Upload File

rpisec.org/2013/09-13-2013/exploitation.zip for the lazy – rpisec.org/2013/ windows & linux...

  • Home
  • Documents
  • Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1
14
Downloads • rpisec.org/2013/09-13-2013/ exploitation.zip • For the lazy – rpisec.org/2013/ • Windows & Linux Binaries! • … macs? RPISEC - 09/13/2013 Intro to Memory Corruption 1

Upload: amy-gray

Post on 02-Jan-2016

217 views

Category:

Documents


1 download

Report

TRANSCRIPT

Page 1: Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1

Intro to Memory Corruption 1

Downloads

• rpisec.org/2013/09-13-2013/exploitation.zip• For the lazy – rpisec.org/2013/

• Windows & Linux Binaries!• … macs?

RPISEC - 09/13/2013

Page 2: Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1

Intro to Memory Corruption 2

RPISEC

Intro to Memory CorruptionFall 2013

RPISEC - 09/13/2013

Page 3: Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1

Intro to Memory Corruption 3

Memory Corruption

• The simplest definition – To change data the program uses in ways that were not intended by the programmer

• So what does this actually mean? And what can we do with it?

• Let’s take a look at exercise one

RPISEC - 09/13/2013

Page 4: Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1

Intro to Memory Corruption 4

/exploitation/one/

hands on activity time!

RPISEC - 09/13/2013

Page 5: Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1

Intro to Memory Corruption 5

Uhm… what even just happened?

• You just overflowed your first buffer! But in a controlled manner

• A more reckless overflow would probably result in the program segfaulting

• segfault: An error reading/writing to memory

RPISEC - 09/13/2013

Page 6: Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1

Intro to Memory Corruption 6

The technical explanation

• The stack is how a program maintains variables and their data during execution

• This is main()’s stack -------->

• Omg wut have we done• Is_zero == ‘U’ == 85

RPISEC - 09/13/2013

Page 7: Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1

Intro to Memory Corruption 7

/exploitation/two/

pretty similar to /one/

RPISEC - 09/13/2013

Page 8: Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1

Intro to Memory Corruption 8

Now let’s take it a bit further…

• What if we overwrote the return address that’s stored further down the stack?

• The return address tells the program where to go after a completing a function call

• In this case, we’d segfault… but what if we set it to something more meaningful than AAAA?

RPISEC - 09/13/2013

Page 9: Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1

Intro to Memory Corruption 9

/exploitation/easy/

let’s try something crazier

RPISEC - 09/13/2013

Page 10: Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1

Intro to Memory Corruption 10

“If your program simply segfaulted, consider yourself lucky.”

-Chuck Stewart

RPISEC - 09/13/2013

Page 11: Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1

Intro to Memory Corruption 11

Security

• What we just did was take control of the program’s execution flow, and bend it the way of our will

• What if this program was running on a server? Or perhaps running under an admin user?

• Security – To ensure and maintain complete control of the execution flow of your program

RPISEC - 09/13/2013

Page 12: Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1

Intro to Memory Corruption 12

Recap of ‘easy’

• This time, we overwrote the return address, effectively telling the program where it should go next

• What if we could insert our OWN code into the program, and point the return address towards that? - ‘shellcode’

• … Next time ;)

RPISEC - 09/13/2013

Page 13: Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1

Intro to Memory Corruption 13

Some final words

• To really become good at exploitation, you need to have a solid grasp on the low level stuff

• This means knowing x86 assembly, how the stack works, and how data is typically laid out in memory

RPISEC - 09/13/2013

Page 14: Rpisec.org/2013/09-13-2013/exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1

Intro to Memory Corruption 14

If you like what we did here…

• Welcome to real Hacking!

• Related wargames:– io.smashthestack.org– exploit-exercises.com/protostar

• Come to our ‘advanced’ meeting, Wednesday!• We’ll be rolling our own shellcode :>

RPISEC - 09/13/2013


minutes-132 of the 132nd SEIAA... · 1208/2013 121 1/2013 1213/2013 1215/2013 1218/2013 1219/2013 1220/2013 1222/2013 1223/2013 1224/2013 1227/2013 1228/2013 1229/2013 1230/2013 1231/2013

[XLS] · Web view1 2013 2 2013 3 2013 4 2013 5 2013 6 2013 7 2013 8 2013 9 2013 10 2013 11 2013 12 2013 13 2013 14 2013 15 2013 16 2013 17 2013 18 2013 19 2013 20 2013 21 2013 22

@ April 2013 · @ April 2013 @ April 2013

Juni 2013 19 - 21 Juni 2013 23 Juni 2013 27 Juni 2013 1 Juli 2013 - 17 Juli 2013 - 19 Juli 2013 9 Juli 2013 2013 2013 online Pra Pendaftaran 17 J Veriúkasi Dokumen Pendaftaran Pelaksana

04/07/2013 1 di STAMPA PRIME DISPONIBILITA' … · 2013. 7. 9. · 07/08/2013 20/08/2013 10/09/2013 14/10/2013 04/07/2013 29/07/2013 07/08/2013 20/08/2013 10/09/2013

SALINAN LAMPIRAN IV PERATURAN MENTERI PENDIDIKAN … filePrakarya Prakarya Prakarya 2006, 2013 2006, 2013 2006, 2013 2006, 2013 2006, 2013 2006, 2013 2006, 2013 2006, 2013 2006, 2013

Through Knowledge SharingEmpowering People · 2013. 2. 15. · June 2013 January 2013 February 2013 March 2013 April 2013 May 2013 July 2013 August 2013 September 2013 October 2013

 · XLS file · Web view2016-09-22 · 2013 2009. 2013 2009. 2013 2010. 2013 2011. 2013 2012. 2013 2013. 2013 2013. 2013 2004. 2013 2006. 2013 2008. 2013 2011. 2013 2009. 2013 2011

· PDF file2013- np-006 2013- np-032 2013- np-033 2013 -np-060 2013- np-069 2013 -np-073 2013 _np_076 2013- np-078 2013 -np-085 2013- -087 2013- -102 2013

Crypto for CTFs RPISEC 2013 Ben Kaiser. Terminology plaintext - the original message ciphertext - the coded message cipher - algorithm for transforming

Security & Exploitation - Science at Rensselaergoldsd/docs/spring2015-csci4210/OSLecture-Securit… · RPISEC - 05/11/2015 OS Security 2 • Markus Gaasedelen ... • Physical Security

2014 Annual Report Abridged Version - Credit Suisse€¦ · 2014 2014 2014 2014 2014 2014 2014 2014 2014 2014 2013 2013 2013 2013 2013 2013 2013 2013 2013 2013 Key Figures At year-end,

THE CONCEPT OF MALADMINISTRATION IN CORRUPTION1 Muhammad Yamin, Tindak Pidana Khusus, Cv Pustaka Setia, Bandung, 2012, p. 9. The Concept of Maladministration in Corruption 65 concerns

RPISEC - 12/01/2014OS Security1. RPISEC - 12/01/2014OS Security2 Markus Gaasedelen – B.S. Computer Science ’15 Security Enthusiast – I like to hack things

FONDO ADAPTACIÓN INFORME DE CIERRE EJECUCIÓN ......Enero 2013 Febrero 2013 Marzo 2013 Abril 2013 Mayo 2013 Junio 2013 Julio 2013 Agosto 2013 Sept. 2013 Oct. 2013 Nov. 2013 Dic. 2013

 · XLS file · Web view · 2014-07-0218 2013. 1953 159 2013. 1955 37 2013. 1948 84 2013. 1928 40 2013. 1947 127 2013. 1912 208 2013. 1952 55 2013. 1900 31 2013. 1922 119 2013

Developing a Strategic Implementation Plan for Anti ... · Developing a Strategic Implementation Plan for Anti-Corruption1 Preparing Afghanistan for Anti-Corruption Reform By Jeffrey

CONCORDIA MARITIME AB (PUBL)€¦ · 2012-nov. 2012-dec. 2013-jan. 2013-feb. 2013-mar. 2013-apr. 2013-maj. 2013-jun. 2013-jul. 2013-aug. 2013-sep. 2013-okt. 2013-nov. 2013-dec . 2014-jan

jxj.huizhou.gov.cnjxj.huizhou.gov.cn/pages/cms/hzjxj/userfiles/file/20141009092350... · 2013 "ËfilA±fi" 2013 — 18 — 2013 ( 2013 XXX4¥ÉJ 2013 2013 2013 2012 2013 2013 1 16

Scanned by CamScannermail.atri.edu.in/images/pdf/3.1-3.2-3.6.pdf · Year 2012-2013 2012-2013 2012-2013 2012-2013 2012.2013 2012-2013 2012-2013 2012-2013 2012-2013 2012-2013 2012-2013

Inequality and corruption1 - OECD · 5 Figure 1 shows that indeed, even today, there is a difference between post-communist countries and countries, which have never had communist

Ipsos Poll Conducted for Reuters Core Political Data · 2016. 10. 26. · FEB 19-2013 12-2013 2-2013 23-2013 14-2013 4-2013 25-2013 16-2013 6-2013 27 2013 17-2013 8-2013 29 2013 19-2013

1epal-galats.att.sch.gr1epal-galats.att.sch.gr/attach/stratos/prosklhsh_galatsi.pdf25 lav 2013 28 lav 2013 29 lav 2013 30 lav 2013 31 lav 2013 01 2013 04 2013 05 2013 06 2013 07 2013

landrevenue.rajasthan.gov.inlandrevenue.rajasthan.gov.in/content/dam/land... · rpsc 2013 (reshuffle) rpsc 2013 rpsc 2013 rpsc 2013 rpsc 2013 rpsc 2013 rpsc 2013 rpsc 2013 rpsc 2013

Skolen jobber...Skolestart 2013 2013 2013 2013 2013 2013 2013 2013 2013 2013 2013 Lnr 20002610 20002606 20002602 20002608 20002607 20002613 2000261 1 20002609 20002617 20002616 20002614

Septiembre 2013 - Nº 190 - CORES · Septiembre 2013 Septiembre 2013 Septiembre 2013 Septiembre 2013 Septiembre 2013 Septiembre 2013 Septiembre 2013 Climatología del mes de Septiembre:

PP - Corruption1 FINISHED

32013/3/1 2013/3/6 2013/3/11 2013/3/16 2013/3/21 2013/3/26 2013/3/31 2013/4/5 2013/4/10 2013/4/15 2013/4/20 2013/4/25 2013/4/30 2013/5/5 2013/5/10 2013/5/15 2013/5/20 2013/5/25 2013/5/30

BVS Minsa | Biblioteca Virtual en Salud del Ministerio de ...bvs.minsa.gob.pe/local/MINSA/3182.pdf2012 2012 2012 2013 2013 2013 2013 2013 2013 2013 2013 2013 2013 2011 2013 2013 2009

Ledighedsstatistik, juli 2013 - ac.dk · 2013 2013 2013 2013 2013 2013 2013 2013 2012 2013 2012 2013 Apr Maj Juni Juli Apr Maj Juni Juli Juli Juli Juli Juli Gns. bruttoledighed 12.814

[XLS] · Web view921 2013 922 2013 923 2013 924 2013 925 2013 926 2013 927 2013 928 2013 929 2013 930 2013 931 2013 932 2013 933 2013 934 2013 935 2013 936 2013 937 2013 938 2013 939

RPISEC - Rensselaer Polytechnic Institutesecurity.cs.rpi.edu/courses/binexp-spring2015/... · – AAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAA AAAAAAAA • python –c ‘print

Prof Briones Report_Pinoy Solutions to Corruption1

bigiron.blob.core.windows.net€¦ · Invoice / Transfer Date 16 May 2013 16 May 2013 16 May 2013 16 May 2013 16 May 2013 16 May 2013 16 May 2013 16 May 2013 16 May 2013 16 May 2013

Organismo Supervisor de las Contrataciones del Estado - OSCE | … · 2013. 10. 3. · 2013, 221-2013, 222-2013, 225-2013, 229-2013, 230-2013, 231-2013, 232-2013, 233-2013, 234- 2013,