This topic contains 1 reply, has 2 voices, and was last updated by phie3Ohl 3 weeks, 6 days ago.
- April 13, 2021 at 7:14 pm #382912
I’m a student in my final semester of college, and I’m taking a capstone course where we have to do a research project on a hacking/computer security related topic, and I went with CVE-2021-3156, the sudo privilege escalation. I’m trying to figure out how to actually use the exploit, but all my research has given me “Luckily, this has been patched, make sure to update your systems!” Which in my case is not very helpful.
If any of you know how it works or have any ideas on better ways to research than a simple google search, please let me know.
- April 13, 2021 at 7:14 pm #382913
Always worth checking for metasploit plugins: https://github.com/rapid7/metasploit-framework/blob/master/data/exploits/CVE-2021-3156/exploit.c
- April 13, 2021 at 7:14 pm #382914
John hammond made a video on this
He doesn’t go too much into technical details altough he refers to some more in-depth writeups like [this Qualys article](https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit)
Also live overflow from youtube is starting a series on this CVE as announced by himself [here](https://youtu.be/LMFY3NvNITY?t=08m43s). He will go from discovery all through developing an exploit for it.
- April 13, 2021 at 7:14 pm #382915
TryHackMe has a room that teaches it step by step. On mobile atm but can link later if you can’t find it
You must be logged in to reply to this topic.