escaping chroot jails
play

Escaping chroot jails Why? Chroot jails come up in writing - PowerPoint PPT Presentation

May 12, 2023 •247 likes •370 views

Escaping chroot jails Why? Chroot jails come up in writing exploits, CtF competitions, etc. In the context of this class, a good intro to basic UNIX concepts UNIX 101 man man man 2 chroot Users (UID 0 is root)

  1. Escaping chroot jails

  2. Why? ● Chroot jails come up in writing exploits, CtF competitions, etc. ● In the context of this class, a good intro to basic UNIX concepts

  3. UNIX 101 ● “man man” ● “man 2 chroot” ● Users (UID 0 is root) ● Tree of processes, with owners – pstree, ps, top ● Tree of files and directories, with owners and permissions – ls, tree

  4. Explore in the shell a little bit...

  6. After you boot ● Authentication – Ties a person to a process – Typically involves entering username and password

  7. chroot jail ● Intended to keep a process in its own root directory – E.g. , to keep them out of /home directory ● Not intended to keep a superuser who can run arbitrary code contained, but people try to use it for that – FreeBSD has a stronger jail concept, or use Linux Containers

  8. Putting ourselves in a chroot jail...

  9. Breaking out of it... ● Build a new jail inside the one you're in ● Request that the new jail be your jail – Okay because it's smaller and inside the one you're currently in ● Ask to go anywhere you want in the system – Not a problem, because you're not in your jail anyway so you're not getting let out

  10. Explore both versions of the C code...

  11. References ● https://filippo.io/escaping-a-chroot-jail-slash-1/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

My journey on SMBGhost Angelboy angelboy@chroot.org @scwuaptx Whoami Angelboy

My journey on SMBGhost Angelboy angelboy@chroot.org @scwuaptx Whoami Angelboy

My journey on SMBGhost Angelboy angelboy@chroot.org @scwuaptx Whoami Angelboy Researcher at DEVCORE CTF Player HITCON / 217 Chroot Co-founder of pwnable.tw Speaker HITB GSEC 2018/AVTokyo 2018/VXCON Outline

1.35k views • 107 slides
The structure of the escaping set of a transcendental entire function Gwyneth Stallard (joint

The structure of the escaping set of a transcendental entire function Gwyneth Stallard (joint

The structure of the escaping set of a transcendental entire function Gwyneth Stallard (joint work with Phil Rippon) The Open University Postgraduate Conference in Complex Dynamics March 2015 The escaping set Definition The escaping set is I

650 views • 43 slides
Why I prefer thick jails over thin jails Dan Langille EuroBSDCon 2019 Lillehammer

Why I prefer thick jails over thin jails Dan Langille EuroBSDCon 2019 Lillehammer

Why I prefer thick jails over thin jails Dan Langille EuroBSDCon 2019 Lillehammer @dlangille https://dan.langille.org/ Disclaimer Dont do what Im doing just because Im doing it Its right for me - now Needs

862 views • 30 slides
systemd-nspawn is chroot on steroids LinuxCon Europe 2013 Lennart Poettering October 2013

systemd-nspawn is chroot on steroids LinuxCon Europe 2013 Lennart Poettering October 2013

systemd-nspawn is chroot on steroids LinuxCon Europe 2013 Lennart Poettering October 2013 Lennart Poettering systemd-nspawn is chroot on steroids systemd? systemd! Lennart Poettering systemd-nspawn is chroot on steroids Containers! LXC vs.

460 views • 18 slides
Chw00t: How to break out from various chroot solutions Balzs Bucsay OSCE, OSCP , GIAC GPEN,

Chw00t: How to break out from various chroot solutions Balzs Bucsay OSCE, OSCP , GIAC GPEN,

Chw00t: How to break out from various chroot solutions Balzs Bucsay OSCE, OSCP , GIAC GPEN, OSWP http://rycon.hu/ - https://www.mrg-effitas.com/ @xoreipeip Bio / Balazs Bucsay Hungarian Hacker Strictly technical certificates: OSCE,

557 views • 54 slides
Escaping Saddle Points with Adaptive Gradient Methods Matthew Staib 1 , Sashank Reddi 2 ,

Escaping Saddle Points with Adaptive Gradient Methods Matthew Staib 1 , Sashank Reddi 2 ,

Escaping Saddle Points with Adaptive Gradient Methods Matthew Staib 1 , Sashank Reddi 2 , Satyen Kale 2 , Sanjiv Kumar 2 , Suvrit Sra 1 1. MIT EECS 2. Google Research, New York Escaping Saddle Points with Adaptive Gradient Methods Matthew

614 views • 23 slides
8/29/2018 Diversion, Not Discrimination: Jails, the ADA, and People with Mental Illness ADA

8/29/2018 Diversion, Not Discrimination: Jails, the ADA, and People with Mental Illness ADA

8/29/2018 Diversion, Not Discrimination: Jails, the ADA, and People with Mental Illness ADA Mid-Atlantic Update 2018 September 6, 2018 Tysons, VA Presenter Biography Mark Murphy is the Managing Attorney of the Bazelon Center for Mental

649 views • 19 slides
Current Trends in Jail Operations: Its More Than Just the Sheriffs Problem By: Thomas

Current Trends in Jail Operations: Its More Than Just the Sheriffs Problem By: Thomas

Current Trends in Jail Operations: Its More Than Just the Sheriffs Problem By: Thomas Kerss and David Whitis Law Enforcement Consultants, Texas Association of Counties Managing Risk Exposures for County Jails Operating county jails is

684 views • 17 slides
Magnetospheres of Hot Jupiters: formation of magnetodisk current system in the escaping

Magnetospheres of Hot Jupiters: formation of magnetodisk current system in the escaping

Magnetospheres of Hot Jupiters: formation of magnetodisk current system in the escaping plasma flow of an exoplanet M. L. Khodachenko 1 , T. Zaqarashvili 1 , N.V. Erkaev 2 , S. Dyadechkin 3 , I.F. Shaikhislamov 4 , I.I. Alexeev 5 , E.S.

667 views • 22 slides
RISK MANAGEMENT SERVICES FOR JAILS KY s Statewide Mental Health Service Delivery System

RISK MANAGEMENT SERVICES FOR JAILS KY s Statewide Mental Health Service Delivery System

RISK MANAGEMENT SERVICES FOR JAILS KY s Statewide Mental Health Service Delivery System Montanas Law and Justice Com m ittee Decem ber 1 6 , 2 0 1 1 Connie Milligan, LCSW Ray Sabbatine, MA Bluegrass Regional MH-MR Board Model of

266 views • 16 slides
Creating Learning without Limits: Challenge and Success 1 Baseline assessment? 2 3 Escaping

Creating Learning without Limits: Challenge and Success 1 Baseline assessment? 2 3 Escaping

Creating Learning without Limits: Challenge and Success 1 Baseline assessment? 2 3 Escaping from the bottom set Hargreaves (1982) argues that ability labelling leads to destruction of dignity so massive and pervasive that few

324 views • 19 slides
Escaping the Losses from Trade: The Impact of Heterogeneity on Skill Acquisition Preliminary

Escaping the Losses from Trade: The Impact of Heterogeneity on Skill Acquisition Preliminary

Escaping the Losses from Trade: The Impact of Heterogeneity on Skill Acquisition Preliminary Axelle Ferriere 1 Gaston Navarro 2 Ricardo Reyes-Heroles 2 1 Paris School of Economics 2 Federal Reserve Board Joint Conference on Heterogeneity

845 views • 57 slides
Viral Hepatitis Vaccination Program in County Jails Rebecca Lakey, RN, BSN November 14, 2019

Viral Hepatitis Vaccination Program in County Jails Rebecca Lakey, RN, BSN November 14, 2019

Viral Hepatitis Vaccination Program in County Jails Rebecca Lakey, RN, BSN November 14, 2019 Background Tennessee ranks among states with the highest rates of acute hepatitis B virus (HBV) in the nation In 2012, the Department of Health

373 views • 10 slides
COVID-19: JUSTICE RESPONSES FOR PRETRIAL RELEASE AND JAILS APRIL 29, 2020 1 AGENDA FOR COVID-19

COVID-19: JUSTICE RESPONSES FOR PRETRIAL RELEASE AND JAILS APRIL 29, 2020 1 AGENDA FOR COVID-19

COVID-19: JUSTICE RESPONSES FOR PRETRIAL RELEASE AND JAILS APRIL 29, 2020 1 AGENDA FOR COVID-19 VIRTUAL MEETING Welcome Amber Widgery, NCSL program principal Chief Justice Bridget McCormack, Michigan Supreme Court

325 views • 13 slides
On the escaping set of exponential maps Patrick Comdhr Christian-Albrechts-Universitt zu Kiel

On the escaping set of exponential maps Patrick Comdhr Christian-Albrechts-Universitt zu Kiel

On the escaping set of exponential maps Patrick Comdhr Christian-Albrechts-Universitt zu Kiel Barcelona, 24 November 2015 P. Comdhr (CAU Kiel) Escaping set of exponential maps 24 November 2015 1 / 16 Outline Motivation 1 P. Comdhr

1.12k views • 86 slides
,, LAUNCH A GROUP PROGRAM WHILE ESCAPING YOUR 9 TO 5. NAIL YOUR SYSTEM FOR CONSISTENCY , CLIENTS

,, LAUNCH A GROUP PROGRAM WHILE ESCAPING YOUR 9 TO 5. NAIL YOUR SYSTEM FOR CONSISTENCY , CLIENTS

,, LAUNCH A GROUP PROGRAM WHILE ESCAPING YOUR 9 TO 5. NAIL YOUR SYSTEM FOR CONSISTENCY , CLIENTS AND CASH ~ Sofia Rei fearlessly Who is this webinar for ? If you re a coaching Entrepreneur still in your 9 to 5 and running your

1.3k views • 90 slides
Crash Course Entrepreneurship Crash Course Escape from Corporate [Case Study] Who wants

Crash Course Entrepreneurship Crash Course Escape from Corporate [Case Study] Who wants

Entrepreneurship Crash Course Entrepreneurship Crash Course Escape from Corporate [Case Study] Who wants to become your own boss, set your own schedule, work from anywhere in the world, make a lot of money, love what you do, AND

1.06k views • 79 slides
The microkernel OS Escape Nils Asmussen FOSDEM14 1 / 25 Introduction Tasks Memory VFS

The microkernel OS Escape Nils Asmussen FOSDEM14 1 / 25 Introduction Tasks Memory VFS

Introduction Tasks Memory VFS Demo The microkernel OS Escape Nils Asmussen FOSDEM14 1 / 25 Introduction Tasks Memory VFS Demo Outline Introduction 1 Tasks 2 Memory 3 VFS 4 Demo 5 2 / 25 Introduction Tasks Memory VFS

618 views • 26 slides
KauNetEm Deterministic Network Emulation in Linux . Per Hurtig, Johan Garcia February 12, 2016

KauNetEm Deterministic Network Emulation in Linux . Per Hurtig, Johan Garcia February 12, 2016

Proceedings of NetDev 1.1: The Technical Conference on Linux Networking (February 10th-12th 2016. Seville, Spain) KauNetEm Deterministic Network Emulation in Linux . Per Hurtig, Johan Garcia February 12, 2016 netdevconf 1.1, February 10-12,

528 views • 39 slides
Bayesian Emulation and Calibration of a Dynamic Epidemic Model for H1N1 Influenza Marian Farah 1

Bayesian Emulation and Calibration of a Dynamic Epidemic Model for H1N1 Influenza Marian Farah 1

Bayesian Emulation and Calibration of a Dynamic Epidemic Model for H1N1 Influenza Marian Farah 1 Paul Birrell 1 , Stefano Conti 2 , Daniela De Angelis 1 , 2 1 MRC Biostatistics Unit, Cambridge, UK 2 Health Protection Agency, London, UK ICERM

816 views • 44 slides
Empir iric ical l Aspects of Plu Pluralit lity Ele lectio ions David R. M. Thompson, Omer

Empir iric ical l Aspects of Plu Pluralit lity Ele lectio ions David R. M. Thompson, Omer

Empir iric ical l Aspects of Plu Pluralit lity Ele lectio ions David R. M. Thompson, Omer Lev, Kevin Leyton-Brown & Jeffrey S. Rosenschein COMSOC 2012 Krakw, Poland What is is a ( pure) Nash Equilib ilibriu ium? m? (pur A

602 views • 31 slides
Justifying the state: Escaping the State of Nature Trading Liberty for Protection Hobbes

Justifying the state: Escaping the State of Nature Trading Liberty for Protection Hobbes

Justifying the state: Escaping the State of Nature Trading Liberty for Protection Hobbes Review: Hobbes State of Nature In the state of nature There is no authority above humans sooooo There is no morality, no right and

544 views • 36 slides
Extended Example (Iterative Refinement) A maze consists of rooms and doors: An door is either

Extended Example (Iterative Refinement) A maze consists of rooms and doors: An door is either

Extended Example (Iterative Refinement) A maze consists of rooms and doors: An door is either a door into a room an escape to a particular place A room has two doors, left and right 1 Door Data Definition abstract class Door { }

254 views • 11 slides
Iteration in tracts James Waterman Department of Mathematics and Statistics The Open University

Iteration in tracts James Waterman Department of Mathematics and Statistics The Open University

Iteration in tracts James Waterman Department of Mathematics and Statistics The Open University New Developments in Complex Analysis and Function Theory, Heraklion, July 2-6, 2018 James Waterman (The Open University) Iteration in tracts July

316 views • 16 slides

More recommend