Event ändern: Binary Exploitation Workshop

Warning: More than one default form is defined for this page.

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

Neue / geänderte Events tauchen nach spätestens 5 Minuten in Current Events auf. Siehe auch: Help:Current events.

Event

Name:
Beschreibung:
Art:
Datum:		`YYYY-MM-DD` oder wiederkehrendes Event
Ausfallende Termine		`YYYY-MM-DD, YYYY-MM-DD, ...` (optional)
Zusätzliche Termine		`YYYY-MM-DD, YYYY-MM-DD, ...` (optional)
Erster Termin:		`YYYY-MM-DD` (optional; nur für wiederkehrende Events)
Letzter Termin:		`YYYY-MM-DD` (optional; nur für wiederkehrende Events)
Uhrzeit:		HH:MM
Ende:		HH:MM
Dauer:	Stunden	(optional)
Speaker:		(optional)
Host:		Wiki-Username (optional, bei mehreren Hosts mit Komma trennen)
Ort:		Nur für externe Events (optional)
iCal-Feed:		Unchecked: Nur unter Current Events sichtbar. Checked: Auch auf chaosdorf.de, spaceapi.ccc.de u.ä. sichtbar

Seiteninhalt:

{{Project |name=Binary Exploitation Workshop |description=Binary Exploitation Workshop |project category=Meet-Up |location=Chaosdorf |image=Pushfur.jpg |status=obsolete |people={{U|ilias}} }} {{Event |Title=Exploitation Workshop |Description=Binary Exploitation Workshop |Type=Workshop |Date=2019-08-05 |Start=13:00 |Host=ilias |isRelevant=Yes }} == Please read == Option 1: - Virtual machine software (VMWare, VirtualBox etc...) - Ubuntu 16.04 guest system(with binutils, gdb, python2.7, and the pwntools python module) - your C editor of choice Option 2: This is the prefered method. - Install VirtualBox - Install [https://www.vagrantup.com/ Vagrant] (wrapper for VirtualBox) - download this [https://gist.github.com/A2nkF/67a3b3f0d43077f28fa1601735e5301b Vagrantfile] - run vagrant up && vagrant ssh That will automatically create the ubuntuVM, install all the packages we need and setup a nice debugging environment. Another plus is that you will have exactly the same setup as me so debugging any problems is going to be easier. NOTE: The installation can take up to an hour. This Workshop is for beginners. Beginner as in new to binary exploitation not as in new to low level stuff, c and assembly. We'll try to briefly cover the usage of: * the pwntools python module * radare2 dissassembler (mostly for static analysis) * gdb (for dynamic analysis) * automated ROP-gadget finders The focus will be: * to learn about vulnerable C functions * to learn how simple exploits used to be * to learn what the GOT is * to learn what mitigations have been introduced in modern systems * to learn how to use ROP (return oriented programming) to bypass many exploit mitigations I will bring some binaries that we can attempt exploit. The goal is for every participant to be able to write a stackpivot->malloc->memcpy->mprotect ropchain to execute shellcode. == Prerequisites == As a participant, you should at least know: - C - Intel x86_64 assembly - the x86_64 calling convention Bonus points for knowing the layout of a process in memory and where each section gets loaded into ;D == Participants (please add your name!) == * {{U|barbieauglend}} * {{U|ytvwld}} * {{U|hanemile}} * {{U|bison}} (in blind mode) * fl0_id * Plant * gabriel * gglyptodon * Nico == Resolving technical issues == try: $ wget -q -O- https://github.com/hugsy/gef/raw/master/scripts/gef.sh | sh == Resources == https://github.com/r0hi7/BinExp https://null-byte.wonderhowto.com/how-to/exploit-development-learn-binary-exploitation-with-protostar-0181154/ https://github.com/Bretley/how2exploit_binary https://github.com/tharina/BlackHoodie-2018-Workshop https://github.com/chiliz16/ROP-Workshop https://wiki.osdev.org/Calling_Conventions https://github.com/pythonfoo/pythonfooLite/wiki/Python27 https://md.chaosdorf.de/_hYEB9-aT6-mQbjaXOftzQ?view

Summary:

This is a minor edit

Watch this page

Cancel