverflow Ah, my bad... I just realized what I had done wrong... Since I was following the AFL++'s README (using their Docker container), I kept running docker without any permissions... Adding `--cap-add=SYS_PTRACE --security-opt seccomp=unconfined --privileged` (based on your Makefile) made the error go away :) I was actually able to reproduce the sudo bug with about 2 hours of fuzzing.
Some of y'all are adorable. Respectfully speaking. No sense in complicated complexities unless you've a mind for another level solutions pertaining to such things
not quite sure what this comment s supposed to achieve but I think the following gets accross: condescension, driving noobs away by invoking fear of complexity beyond comprehension (requiring some magic or talent) and possibly a shallow attempt of reassuring your self confidence... not quite sure which and what combination, but if you so know your craft, you should rather help teach than leave these comments...
if you have to do sudo to use docker, and you don't like it, you should consider adding yourself to the docker group to allow you to run docker without being root: sudo usermod -aG docker $USER And then reboot for the changes to take effect (Relogging should be enough)
First, couldn't you just use xargs to "fuzz" from stdin to the parameters of sudo? It seems like that would be easier? but maybe I'm missing something (maybe piping input through xargs prevents you from testing sudo since technically you would also be testing xargs as well?). Second, I've noticed something interesting about Sudo. Why does sudo have this configuration file that determines which users can use it? At first, this makes sense, because you might not want everyone using sudo, but isn't that what group permissions are for? Like, isn't there even a "wheel" or "sudoers" group defined on the linux system? So I looked this up, and this is my result for $ ls -l $(which sudo) -rwsr-xr-x 1 root root 166056 Mar 15 14:50 /usr/bin/sudo (Don't make fun of me for not having upgrading sudo after this vulnerability was discovered! hahaha) But, if you notice, sudo is owned by root and the group is also root? It makes sense why sudo would be owned by root, but why not have 754 permissions, and then require that someone be part of the sudo group before they can use it? Like, I get that sudo has more granular control (what privileges you can inherit, such as commands, file access, etc) but I really don't understand why a program like sudo should be world executable, and I don't understand why you wouldn't have a group that you must be a part of to use it, but maybe I'm overlooking something. It seems to me like this is exactly what the purpose of group permissions is for.
So what is the best way to you think to do it with a cell phone only? I see if they have different screens download on Google Play that might help emulators and such what would be your recommendation
Just to give caution to viewers, this is super not for beginner folks. This channel assumes that you have deep knowledge in computer science already and security. He also assumes that you know a lot of things already; notice how he jumped from "spin up an Ubuntu on a VM" to "decided to run it in a Docker container instead". That's how he assumes that you already know Docker. It's just a caution. Nonetheless, he is a fantastic presenter and honestly a really bright man.
Yeah I'm on LiveOverflows side, he would be wasting time getting into stuff he covered already. Linux and basic Docker is also covered on lots of other channels. I am here for the stuff I don't find anywhere else and practical real life binary exploitation & real life fuzzing isn't covered a lot - yet. Also he shows the source code for every single step, so just pause and look up terms.
Do my homework and compare my next steps with yours? R u honking kidding me? I’m here to kick a man while he’s down, have a good laugh at someone else’s expense. Idgaf about sudo or hacking or computers I just love picking on people.
Thanks again always for the informative and entertaining learning resources. You are a large part of why I pursued a career in computer engineering, and now as a successful engineer I cannot overstate how much you've helped me find what I'm passionate about. I offer you all my good vibes, my dude. Prost prost prost.
There's no such thing as too much detail on this channel 😍
You, sir, are one of the most honest TH-camrs when it comes to sponsor deals. That plug you did for Linode was perfect. No awkward segues, not in-your-face, and completely on topic with what you were talking about. Linode is the only company who has legitimately made me think to myself, "Now, whose affiliate link should I use?"
I had an on-site interview for an engineering role on Friday and oddly enough during my lunch with some of the team we talked about all your content! Love these videos!
no wayyyy
For the git repo, rather than using folders to store the data from each episode, you could use git branches/tags so people can view the repo in a specific point in time and it is more of an accumulation of all things you have done so far rather than discrete folders per video.
ah yes the perfect time for a new video to exist
It’s always a perfect time when content is this good
It is good coincidence when I learn fuzzing, you start such a great series
It's not a coincidence everyone is doing it, but it doesn't only scale with knowledge it also scales with money and hardware.
I am all ears and eyes and will stick around for the whole series!
hi overflow i really enjoy your content a lot keep up the great work
Hi overflow
10 parts? Big Pog
I can't be assed to wait I would rather it would all be in one video with just the good parts
@@noobian3314 good news: the video before this was exactly that
@@sadhlife no it wasn't I wanna see the actual exploit so far all I seen is the crash
Pog
Masterpiece after masterpiece, this man is a miracle. love you man. ❤❤❤❤❤❤❤❤
he is so underrated, tbh i am really really new on those things but your video keeps me so into zoned. keep it up man!
It's a long weekend here in Australia. Good timing LO.
Finally another masterpiece!
I see you too much here!
Your video series are equivalent to my uni modules in how much they teach me about shit man. Good job
I'm getting some errors with AFL. Eager to fix them and keep going with the series. Thanks for the awesome content!
I was expecting a new video, and now i got it :)
So much love for this channel and creator. Thanks you for creating these series.
Looking forward to the next episodes :)
this will be awesome 😻
What kind of haters does live overflow have to have notifications on to come here a down vote three times?
for real, live overflow is da man
4 now
The kind that doesn't deserve to be on the internet.
They loved it so much, they misread dislike as dis I like
the ones that hacked the likedislike buttons
I love these Linux related videos and this series is going to be awesome! :)
Thanks for sharing your great videos. Considering your videos which are mostly on attack simulation, I think learning how to code safely known as blue teaming is also as valuable as red teaming.
Coding safely is not blue teaming is being a decent programmer.
Very cool project, i'm enjoing it
Keep up this serie will be great for us thnks for you sharing
This is interesting👀
Quality content
SUPER AWESOME! I tried finding something to critic but couldn't....or actually man you could iron your shirt a little longer 😂
This is great way to learn
Learned a Lot... Thank you sir :)
Pretty crazy I think I accidentally did that I piss somebody off on the other end of it. No expert here just stumbling upon things and thanks for the encouragement it's like a video game reminds me when I first started playing asteroids. Except it doesn't take as many quarters LOL anyway thanks fellows getting stuff I don't follow all of it yet but I'm working on it. Thank you.
I actually tried following a similar procedure after your first video using AFL++ ... Kept getting a error regarding shmat() whenever I tried running sudo with afl-fuzz...
mh, I have not encountered that issue
@@LiveOverflow Ah, my bad... I just realized what I had done wrong... Since I was following the AFL++'s README (using their Docker container), I kept running docker without any permissions... Adding `--cap-add=SYS_PTRACE --security-opt seccomp=unconfined --privileged` (based on your Makefile) made the error go away :) I was actually able to reproduce the sudo bug with about 2 hours of fuzzing.
i love these videos
Just awesome...
Best sec researcher cheer u bro
Hey i love your content
Good to see👀 you
Technically, visual studio code is an editor. But this is semantically not really important. Great video! :)
i use doas instead of sudo and also, i use arch linux
how can i get your dockerfile? thanks
Yooooo new video
Some of y'all are adorable. Respectfully speaking. No sense in complicated complexities unless you've a mind for another level solutions pertaining to such things
not quite sure what this comment s supposed to achieve but I think the following gets accross: condescension, driving noobs away by invoking fear of complexity beyond comprehension (requiring some magic or talent) and possibly a shallow attempt of reassuring your self confidence... not quite sure which and what combination, but if you so know your craft, you should rather help teach than leave these comments...
@@userou-ig1ze yeah agreed also op is needlessly using big words at the cost of understandability which is silly
Awesome
itho Vanten thala
wow 10 episodes ah
vera level
Thala naanum tamil dha
@@HarishKumar-pi2nb paathathula santhosam pa...
adpiye en channel ku subscribe panirunga.. bin-exp series potutu irkan
Hi brooo
I am spamming 😂
Thanks for starting interesting series
Push!
if you have to do sudo to use docker, and you don't like it, you should consider adding yourself to the docker group to allow you to run docker without being root:
sudo usermod -aG docker $USER
And then reboot for the changes to take effect (Relogging should be enough)
Daily videos?
Didn't you make a video exactly like this one a week ago?
First, couldn't you just use xargs to "fuzz" from stdin to the parameters of sudo? It seems like that would be easier? but maybe I'm missing something (maybe piping input through xargs prevents you from testing sudo since technically you would also be testing xargs as well?).
Second, I've noticed something interesting about Sudo. Why does sudo have this configuration file that determines which users can use it? At first, this makes sense, because you might not want everyone using sudo, but isn't that what group permissions are for? Like, isn't there even a "wheel" or "sudoers" group defined on the linux system? So I looked this up, and this is my result for $ ls -l $(which sudo)
-rwsr-xr-x 1 root root 166056 Mar 15 14:50 /usr/bin/sudo
(Don't make fun of me for not having upgrading sudo after this vulnerability was discovered! hahaha) But, if you notice, sudo is owned by root and the group is also root? It makes sense why sudo would be owned by root, but why not have 754 permissions, and then require that someone be part of the sudo group before they can use it?
Like, I get that sudo has more granular control (what privileges you can inherit, such as commands, file access, etc) but I really don't understand why a program like sudo should be world executable, and I don't understand why you wouldn't have a group that you must be a part of to use it, but maybe I'm overlooking something. It seems to me like this is exactly what the purpose of group permissions is for.
top!
Hey, could you make a video about making a linux server and containers secure?
Following.
OMG🙉
i feel like it would be much simpler to fuzz with xargs
おはようございます。
Wouldn't
cat @@ | xargs sudoedit -s
Or something *similar* do the job?
Cool stuff among corona
When a TH-cam series has more academic value than an entire years worth of university getting a degree in computer science
Why don't simply use a bash script with a loop to fuzz cmd arguments?
we need real life bullet parry hack
haha Dias go Brerr
Love it, pros excercise thems noobs lears too much in tooo little ^^
So what is the best way to you think to do it with a cell phone only? I see if they have different screens download on Google Play that might help emulators and such what would be your recommendation
firstt
who downvotes videos like this one?
One of the best channels ever thanks for that knowledge ; Danke dir @liveoverflow
Just to give caution to viewers, this is super not for beginner folks. This channel assumes that you have deep knowledge in computer science already and security. He also assumes that you know a lot of things already; notice how he jumped from "spin up an Ubuntu on a VM" to "decided to run it in a Docker container instead". That's how he assumes that you already know Docker.
It's just a caution.
Nonetheless, he is a fantastic presenter and honestly a really bright man.
covered all that stuff in other videos before ;)
can't make every video beginner friendly
Yeah I'm on LiveOverflows side, he would be wasting time getting into stuff he covered already. Linux and basic Docker is also covered on lots of other channels. I am here for the stuff I don't find anywhere else and practical real life binary exploitation & real life fuzzing isn't covered a lot - yet. Also he shows the source code for every single step, so just pause and look up terms.
I think the better question is: Why NOT Pick sudo as Research Target?
Do my homework and compare my next steps with yours? R u honking kidding me? I’m here to kick a man while he’s down, have a good laugh at someone else’s expense. Idgaf about sudo or hacking or computers I just love picking on people.
sudo? more like sumo!
#liveoverflow
Can you please help for joining ctf please and make a roadmap
Ain't it great when you follow the instructions and it doesn't work?
what problems did you run into?
Wer ist auch wegen Niklas hier?
1947.
just want to share my experience.you are going somewhat fast. fyi, im a programmer,not hacker.just like to learn about computer
I hack my father's laptop and ordered a new mouse
I have to mention: i like the content of the The XSS rat more.
And?