lec03 writing exploits
play

Lec03: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia - PowerPoint PPT Presentation

Sep 08, 2023 •446 likes •603 views

1 Lec03: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia Survey: how many hours did you spend? (<3h, 6h, 10h, 15h, >20h) Please join Piazza An optional recitation at 5-7pm on every Wed (in CoC 052 ) Lab02:

  1. 1 Lec03: Writing Exploits Taesoo Kim

  2. 2 Scoreboard

  3. 3 Administrivia • Survey: how many hours did you spend? (<3h, 6h, 10h, 15h, >20h) • Please join Piazza • An optional recitation at 5-7pm on every Wed (in CoC 052 ) • Lab02: deadline is extended for another week! • Lab03: stack overflow callenges are out! • Due : Sept 20th at midnight ( 2 weeks )

  4. 4 Survival Guide for CS6265 1. Work as a group/team (find the best ones around you!) • NOT each member tackles different problems • All members tackle the same problem (and discuss/help) 2. Ask questions wisely, concretely • Explain your assumption first (e.g., I expect A because …) • Explain your problem second (e.g., A is expected but B appears) 3. Take advantage of four TAs standing next you to help! • World-class hackers give a private tutoring for you! • But, remember! only when you ask ..

  5. 5 Thinking of Threat Model • Story: A group of students modified “bomb” and got “flags”? • Why TAs think they are not correct flags? • How does our system validate flags?

  6. 6 Thinking of Threat Model # Q0. can we get a flag like this? $ cat /proc/flag # Q1. how is this flag different from what bomb prints out? $ echo "phase2" > /proc/flag# cat /proc/flag # Q2. what about under a tracer? $ strace -- cat /proc/flag # Q3. what about this and print flag? $ gdb ./bomb # Q4. are they different? why? $ diff <(cat /proc/flag) <(cat /proc/flag) # Q5. what about this? $ diff <(cat /proc/flag) <(sleep 1; cat /proc/flag)

  7. 7 Lab03: Stack overflow (due in two weeks) • Finally! It’s time to write real exploits (i.e., control hijacking) • TONS of interesting challenges! • e.g., lack-of-four, frobnicated, upside-down ..

  8. 8 Today’s Tutorial • Example: hijacking crackme0x00! • A template exploit code • In-class tutorial • Your first stack overflow! • Extending the exploit template (python)

  9. 9 DEMO: IDA/crackme0x00 • IDA w/ crackme0x00 • Exploit writing

  10. 10 crackme0x00 $ objdump -M intel-mnemonic -d crackme0x00 ... 0804869d <start>: 804869d: 55 push ebp 804869e: 89 e5 mov ebp,esp 80486a0: 83 ec 18 sub esp,0x18 80486a3: 83 ec 0c sub esp,0xc ... |<-- -0x18-->|+--- ebp top v [ [buf .. ] ][fp][ra] |<---- 0x18+0xc ------>|

  11. 11 crackme0x00 $ objdump -M intel-mnemonic -d crackme0x00 ... 80486c6: 8d 45 e8 lea eax,[ebp-0x18] 80486c9: 50 push eax 80486ca: 68 31 88 04 08 push 0x8048831 80486cf: e8 ac fd ff ff call 8048480 <scanf@plt> |<-- -0x18-->|+--- ebp top v [ [~~~~> ] ][fp][ra] |<---- 0x18+0xc ------>| [*****************XXXX]

  12. 12 crackme0x00 • How can we bypass the password check w/o putting the correct password?

  13. 13 In-class Tutorial • Step 1: Navigate the binary with your IDA! • Step 2: Play with your first exploit! • Step 3: Using an exploit template! $ ssh lab03@cyclonus.gtisc.gatech.edu -p 9003 $ ssh lab03@computron.gtisc.gatech.edu -p 9003 Password: lab03 $ cd tut03-stackovfl $ cat README

  14. 14 References • IDA Demo • Phrack #49-14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lec03: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia Survey: how many hours

Lec03: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia Survey: how many hours

1 Lec03: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia Survey: how many hours did you spend? (&lt;3h, 6h, 10h, &gt;20h) Join Piazza! An optional recitation on every Wed 5:00-6:00pm (in Klaus 1447)

617 views • 34 slides
Lec04: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia Join Piazza! An

Lec04: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia Join Piazza! An

1 Lec04: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia Join Piazza! An optional recitation at 4:30-5:30pm on Wed (in CBC 104A) Due: Lab03 (stack overflow) on Sept 21 at midnight NSA Codebreaker Challenge

423 views • 20 slides
Lec04: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia Join Piazza! An

Lec04: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia Join Piazza! An

1 Lec04: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia Join Piazza! An optional recitation on every Wed 5:00-6:00pm (in Klaus 1447) 6:00-6:30pm ( in Klaus 3126 ) Due: Lab03 (stack overflow) on Sept 22

698 views • 17 slides
Escaping chroot jails Why? Chroot jails come up in writing exploits, CtF competitions, etc.

Escaping chroot jails Why? Chroot jails come up in writing exploits, CtF competitions, etc.

Escaping chroot jails Why? Chroot jails come up in writing exploits, CtF competitions, etc. In the context of this class, a good intro to basic UNIX concepts UNIX 101 man man man 2 chroot Users (UID 0 is root)

370 views • 11 slides
These slides borrowed from http://www.ece.northwestern.edu/~kcoloma/ece361/lectures/Lec03-isa.pdf

These slides borrowed from http://www.ece.northwestern.edu/~kcoloma/ece361/lectures/Lec03-isa.pdf

These slides borrowed from http://www.ece.northwestern.edu/~kcoloma/ece361/lectures/Lec03-isa.pdf ECE C61 Computer Architecture Lecture 3 Instruction Set Architecture Prof. Alok N. Choudhary choudhar@ece.northwestern.edu ECE 361 3-1

716 views • 44 slides
11-823 Conlanging Writing Writing Systems Different Writing Systems What makes a writing

11-823 Conlanging Writing Writing Systems Different Writing Systems What makes a writing

11-823 Conlanging Writing Writing Systems Different Writing Systems What makes a writing system Standardization vs Historical artifacts Constructed Writing Systems Computing and its influence on writing Types of Writing

528 views • 24 slides
FROM PRINTED FROM PRINTED CIRCUIT BOARDS TO CIRCUIT BOARDS TO EXPLOITS EXPLOITS (PWNING IOT

FROM PRINTED FROM PRINTED CIRCUIT BOARDS TO CIRCUIT BOARDS TO EXPLOITS EXPLOITS (PWNING IOT

FROM PRINTED FROM PRINTED CIRCUIT BOARDS TO CIRCUIT BOARDS TO EXPLOITS EXPLOITS (PWNING IOT DEVICES LIKE A BOSS) (PWNING IOT DEVICES LIKE A BOSS) @virtualabs | Hack in Paris '18 ABOUT ME ABOUT ME Head of Research @ Econocom Digital

1.73k views • 83 slides
Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter

Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter

Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter Buchlovsky 8. March 2004 University of Birmingham 1 Contents 1. Call-stacks, shellcode, gets 2. Exploits stack-based, heap-based 3. Defensive

1.56k views • 123 slides
Writing Home 8: Formal and Informal Writing We We use formal language for: Writing to

Writing Home 8: Formal and Informal Writing We We use formal language for: Writing to

Writing Home 8: Formal and Informal Writing We We use formal language for: Writing to someone we dont know Writing for a large audience such as in a newspaper article Writing non-fiction such as instructions, explanations or

209 views • 6 slides
Looking and Writing: Teaching Writing in the Discipline Teaching Writing in the Discipline of

Looking and Writing: Teaching Writing in the Discipline Teaching Writing in the Discipline of

ProVisions Writing in the Disciplines October 11, 2011 Looking and Writing: Teaching Writing in the Discipline Teaching Writing in the Discipline of Art History Robert R. Shane, Ph.D. Art Department John C Bean Engaging Ideas: The John C.

436 views • 10 slides
Writing for Funding Part 1: General Writing and Writing for Specific Review Alicia J. Knoedler,

Writing for Funding Part 1: General Writing and Writing for Specific Review Alicia J. Knoedler,

Writing for Funding Part 1: General Writing and Writing for Specific Review Alicia J. Knoedler, Ph.D. Grant Writing for the Social Sciences Summer, 2003 Writing Discussions Part 1: Getting Started General writing comments and

809 views • 13 slides
Payload Already Inside: Payload Already Inside: Data re-use for ROP Exploits Data re-use for ROP

Payload Already Inside: Payload Already Inside: Data re-use for ROP Exploits Data re-use for ROP

Payload Already Inside: Payload Already Inside: Data re-use for ROP Exploits Data re-use for ROP Exploits Long Le longld@vnsecurity.net BLACKHAT USA 2010 BLACKHAT USA 2010 1 Who am I? VNSECURITY founding member Capture-The-Flag

759 views • 43 slides
writing bat paper accounting service cv writing thesis nps graduate writing

writing bat paper accounting service cv writing thesis nps graduate writing

Why homework, assignment photoshop, price natural gas thesis, homework helper mymathlab. Austin writing tx resume service, paper research android, writing internships sydney creative, bristol creative groups writing. Help mayans facts homework,

287 views • 5 slides
Industrial Bug Mining Industrial Bug Mining Extracting, Grading and Enriching the Ore of Exploits

Industrial Bug Mining Industrial Bug Mining Extracting, Grading and Enriching the Ore of Exploits

Industrial Bug Mining Industrial Bug Mining Extracting, Grading and Enriching the Ore of Exploits the Ore of Exploits Private &amp; Confidential Property of COSEINC The Bug Mining Analogy The Bug Mining Analogy Phase 1: Extraction Phase 2:

591 views • 37 slides
Writing for Funding Part 3: Writing Catch-All Discussion Alicia J. Knoedler, Ph.D. Grant

Writing for Funding Part 3: Writing Catch-All Discussion Alicia J. Knoedler, Ph.D. Grant

Writing for Funding Part 3: Writing Catch-All Discussion Alicia J. Knoedler, Ph.D. Grant Writing for the Social Sciences Summer, 2003 Writing Discussions Part 1: Getting Started General writing comments and suggestions Knowing

552 views • 7 slides
BUSINESS WRITING NEAR EAST UNIVERSITY 1 2 Business Writing Business Writing Follow these

BUSINESS WRITING NEAR EAST UNIVERSITY 1 2 Business Writing Business Writing Follow these

BUSINESS WRITING NEAR EAST UNIVERSITY 1 2 Business Writing Business Writing Follow these rules Topics to cover Business letters State your purpose Envelopes Be straightforward, clear, concise, objective and courteous Job

449 views • 8 slides
An Invitation to Homotopy Type Theory Tingxiang Zou Type Theory Formal Systems: Churchs

An Invitation to Homotopy Type Theory Tingxiang Zou Type Theory Formal Systems: Churchs

An Invitation to Homotopy Type Theory Tingxiang Zou Type Theory Formal Systems: Churchs simply typed lambda calculus (1940); Martin L ofs dependent type theory (1971-1984) Origin: Russells theory of types The world is

848 views • 12 slides
An Algorithm better than AO*? Blai Bonet Universidad Sim on Bol var Caracas, Venezuela

An Algorithm better than AO*? Blai Bonet Universidad Sim on Bol var Caracas, Venezuela

An Algorithm better than AO*? Blai Bonet Universidad Sim on Bol var Caracas, Venezuela H ector Geffner ICREA and Universitat Pompeu Fabra Barcelona, Spain 7/2005 An Algorithm Better than AO*? B. Bonet and H. Geffner; 7/05 1

658 views • 14 slides
Energy Efficiency in Data Centers Through Optimized operations Eswar Viswanathan Director

Energy Efficiency in Data Centers Through Optimized operations Eswar Viswanathan Director

Energy Efficiency in Data Centers Through Optimized operations Eswar Viswanathan Director Data Center Lifecycle Services International Secure Power Division Confidential Property of Schneider Electric | Our technologies ensure that

437 views • 19 slides
Computer Security Cunsheng DING, HKUST COMP4631 Dr. Cunsheng DING Computer Security

Computer Security Cunsheng DING, HKUST COMP4631 Dr. Cunsheng DING Computer Security

Dr. Cunsheng DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 Dr. Cunsheng DING Computer Security HKUST, Hong Kong Lecture 12: Key Distribution Protocols Outline of this Lecture 1.

174 views • 15 slides
CS 166: Information Security Reverse Engineering &amp; Digital Rights Management Prof. Tom

CS 166: Information Security Reverse Engineering &amp; Digital Rights Management Prof. Tom

CS 166: Information Security Reverse Engineering &amp; Digital Rights Management Prof. Tom Austin San Jos State University SRE Software Reverse Engineering Also known as Reverse Code Engineering (RCE) Or simply reversing

1.04k views • 80 slides
Adapting to Alzheimers Understanding dementia in individuals with intellectual and

Adapting to Alzheimers Understanding dementia in individuals with intellectual and

Adapting to Alzheimers Understanding dementia in individuals with intellectual and developmental disabilities We have no disclosures Joanne Rolle, MPA Jennifer Dresen, MSW/MPH Learning Objectives Project Background Administration on

381 views • 7 slides
Insurance Distribution Directive Webinar September 2018 04 September 2018 1 Contents

Insurance Distribution Directive Webinar September 2018 04 September 2018 1 Contents

Insurance Distribution Directive Webinar September 2018 04 September 2018 1 Contents Introduction CoB Overview Product Governance and Distribution Selling Knowledge and Competence Next Steps 04 September 2018 2 IDD expectations IDD

661 views • 34 slides
Derek Nord, PhD, FAAIDD Director and Associate Professor Indiana Institute on Disability and

Derek Nord, PhD, FAAIDD Director and Associate Professor Indiana Institute on Disability and

Derek Nord, PhD, FAAIDD Director and Associate Professor Indiana Institute on Disability and Community Indiana University Bloomington, IN Making Employment a Reality: Were All Responsible May 1, 2020 The attached handouts are provided as

520 views • 16 slides

More recommend