Will melt your face right off your skull, And make your iPod only play Jethro Tull, And tell you knock-knock jokes while you're trying to sleep, And make you physically attracted to sheep, Steal your identity and your credit card, Buy you a warehouse full of pink leotards, Then cause a major rift in time and space, And leave a bunch of Twinkie wrappers all over the place! - “Virus Alert” by Weird Al Yankovic
The joke is that LiveOverflow thought it was an April fools joke due to various reasons. It turns out that the guy on LinkedIn was serious, his report was not an April fool's joke.
@@JohannaMueller57 Every request i've forwarded to health care equipment has fallen on deaf ears. Somehow these companies who charge a mint for products have no intentions of fixing life saving equipment running with admin/admin over http, then advocating for it to be put on a corporate WAN. As for leaving it's not some "if people start leaving they will fix problems" - It's more they'll replace you with people who don't know or don't care. The people who make products and install them are rarely the same company. Sad truth, but hey.
Ive seen Jean Pereira too many times on my linkedin feed and I just have to cringe every single time. I also love how he claims that he has learned everything himself and that he doesnt need any cybersecurity education 😂
Thank you for your videos and hard work! Your channel covers a lot of technical details and professional knowledge that is really hard to find on the internet (in the approachable way) and which I deeply enjoy!
Raymond Chen of Microsoft does an irregular blog series called "The other side of the airtight hatchway" meaning that a "security vulnerability" reported would be great if it could actually get you to the other side of the hatch (root/admin). I think in this case using sudo to run an app as root that isn't designed for that counts, since you have to already enter your credentials for sudo. And if you do that, you could just use sudo to run a malicious app directly, no need for hospital run at all.
@@hyronharrison8127 To be fair, that's the most common way it's done. We call it "social engineering." A lot of applications will actually refuse to run if they detect escalated privileges specifically to protect users from their own misguided misuse.
That's all very well, but there are a lot of cases where people do run apps as root, even though they shouldn't, because it's "easier". And in a case like this one, it's a problem to have even a privilege escalation to whatever user the software is run as. If I can become that user, I can modify patient data, even if I can't take over the machine.
Dude, changing a physical file is considered a vuln or even a 0-day? WTF. Yeah, but the vid you did on leeroy getting kinda fooled by JP made it a bit clearer to me. Big UP and many thanks for this enlightenment!
To be clear, he wasn't claiming that the ability to modify the file was the exploit; he was claiming that he could modify the app to perform a privilege escalation. However, in order to do so he would have to run the application as root, which is why it's not actually a vulnerability. This is why LiveOverflow also showed Mulllvad, which does have an executable that runs as root. Modifying that executable really could result in privilege escalation, but since it properly prevents modification by a non-root user, there is no vulnerability.
So if I understood it correctly, that guy executed that program as root, then used root access to patch his custom code into the executable which opens up a TCP server. Using netcat he then connected to that server as user and executed privileged commands? This would work in every application which uses a non-compiled JIT language... Basically a really weird flex, probably to get some followers and sell his software?
not just JIT programs, it literally works on every single executable (its just a bit more complicated to patch binary code into a compiled program but you can still do it) basically this guy just claimed "sudo" was a privilege escalation technique lmao
@@UC1kVaZyvOs39Y it's been two month from your comment, but you hopefully see this. I know people that want to make business with that guy. Can you give me some more detailled information why to not make business with him? appreciate it
after working for US customer for 10+ years every time i see date like 06-04-2023 my brain refuses to accept such date format I just assume it can be both if I need to record a date somewhere I use 2023-06-04
i really like how you've said in the beginning of the video "last time i sadly couldnt find a vulnerability. but this time i do a challenge so we can definitely find one!" and there's still not a real issue :D but still very informative bro! keep it up hacker boy! liebe grüße.
These kind of open sources may be used in testing environments in companies. The most useful thing is to use them as 3rd party vendors for integration testing purposes. So it may be not viable for production but students and testing teams may find it useful.
0daytoday is an ExploitDB clone and the admin tricks people into buying fake exploits. All of the user accounts are the same person, there are videos about this. Great video LO! Just wanted to warn people of this...
What>??? Was the original post a joke or not? I am a bit confused by the end bit... excerpt: "This code, was not prepared ahead of april fools day? Bingo! You know what else was not an april fools joke but looks like one? [...]" Very clever video
the original post was meant seriously, hence why liveOverflow was blocked, but the exploit shown came from malpractice from the guy that presented the exploit on the 0day site.
11:46 so Privilege Escalation is more of a Privilege Declaration, on to or via a root daemon. It's not user becoming root, it’s user communicating through an already root system.
In a real attack, it could be a program, not a human user. So it's a virus that gets onto the target machine in a non-root way (like in a mail attachment), and then "escalates" itself by forcing the root daemon to... for example, install the command "run this virus as root" into the system's task scheduler, so that it's launched on every system restart.
@@chri-k I think they meant other way around. For example, when you install steam on linux, and try to run it as root, it will immediately exit with an error message like "It's not safe to run steam as root, don't do that"
I know very little about security, stumbled across this randomly. But it seems strange to me that entering the password for a regular user is sufficient to install a root daemon. Shouldn't anything that runs as root require entering the root password?
Maybe I'm just stupid but why can the vpn install a certain part that runs with root privileges? You only entered your non root user password it seemed. Doesnt that mean we could just write our own installer that asks for user password but puts malicioua code under a root level part?
what you think is the "non root user password", gives the root permissions. Ever used Linux with sudo? When your user belongs to the sudo group you also enter YOUR user's password to execute a command as root.
the guy that posted the exploit used malpractice and ran the program as root to make it seem like he had a crazy exploit, but its just that: malpractice and a joke at best
If comic sans made it to the front of goverment buildingfs and coins and stuff i bet your font can get far as well! haha and no nothing is worse then comic sans
@@khill8645 well the xnu kernel is basically the mach kernel from Carnegie Mellon university, a BSD subsystem and a lot of custom code added to o it, so it's not related to unix in the strictest sense, however that BSD part was made by actually replacing every source file from the og unix source code release with reimplementations made by the Berkeley University developers that originally made BSD, so it's a compatible program, but it's not actually unix and of course it's not really the base of the xnu kernel, but a subsystem that it's used to provvide an interface for programs to run on and to have compatibility with existing unix/bsd software. So xnu it's actually it's own very wired beast.
@@okolol Maybe something like we have on Android or iOS where a VPN app would consist of a UI and a helper running as an unprivileged daemon, which I assume is able to interface with the operating system's network interface.
@@okololfrom what i understand (which is admittedly not much), you cant screw with other users' settings because there can be at most one concurrent login* so it's fine to let the app overwrite all the settings * ssh isnt real!!! /s
@@TheDuckPox I'm sure while you don't need root access in android, you do need special permission to configure the user vpn settings. and yes, it's per user basis, I've tried it. but I don't know much about ios nor macos.
@@pitust yea, why would you modify other user settings though? you will only need to modify the current user settings, and if you want to make it system wide, then just use root.
There isn't a vulnerability (that we know about) even if you install and run it as root. You would then need to be root to be able to rewrite the ASAR. "Elevating privileges" from root to root doesn't gain you anything.
Hi, please note that 0daydottoday is SCAM, please dont do advertisements for them cause naive ppl still get caught by their “5k for instagram takeover exploit”
The sad thing here is that this isn't a joke. It's just Jean Pereira being an infosec fraud.
liveoverflow just made this so exciting!
He made a video about him on LiveUnderflow (in german)
When the author's comment said- "[This exploit] can change your blood group". I honestly believed this was an April Fool's joke for a second...
Will melt your face right off your skull,
And make your iPod only play Jethro Tull,
And tell you knock-knock jokes while you're trying to sleep,
And make you physically attracted to sheep,
Steal your identity and your credit card,
Buy you a warehouse full of pink leotards,
Then cause a major rift in time and space,
And leave a bunch of Twinkie wrappers all over the place!
- “Virus Alert” by Weird Al Yankovic
Thank you for rekindling my disgust towards the LinkedIn community
The "it's not an April Fools joke" to "it is" to "it is not" was too good 😂
@@zorkman777 It was not. This guy does this regularly.
@@MartinHaunschmid So it was neither?
The joke is that LiveOverflow thought it was an April fools joke due to various reasons. It turns out that the guy on LinkedIn was serious, his report was not an April fool's joke.
As someone who installed critical infrastructure around the health care sector for a while here my heart was racing.
@@JohannaMueller57 Every request i've forwarded to health care equipment has fallen on deaf ears. Somehow these companies who charge a mint for products have no intentions of fixing life saving equipment running with admin/admin over http, then advocating for it to be put on a corporate WAN.
As for leaving it's not some "if people start leaving they will fix problems" - It's more they'll replace you with people who don't know or don't care. The people who make products and install them are rarely the same company.
Sad truth, but hey.
Ive seen Jean Pereira too many times on my linkedin feed and I just have to cringe every single time. I also love how he claims that he has learned everything himself and that he doesnt need any cybersecurity education 😂
Thank you for your videos and hard work! Your channel covers a lot of technical details and professional knowledge that is really hard to find on the internet (in the approachable way) and which I deeply enjoy!
Raymond Chen of Microsoft does an irregular blog series called "The other side of the airtight hatchway" meaning that a "security vulnerability" reported would be great if it could actually get you to the other side of the hatch (root/admin). I think in this case using sudo to run an app as root that isn't designed for that counts, since you have to already enter your credentials for sudo. And if you do that, you could just use sudo to run a malicious app directly, no need for hospital run at all.
Imagine my vuln writeup:
You have to beg them to misuse the application but THEN...
@@hyronharrison8127 To be fair, that's the most common way it's done. We call it "social engineering." A lot of applications will actually refuse to run if they detect escalated privileges specifically to protect users from their own misguided misuse.
That's all very well, but there are a lot of cases where people do run apps as root, even though they shouldn't, because it's "easier". And in a case like this one, it's a problem to have even a privilege escalation to whatever user the software is run as. If I can become that user, I can modify patient data, even if I can't take over the machine.
The mic drop at 11:40 is amazing
"On Mac, like many other Linux-distros, ..." LMAO
Dude, changing a physical file is considered a vuln or even a 0-day? WTF.
Yeah, but the vid you did on leeroy getting kinda fooled by JP made it a bit clearer to me. Big UP and many thanks for this enlightenment!
Maybe?? If thr electron binary was run as root but the asar file was world writable itd make sense. But its not ...
To be clear, he wasn't claiming that the ability to modify the file was the exploit; he was claiming that he could modify the app to perform a privilege escalation. However, in order to do so he would have to run the application as root, which is why it's not actually a vulnerability. This is why LiveOverflow also showed Mulllvad, which does have an executable that runs as root. Modifying that executable really could result in privilege escalation, but since it properly prevents modification by a non-root user, there is no vulnerability.
Even in a situation like this, I find you inspirational. Thanks for your videos and content
Bingo. Thanks for the video. Its amazing explain a lot about some hype that coming and go in cyber security.
So if I understood it correctly, that guy executed that program as root, then used root access to patch his custom code into the executable which opens up a TCP server. Using netcat he then connected to that server as user and executed privileged commands? This would work in every application which uses a non-compiled JIT language... Basically a really weird flex, probably to get some followers and sell his software?
not just JIT programs, it literally works on every single executable (its just a bit more complicated to patch binary code into a compiled program but you can still do it)
basically this guy just claimed "sudo" was a privilege escalation technique lmao
liveoverflow also said that there are no privileged processes 11:03
He isn't wrong lol@@DFsdf3443d
So was the original guy just spreading misinformation?
@@UC1kVaZyvOs39Y it's been two month from your comment, but you hopefully see this. I know people that want to make business with that guy. Can you give me some more detailled information why to not make business with him? appreciate it
Awesome journey! I literately feel it like a real research! Love the video, thanks!
> Replace executable with your own modified one.
> Run as root.
> Profit 1000 linkedin karma from reactionary dimwits.
Einfach nur danke für dieses Video!!
The bingo middle finger got me ngl.
and that is why specifying d/m/y or m/d/y is important
after working for US customer for 10+ years every time i see date like 06-04-2023 my brain refuses to accept such date format
I just assume it can be both
if I need to record a date somewhere I use 2023-06-04
@@Z3rgatul that's totally, fine, either go big to small or small to big. But m/d/y is ludicrous, same goes for most imperial measurements.
Always yyyy-mm-dd
No matter how you write that date it was not April 1st
Truly an informative, comprehensive and entertaining video + Bingo. One of my favorites, thanks for the great effort. Congratulations pal!
i really like how you've said in the beginning of the video "last time i sadly couldnt find a vulnerability. but this time i do a challenge so we can definitely find one!" and there's still not a real issue :D but still very informative bro! keep it up hacker boy! liebe grüße.
hätte gleich deutsch schreiben können merke ich gerade ahha
These kind of open sources may be used in testing environments in companies.
The most useful thing is to use them as 3rd party vendors for integration testing purposes.
So it may be not viable for production but students and testing teams may find it useful.
4:07 "Now on mac, like many other linux distros," hmmm
Wait what...that was a great suspense 😂
0daytoday is an ExploitDB clone and the admin tricks people into buying fake exploits. All of the user accounts are the same person, there are videos about this. Great video LO! Just wanted to warn people of this...
What>???
Was the original post a joke or not?
I am a bit confused by the end bit...
excerpt:
"This code, was not prepared ahead of april fools day?
Bingo!
You know what else was not an april fools joke but looks like one?
[...]"
Very clever video
the original post was meant seriously, hence why liveOverflow was blocked, but the exploit shown came from malpractice from the guy that presented the exploit on the 0day site.
Really good Video.
11:46 so Privilege Escalation is more of a Privilege Declaration, on to or via a root daemon.
It's not user becoming root, it’s user communicating through an already root system.
In a real attack, it could be a program, not a human user. So it's a virus that gets onto the target machine in a non-root way (like in a mail attachment), and then "escalates" itself by forcing the root daemon to... for example, install the command "run this virus as root" into the system's task scheduler, so that it's launched on every system restart.
Why doesn't Michael Cera act in films? Passionate about hacking apps. Actually just found your channel, very cool content.
First Name: Live
Last Name: Overflow
Reason for visit: Brain too big.
Hahahahahaha nice
Watching this after movie Babylon so finally I get some drama genre 🙂
Please make one amazing hacking video playlists ❤❤❤
I hope in the future you make more hardware hacking vids
The mic drop at 11:44 😂😂
You really look like Christopher Slater as Mr. Robot.
brilliant piece of media
I'm just a comment for the algorithm.
i think it would be fine to call out the fact that this person is obv. attempting to bullshit others. its not a nice thing to do.
Grifter gets called out: a video presentation
🤔 ive seen some apps that check at the start if they are run as root and then stop execution
that’s done by software which by design allows arbitrary code to be executed ( package managers, for example )
@@chri-k I think they meant other way around. For example, when you install steam on linux, and try to run it as root, it will immediately exit with an error message like "It's not safe to run steam as root, don't do that"
@@hikkamorii yes, because steam also allows arbitrary code to be executed on your computer.
Great one!🤣
its the best joke to know i laughed very hard in a while
I am confusion
lol @ broadcasthost, love that [3:44]
😂😂😂 Love youuu
You forgot the end cards :P
it was nice Broooooo
lol lol lol, loved it
Bingo!
I know very little about security, stumbled across this randomly. But it seems strange to me that entering the password for a regular user is sufficient to install a root daemon. Shouldn't anything that runs as root require entering the root password?
Your user is part of the sudo group, so entering your password is sufficient to grant root permissions.
I just got a linkedin request from this guy??????? like, what?
ngl he had us in the first 20 mins :D
Tq
Push!
Ayi Sabashhh
😂😂 great video as always
Within 1 hour gang!! So excited to see the video past 3:56!!
i found you with the Minecraft stuff on your channel, is there any new minecraft stuff upcomming ?
This video isn’t funny the first time through. But it is the second time.
why tho
Broo......App sec video or a Christopher Nolan movie ????
so cool xD
this is hilarious
What is the name of this phenomenal 😅
Android does it right, 3rd party VPN need no root.
Maybe I'm just stupid but why can the vpn install a certain part that runs with root privileges? You only entered your non root user password it seemed. Doesnt that mean we could just write our own installer that asks for user password but puts malicioua code under a root level part?
what you think is the "non root user password", gives the root permissions. Ever used Linux with sudo? When your user belongs to the sudo group you also enter YOUR user's password to execute a command as root.
I don't understand, are we expecting a sequel ?
the guy that posted the exploit used malpractice and ran the program as root to make it seem like he had a crazy exploit, but its just that: malpractice and a joke at best
After your video, he removes the post on linkedin lel
the hacker news bdarija
what
If comic sans made it to the front of goverment buildingfs and coins and stuff i bet your font can get far as well! haha and no nothing is worse then comic sans
Hey, i found the liveoverflow smp! And i made a mod for it!
July Fools
"on mac like any other linux distro" man have you forgotten that modern macos is based on the xnu kernel?
It seems perfectly cromulent, I don't think any of us have figured out a way to pronounce '*nix' yet
@@khill8645 well the xnu kernel is basically the mach kernel from Carnegie Mellon university, a BSD subsystem and a lot of custom code added to o it, so it's not related to unix in the strictest sense, however that BSD part was made by actually replacing every source file from the og unix source code release with reimplementations made by the Berkeley University developers that originally made BSD, so it's a compatible program, but it's not actually unix and of course it's not really the base of the xnu kernel, but a subsystem that it's used to provvide an interface for programs to run on and to have compatibility with existing unix/bsd software. So xnu it's actually it's own very wired beast.
🤓
@@piecaruso97 It isn't about 'custom code' or whatever, it's just about POSIX compliance.
that was fully intentional
It seems that on macOS, you don't need root to make a VPN (for example, tailscale doesn't include a root daemon)
but how does it do it exactly?
I'm thinking maybe there's a way for you to configure the USER SPECIFIC network settings, so no root access required.
@@okolol Maybe something like we have on Android or iOS where a VPN app would consist of a UI and a helper running as an unprivileged daemon, which I assume is able to interface with the operating system's network interface.
@@okololfrom what i understand (which is admittedly not much), you cant screw with other users' settings because there can be at most one concurrent login* so it's fine to let the app overwrite all the settings
* ssh isnt real!!! /s
@@TheDuckPox I'm sure while you don't need root access in android, you do need special permission to configure the user vpn settings. and yes, it's per user basis, I've tried it. but I don't know much about ios nor macos.
@@pitust yea, why would you modify other user settings though? you will only need to modify the current user settings, and if you want to make it system wide, then just use root.
was it a joke or not ?
Brain too small LMAO
I don’t get the Joke
The twist. Lmao hahahaha
9:24 "how [] can look like" -> downvote
Morawiecki na miniaturce
zero day exploit 😂
🤪
lol?
the software shouldnt allow the user to run it as root. making it a software issue not a user issue .
There isn't a vulnerability (that we know about) even if you install and run it as root. You would then need to be root to be able to rewrite the ASAR. "Elevating privileges" from root to root doesn't gain you anything.
I'm american, have never seen yyyy/dd/mm, we're notorious for going month then day.
Hi, please note that 0daydottoday is SCAM, please dont do advertisements for them cause naive ppl still get caught by their “5k for instagram takeover exploit”
what’s that?