EPISODE · Feb 4, 2020 · 1H 49M
OK Google, sudo ./hacktheplanet
from Day[0] · host dayzerosec
Ok Google! Bypass authentication..and while we're at it, lets explot sudo and OpenSMPTD for root access. This week we dive into various code bases to explore several recent exploits that take advantage of some common yet subtle issues. Correction: During the segment about the sudo (pwfeedback) exploit I incorrectly described the issue as a stack-based buffer overflow, however the buf variable is declared as static so it ends up in .bss and not on the stack. ~zi Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0]) [00:00:22] Charges Dismissed Against Coalfire Employees [00:06:50] Avast to Commence Wind Down of Subsidiary Jumpshot [00:22:10] Say hello to OpenSK: a fully open-source security key implementation [00:28:25] Kraken Identifies Critical Flaw in Trezor Hardware Wallets [00:33:56] Zoom-Zoom: We Are Watching You [00:39:08] TeamViewer using encrypted passwords [00:47:43] Buffer overflow [in sudo] when pwfeedback is set in sudoers (CVE-2019-18634) https://github.com/sudo-project/sudo/commit/fa8ffeb17523494f0e8bb49a25e53635f4509078 https://github.com/sudo-project/sudo/blob/0fcb6471609969b5911db0b2917ced16c913676f/src/tgetpass.c#L413 [01:01:23] Opkg susceptible to MITM (CVE-2020-7982) https://git.openwrt.org/?p=project/opkg-lede.git;a=commitdiff;h=54cc7e3bd1f79569022aa9fc3d0e748c81e3bcd8 [01:07:18] LPE and RCE in OpenSMTPD (CVE-2020-7247) [01:14:13] PHP 7.0-7.4 disable_functions bypass 0day PoC https://github.com/mm0r1/exploits/blob/master/php7-backtrace-bypass/exploit.php [01:28:53] Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure (Part I) https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-ii/ [01:40:22] OK Google: bypass the authentication!
What this episode covers
Ok Google! Bypass authentication..and while we're at it, lets explot sudo and OpenSMPTD for root access. This week we dive into various code bases to explore several recent exploits that take advantage of some common yet subtle issues. Correction: During the segment about the sudo (pwfeedback) exploit I incorrectly described the issue as a stack-based buffer overflow, however the buf variable is declared as static so it ends up in .bss and not on the stack. ~zi Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0]) [00:00:22] Charges Dismissed Against Coalfire Employees [00:06:50] Avast to Commence Wind Down of Subsidiary Jumpshot [00:22:10] Say hello to OpenSK: a fully open-source security key implementation [00:28:25] Kraken Identifies Critical Flaw in Trezor Hardware Wallets [00:33:56] Zoom-Zoom: We Are Watching You [00:39:08] TeamViewer using encrypted passwords [00:47:43] Buffer overflow [in sudo] when pwfeedback is set in sudoers (CVE-2019-18634) https://github.com/sudo-project/sudo/commit/fa8ffeb17523494f0e8bb49a25e53635f4509078 https://github.com/sudo-project/sudo/blob/0fcb6471609969b5911db0b2917ced16c913676f/src/tgetpass.c#L413 [01:01:23] Opkg susceptible to MITM (CVE-2020-7982) https://git.openwrt.org/?p=project/opkg-lede.git;a=commitdiff;h=54cc7e3bd1f79569022aa9fc3d0e748c81e3bcd8 [01:07:18] LPE and RCE in OpenSMTPD (CVE-2020-7247) [01:14:13] PHP 7.0-7.4 disable_functions bypass 0day PoC https://github.com/mm0r1/exploits/blob/master/php7-backtrace-bypass/exploit.php [01:28:53] Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure (Part I) https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-ii/ [01:40:22] OK Google: bypass the authentication!
NOW PLAYING
OK Google, sudo ./hacktheplanet
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m