Episode #27 - Ok Google, sudo ./hacktheplanet


Ok Google! Bypass authentication..and while we're at it, lets explot sudo and OpenSMPTD for root access. This week we dive into various code bases to explore several recent exploits that take advantage of some common yet subtle issues.

Correction: During the segment about the sudo (pwfeedback) exploit I incorrectly described the issue as a stack-based buffer overflow, however the buf variable is declared as static so it ends up in .bss and not on the stack. ~zi

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)