lec09 miscellaneous
play

Lec09: Miscellaneous Insu Yun 2 Scoreboard 3 NSA Codebreaker - PowerPoint PPT Presentation

Feb 13, 2024 •114 likes •413 views

1 Lec09: Miscellaneous Insu Yun 2 Scoreboard 3 NSA Codebreaker Challenges 4 Administrivia Due: Lab09 is out and its due on Nov 10 NSA Codebreaker Challenge Due: Dec 1 5 Discussion: Lab08 What's the most

  1. 1 Lec09: Miscellaneous Insu Yun

  2. 2 Scoreboard

  3. 3 NSA Codebreaker Challenges

  4. 4 Administrivia • Due: Lab09 is out and its due on Nov 10 • NSA Codebreaker Challenge → Due: Dec 1

  5. 5 Discussion: Lab08 • What's the most "annoying" bug or challenge? • What's the most "interesting" bug or challenge? • What's different between remote & local?

  6. 6 Discussion: passwd • What was the problem? • How did you solve?

  7. 7 Discussion: mini­shellshock • What was the problem? • How did you solve?

  8. 8 Discussion: mini­shellshock • CVE­2014­6277, CVE­2014­6278, CVE­2014­7169, CVE­2014­7186, and CVE­2014­7187 • specially crafted environment variable # Discussion: mini­shellshock CGI (Common Gateway Interface) • HTTP headers → Environment variable • If script is a bash script?

  9. 9 Discussion: obscure • What was the problem? • How did you solve?

  10. 10 Discussion: obscure • ARM • different calling convention • r0: first argument

  11. 11 Discussion: obscure __libc_csu_init (int argc, char **argv, char **envp) { const size_t size = __init_array_end - __init_array_start; for (size_t i = 0; i < size; i++) (*__init_array_start [i]) (argc, argv, envp); }

  12. 12 Disscussion: obscure .text:00008610 ADD R4, R4, #1 .text:00008614 LDR R3, [R5,#4]! .text:00008618 MOV R0, R7 // R0 = R7 .text:0000861C MOV R1, R8 .text:00008620 MOV R2, R9 .text:00008624 BLX R3 // EIP = R3 .text:00008628 CMP R4, R6 .text:0000862C BNE loc_8610 .text:00008630 LDMFD SP!, {R3-R9,PC} // R3...R9 & PC

  13. 13 Discussion: ieee754 • What was the problem? • How did you solve?

  14. 14 Discussion: diehard • What was the problem? • How did you solve?

  15. 15 Discussion: array • What was the problem? • How did you solve?

  16. 16 2kills • What was the problem? • How did you solve?

  17. 17 jmp­to­where2 • What was the problem? • How did you solve?

  18. 18 return­to­dl • What was the problem? • How did you solve?

  19. 19 return­to­dl • How GOT works? • make fake SYMTAB, STRTAB ...

  20. 20 2048_game • What was the problem? • How did you solve?

  21. 21 2048_game • How to calculate address?

  22. 22 2048_game • Using format string, arbitrary read! • Extract binary is also possible

  23. 23 Lab09: Miscellaneous • integer overflow • web • race condition • interesting exploit techniques

  24. 24 Today's Tutorial • In­class tutorial: • One shot exploit

  25. 25 Today's Totorial int main() { char buf[0x100]; printf("Give me something..."); fgets(buf, 2 * sizeof (buf), stdin); }

  26. 26 Today's Totorial • [...][printf plt][pop ret][__libc_start_main GOT][main]

  27. 27 Today's Totorial • calculate system based on leaked address • [...][system][XXXX][/bin/sh addr]

  28. 28 In­class Tutorial $ git git@clone tc.gtisc.gatech.edu:seclab-pub cs6265 or $ git pull $ cd cs6265/lab08 $ ./init.sh $ cd tut $ cat README

  29. Lec09: Miscellaneous Insu Yun

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lec09: Miscellaneous Max Wolotsky 2 Happy Halloween :) 3 Scoreboard 4 NSA Codebreaker

Lec09: Miscellaneous Max Wolotsky 2 Happy Halloween :) 3 Scoreboard 4 NSA Codebreaker

1 Lec09: Miscellaneous Max Wolotsky 2 Happy Halloween :) 3 Scoreboard 4 NSA Codebreaker Challenges 5 Administrivia Due: Lab09 is out and its due on Nov 10 NSA Codebreaker Challenge Due: Dec 1 6 Discussion: Lab08 7 Best

671 views • 35 slides
PHP Miscellaneous Dr. E. Benoist Winter Term 2005-2006 PHP Miscellaneous 1 PHP Miscellaneous

PHP Miscellaneous Dr. E. Benoist Winter Term 2005-2006 PHP Miscellaneous 1 PHP Miscellaneous

Berner Fachhochschule - HTI PHP Miscellaneous Dr. E. Benoist Winter Term 2005-2006 PHP Miscellaneous 1 PHP Miscellaneous Generating PDF Documents FPDF Library Image Generation GD Library Example: Barcode Generator Authorization

935 views • 56 slides
Lec09: Fuzzing and Symbolic Execution Taesoo Kim 2 Administrivia Three more labs!

Lec09: Fuzzing and Symbolic Execution Taesoo Kim 2 Administrivia Three more labs!

1 Lec09: Fuzzing and Symbolic Execution Taesoo Kim 2 Administrivia Three more labs! including NSA code-breaking challenge! Please submit your working exploits for previous weeks! New recitations: Monday:

293 views • 28 slides
MISCELLANEOUS Page 1 of 1 Print this page Miscellaneous * Asterisks denote mandatory

MISCELLANEOUS Page 1 of 1 Print this page Miscellaneous * Asterisks denote mandatory

MISCELLANEOUS Page 1 of 1 Print this page Miscellaneous * Asterisks denote mandatory information Name of Announcer * WILMAR INTERNATIONAL LIMITED Company Registration No. 199904785Z Announcement submitted on behalf of WILMAR INTERNATIONAL

192 views • 17 slides
MISCELLANEOUS Page 1 of 1 Print this page Miscellaneous * Asterisks denote mandatory

MISCELLANEOUS Page 1 of 1 Print this page Miscellaneous * Asterisks denote mandatory

MISCELLANEOUS Page 1 of 1 Print this page Miscellaneous * Asterisks denote mandatory information Name of Announcer * METRO HOLDINGS LIMITED Company Registration No. 197301792W Announcement submitted on behalf of METRO HOLDINGS LIMITED

718 views • 46 slides
MISCELLANEOUS Page 1 of 1 Print this page Miscellaneous * Asterisks denote mandatory

MISCELLANEOUS Page 1 of 1 Print this page Miscellaneous * Asterisks denote mandatory

MISCELLANEOUS Page 1 of 1 Print this page Miscellaneous * Asterisks denote mandatory information Name of Announcer * METRO HOLDINGS LIMITED Company Registration No. 197301792W Announcement submitted on behalf METRO HOLDINGS LIMITED of

657 views • 47 slides
MISCELLANEOUS Page 1 of 1 MISCELLANEOUS * Asterisks denote mandatory information Name of

MISCELLANEOUS Page 1 of 1 MISCELLANEOUS * Asterisks denote mandatory information Name of

MISCELLANEOUS Page 1 of 1 MISCELLANEOUS * Asterisks denote mandatory information Name of Announcer * METRO HOLDINGS LIMITED Company Registration No. 197301792W Announcement submitted on METRO HOLDINGS LIMITED behalf of Announcement is

607 views • 42 slides
MISCELLANEOUS Page 1 of 1 Print this page Miscellaneous * Asterisks denote mandatory

MISCELLANEOUS Page 1 of 1 Print this page Miscellaneous * Asterisks denote mandatory

MISCELLANEOUS Page 1 of 1 Print this page Miscellaneous * Asterisks denote mandatory information Name of Announcer * SINGTEL Company Registration No. 199201624D Announcement submitted on behalf of SINGTEL Announcement is submitted with

245 views • 23 slides
Miscellaneous: tracking on the web (&amp; start on malware) CS 161: Computer Security Prof.

Miscellaneous: tracking on the web (&amp; start on malware) CS 161: Computer Security Prof.

Miscellaneous: tracking on the web (&amp; start on malware) CS 161: Computer Security Prof. Raluca Ada Popa April 17, 2018 Credit: some slides are adapted from previous offerings of this course or from CS 241 of Prof. Dan Boneh Miscellaneous

1.14k views • 83 slides
Miscellaneous intermediate topics Miscellaneous intermediate topics Abhijit Dasgupta Abhijit

Miscellaneous intermediate topics Miscellaneous intermediate topics Abhijit Dasgupta Abhijit

Miscellaneous intermediate topics Miscellaneous intermediate topics Abhijit Dasgupta Abhijit Dasgupta Fall, 2019 Fall, 2019 1 BIOF339, Fall, 2019 Search strategies 2 BIOF339, Fall, 2019 Google/Bing/DuckDuckGo A problem we have here is

190 views • 17 slides
Energy Retailer Service Charges Working Group Meeting #1 September 7, 2017 1 Miscellaneous

Energy Retailer Service Charges Working Group Meeting #1 September 7, 2017 1 Miscellaneous

Energy Retailer Service Charges Working Group Meeting #1 September 7, 2017 1 Miscellaneous Rates and Charges In November 2015, the OEB issued a letter announcing a comprehensive policy review of miscellaneous rates and charges applied by

343 views • 8 slides
Form 1099-MISC What Is the Form 1099-MISC: Miscellaneous Income? The Form 1099-MISC:

Form 1099-MISC What Is the Form 1099-MISC: Miscellaneous Income? The Form 1099-MISC:

Form 1099-MISC What Is the Form 1099-MISC: Miscellaneous Income? The Form 1099-MISC: Miscellaneous Income is an Internal Revenue Service (IRS) informational return that taxpayers use to report non- employee payments. This form is generally

408 views • 17 slides
Miscellaneous Amendments to the Zoning and Development By-law and to Various CD-1 By-laws

Miscellaneous Amendments to the Zoning and Development By-law and to Various CD-1 By-laws

Miscellaneous Amendments to the Zoning and Development By-law and to Various CD-1 By-laws Public Hearing December 12, 2017 1 CD-1 Minor Text Amendment: West 41st Avenue and 5590 Balaclava Street Amend CD-1 By-law (674) to: Correct an

231 views • 7 slides
SUSTAINABILITY OF NATIONAL BAR ASSOCIATION: REFLECTION ON MISCELLANEOUS AMENDMENTS ACT NO. 2 OF

SUSTAINABILITY OF NATIONAL BAR ASSOCIATION: REFLECTION ON MISCELLANEOUS AMENDMENTS ACT NO. 2 OF

SUSTAINABILITY OF NATIONAL BAR ASSOCIATION: REFLECTION ON MISCELLANEOUS AMENDMENTS ACT NO. 2 OF 2018 Prof. John Eudes Ruhangisa (PhD) Advocate A Paper r for r prese esent ntati tion on durin ring g the e Tanga nganyi nyika ka Law

208 views • 16 slides
Agenda 1. Approval of the minutes of the meeting of 6 May 2020 6. Miscellaneous 6.1. Next WG

Agenda 1. Approval of the minutes of the meeting of 6 May 2020 6. Miscellaneous 6.1. Next WG

Agenda 1. Approval of the minutes of the meeting of 6 May 2020 6. Miscellaneous 6.1. Next WG Belgian Grid: 22 September 2020 2. Note on capacity reservation in the context of a CRM 2.1. Adaptation FTR: state of play 2.2. Bank guarantee in the

692 views • 51 slides
S-100 Maintenance Proposals Miscellaneous revisions, clarifications and corrections S100WG4 25

S-100 Maintenance Proposals Miscellaneous revisions, clarifications and corrections S100WG4 25

S-100 Maintenance Proposals Miscellaneous revisions, clarifications and corrections S100WG4 25 February 1 March 2019 Raphael Malyankar Sponsored by NOAA Overview Proposal: Remove ambiguity in exchange catalogue model about the

151 views • 12 slides
CS3157: Advanced Programming Lecture # 5 Feb 5 Shlomo Hershkop shlomo@cs.columbia.edu 1

CS3157: Advanced Programming Lecture # 5 Feb 5 Shlomo Hershkop shlomo@cs.columbia.edu 1

CS3157: Advanced Programming Lecture # 5 Feb 5 Shlomo Hershkop shlomo@cs.columbia.edu 1 Today More Perl Perl technical stuff Web Programming Perl based Homework 1 ready Please think about acquiring the C book (Deitel

751 views • 51 slides
Web Server Design Lecture 9 Server-Side Execution Old Dominion University Department of

Web Server Design Lecture 9 Server-Side Execution Old Dominion University Department of

Web Server Design Lecture 9 Server-Side Execution Old Dominion University Department of Computer Science CS 431/531 Fall 2019 Sawood Alam &lt;salam@cs.odu.edu&gt; 2019-10-24 Original slides by Michael L. Nelson Common Gateway Interface

653 views • 16 slides
L7: Web Servers Web Engineering 188.951 2VU SS20 Jrgen Cito L7: Webservers Overview of

L7: Web Servers Web Engineering 188.951 2VU SS20 Jrgen Cito L7: Webservers Overview of

L7: Web Servers Web Engineering 188.951 2VU SS20 Jrgen Cito L7: Webservers Overview of web servers (hardware and server software) Web servers as part of internet architecture Serving static resources over the filesystem

502 views • 13 slides
Tools for Hi-Fi Prototyping and Web Design CS 3053 March 28, 2007 Macromedia Flash Interactive

Tools for Hi-Fi Prototyping and Web Design CS 3053 March 28, 2007 Macromedia Flash Interactive

Tools for Hi-Fi Prototyping and Web Design CS 3053 March 28, 2007 Macromedia Flash Interactive Vector Graphics, Line Drawing, and Animation Basics Flash was created as an animation tool, but works quite well for hi-fi prototypes

382 views • 26 slides
JavaScript Common Gateway Interface Batch oriented (fill in a form, get interactive

JavaScript Common Gateway Interface Batch oriented (fill in a form, get interactive

jonkv@ida Why JavaScript? 2 1994 1995: Wanted interactivity on the web Server side interactivity: CGI JavaScript Common Gateway Interface Batch oriented (fill in a form, get interactive results) &quot;Heavy

904 views • 5 slides
CernVM Online and Cloud Gateway a uniform interface for CernVM contextualization and deployment

CernVM Online and Cloud Gateway a uniform interface for CernVM contextualization and deployment

CernVM Online and Cloud Gateway a uniform interface for CernVM contextualization and deployment George Lestaris - Ioannis Charalampidis D. Berzano, J. Blomer, P . Buncic, G. Ganis and R. Meusel PH-SFT / CERN Background CernVM: a virtual

329 views • 30 slides
Introduction to Php Web-based applications: main elements HTTP PROTOCOL CLIENT SIDE SERVER SIDE

Introduction to Php Web-based applications: main elements HTTP PROTOCOL CLIENT SIDE SERVER SIDE

Introduction to Php Web-based applications: main elements HTTP PROTOCOL CLIENT SIDE SERVER SIDE HTTP request An HTTP request consists of: a request method (verb) , resource URL , header fields ( metadata ), body ( data ) HTTP 1.1

1.84k views • 146 slides
They ought to know better: Exploiting Security Gateways via their Web Interfaces Ben Williams

They ought to know better: Exploiting Security Gateways via their Web Interfaces Ben Williams

They ought to know better: Exploiting Security Gateways via their Web Interfaces Ben Williams NGS-Secure NCC Group Plc, Manchester Technology Centre, Oxford Road, Manchester M1 7EF www.nccgroup.com Introduction 35+ Exploits found and

580 views • 41 slides

More recommend