1
00:00:00,340 --> 00:00:06,560
Read this now we are going to see what an explosive escalation technique using a liberal and delivery

2
00:00:06,930 --> 00:00:12,660
Roman words we have already seen and what will be seeing a pattern.

3
00:00:12,670 --> 00:00:16,050
So it's a similar disenrolled the first.

4
00:00:16,230 --> 00:00:23,010
This will load the whole directory containing the libraries that are going to be used by the binary.

5
00:00:23,490 --> 00:00:26,510
OK, now that's pseudo minocin.

6
00:00:28,290 --> 00:00:32,160
So we can run this Apache as a root user.

7
00:00:32,640 --> 00:00:34,140
So I really command.

8
00:00:34,290 --> 00:00:39,300
So this will show the dependencies for this Apache to.

9
00:00:45,660 --> 00:00:53,010
So you can see these are the shared objects and you can see these are the actual location, is this

10
00:00:53,010 --> 00:00:53,200
one.

11
00:00:53,970 --> 00:01:00,600
So at this address, it is going to be loaded, the content that this address is going to be in the

12
00:01:00,600 --> 00:01:09,810
memory and then this executable uses those content without rewriting the whole record in this period.

13
00:01:09,900 --> 00:01:17,030
So that's why these objects are being used in these different objects, contains a different code which

14
00:01:17,040 --> 00:01:22,050
will be used by the Apache to right now in this territory.

15
00:01:22,080 --> 00:01:25,620
We have to first patrol that and CNN reported.

16
00:01:26,070 --> 00:01:27,180
So see, keep this one.

17
00:01:32,490 --> 00:01:39,210
So you can also get this first by Googling, so you can Google and search for this early library, but,

18
00:01:39,600 --> 00:01:43,290
uh, discretional, so you'll get this for this.

19
00:01:43,710 --> 00:01:48,380
So this is the function and we are accepting the variable library.

20
00:01:48,390 --> 00:01:55,770
But you can see here in the top, uh, when I when we run the Pseudomonas said that the environment

21
00:01:57,370 --> 00:01:58,630
is going to be key.

22
00:01:58,710 --> 00:02:05,400
So that means whenever we run chulo, except these, these and every other environment variable is going

23
00:02:05,400 --> 00:02:07,320
to be reset except with these two.

24
00:02:07,350 --> 00:02:12,360
So that means we can use this very early library.

25
00:02:12,390 --> 00:02:19,230
But so we are setting any other previous values and then we are setting our user group at two zero zero

26
00:02:19,530 --> 00:02:23,290
and then we are executing this one as this user.

27
00:02:23,310 --> 00:02:25,080
So that is the root of the investment.

28
00:02:25,890 --> 00:02:27,320
So now let's say a..

29
00:02:27,840 --> 00:02:31,350
So let's go ahead and compile this into the shared object.

30
00:02:35,030 --> 00:02:42,510
So you need the space for the shared and then you need to say output, that's a temp.

31
00:02:43,670 --> 00:02:48,040
That's what it is for them.

32
00:02:48,800 --> 00:02:59,810
So they wrote a song or two, so copied and pasted in here and then this for this deceitful and hit.

33
00:03:00,620 --> 00:03:04,990
So we hope this will become less and.

34
00:03:06,930 --> 00:03:09,090
So we have that deal file.

35
00:03:09,390 --> 00:03:17,190
So now what we're going to do is Soula Ali Library underscore part.

36
00:03:19,390 --> 00:03:27,320
So we are defining the path, so it's similar to the pathway, so we are featuring first taking this

37
00:03:27,340 --> 00:03:31,600
part in this part, the library, uh, dinner is there.

38
00:03:31,840 --> 00:03:33,490
Then you wrote that immediately.

39
00:03:34,270 --> 00:03:37,420
So you start as Bill.

40
00:03:39,690 --> 00:03:40,830
I bet you do.

41
00:03:41,400 --> 00:03:45,110
And you don't know, you can see we got that shirt.

42
00:03:46,860 --> 00:03:55,980
We are my group, so, OK, you can do similar with the regular, so we just similar syntax, we need

43
00:03:55,980 --> 00:04:02,400
to get this sorted out first and then point to this temporary truce, which we hope compare this to

44
00:04:02,400 --> 00:04:05,080
so and then run that Apache to or any other binary.

45
00:04:06,090 --> 00:04:15,240
So if you want to use the binary to find a way to find out what the other deals that are being used

46
00:04:15,240 --> 00:04:15,770
by the find.

47
00:04:16,290 --> 00:04:16,620
Yes.

48
00:04:16,680 --> 00:04:18,120
Or we'll find.

49
00:04:20,510 --> 00:04:30,410
So these are the details, so you can make, uh, you can just rename that one used the Crerar and then

50
00:04:31,790 --> 00:04:33,290
you can get the Rucha.

51
00:04:34,660 --> 00:04:38,470
So that's all for this video, so you can just there is no question.

52
00:04:38,510 --> 00:04:39,400
We're going to continue to.