• Stars
    star
    217
  • Rank 182,446 (Top 4 %)
  • Language
    C
  • Created over 3 years ago
  • Updated almost 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

CVE-2021-3156 - Sudo Baron Samedit

pwnedit

CVE-2021-3156 - Sudo Baron Samedit

Before heading into the technical details, you can watch a brief summary here: https://www.youtube.com/watch?v=TLa2VqcGGEQ

Episodes

  1. [ Files | Blog | Video ] Why Pick sudo as Research Target?
  2. [ Files | Blog | Video ] How Fuzzing with AFL works
  3. [ Files | Blog | Video ] Troubleshooting AFL Fuzzing Problems
  4. [ Files | Blog | Video ] Finding Buffer Overflow with Fuzzing
  5. [ Files | Blog | Video ] Found a Crash Through Fuzzing? Minimize AFL Testcases
  6. [ Files | Blog | Video ] Root Cause Analysis With AddressSanitizer (ASan)
  7. [ Files | Blog | Video ] Understanding C Pointer Magic Arithmetic
  8. [ Files | Blog | Video ] C Code Review - Reaching Vulnerable Code in sudo
  9. [ Files | Blog | Video ] Discussing Heap Exploit Strategies for sudo
  10. [ Files | Blog | Video ] Developing a Tool to Find Function Pointers on The Heap
  11. [ Files | Blog | Video ] Fuzzing Heap Layout to Overflow Function Pointers
  12. [ Files | Blog | Video ] Developing GDB Extension for Heap Exploitation
  13. [ Files | Blog | Video ] Can We Find a New Exploit Strategy?
  14. [ Files | Blog | Video ] Learning about nss (Linux Name Service Switch) During Sudo Exploitation
  • ... coming soon

Requirements

Install Docker and make sure it is running with docker ps.

Usage Instructions

Each episode folder contains files and code snippets used in the video. Most important is the Dockerfile, which can be used to run an isolated system vulnerable to the sudoedit vulnerability.

If you want to betetr understand how docker works, checkout these videos:

This project uses a Makefile in each episode, to easier work with docker. You can build and run a particular episode's docker container with thes follwing commands.

cd episode01
sudo make

To get a root shell you can then run

sudo make root

Or be a regular user

sudo make attach

Feel free to check the Makefile and execute the docker commands directly.