pwnedit
CVE-2021-3156 - Sudo Baron Samedit
Before heading into the technical details, you can watch a brief summary here: https://www.youtube.com/watch?v=TLa2VqcGGEQ
Episodes
- [ Files | Blog | Video ] Why Pick sudo as Research Target?
- [ Files | Blog | Video ] How Fuzzing with AFL works
- [ Files | Blog | Video ] Troubleshooting AFL Fuzzing Problems
- [ Files | Blog | Video ] Finding Buffer Overflow with Fuzzing
- [ Files | Blog | Video ] Found a Crash Through Fuzzing? Minimize AFL Testcases
- [ Files | Blog | Video ] Root Cause Analysis With AddressSanitizer (ASan)
- [ Files | Blog | Video ] Understanding C Pointer Magic Arithmetic
- [ Files | Blog | Video ] C Code Review - Reaching Vulnerable Code in sudo
- [ Files | Blog | Video ] Discussing Heap Exploit Strategies for sudo
- [ Files | Blog | Video ] Developing a Tool to Find Function Pointers on The Heap
- [ Files | Blog | Video ] Fuzzing Heap Layout to Overflow Function Pointers
- [ Files | Blog | Video ] Developing GDB Extension for Heap Exploitation
- [ Files | Blog | Video ] Can We Find a New Exploit Strategy?
- [ Files | Blog | Video ] Learning about nss (Linux Name Service Switch) During Sudo Exploitation
- ... coming soon
Requirements
Install Docker and make sure it is running with docker ps
.
Usage Instructions
Each episode folder contains files and code snippets used in the video. Most important is the Dockerfile, which can be used to run an isolated system vulnerable to the sudoedit vulnerability.
If you want to betetr understand how docker works, checkout these videos:
This project uses a Makefile
in each episode, to easier work with docker. You can build and run a particular episode's docker container with thes follwing commands.
cd episode01
sudo make
To get a root shell you can then run
sudo make root
Or be a regular user
sudo make attach
Feel free to check the Makefile
and execute the docker commands directly.