No edit summary |
m (layout) |
||
| (31 intermediate revisions by 11 users not shown) | |||
| Line 1: | Line 1: | ||
{{Event | {{Event | ||
|Title=Binary Exploitation Workshop | |Title=Binary Exploitation Workshop | ||
|Description | |Description= Segmentation fault (core dumped) | ||
|Type=Meet-Up | |Type=Meet-Up | ||
|isRelevant=Yes | |isRelevant=Yes | ||
}} | }} | ||
| Line 13: | Line 11: | ||
|location=Chaosdorf | |location=Chaosdorf | ||
|image=Pushfur.jpg | |image=Pushfur.jpg | ||
|status= | |status=obsolete | ||
|people={{U|ilias}} | |people={{U|ilias}} | ||
}} | }} | ||
| Line 20: | Line 18: | ||
|Description=Binary Exploitation Workshop | |Description=Binary Exploitation Workshop | ||
|Type=Workshop | |Type=Workshop | ||
|Date= | |Date=2019-08-05 | ||
|Start= | |Start=13:00 | ||
|Host=ilias | |Host=ilias | ||
|isRelevant=Yes | |isRelevant=Yes | ||
}} | }} | ||
== Please read == | == Please read == | ||
Option 1: | Option 1: | ||
| Line 53: | Line 48: | ||
* gdb (for dynamic analysis) | * gdb (for dynamic analysis) | ||
* automated ROP-gadget finders | * automated ROP-gadget finders | ||
The focus will be: | The focus will be: | ||
* | * to learn about vulnerable C functions | ||
* | * to learn how simple exploits used to be | ||
* | * to learn what the GOT is | ||
* learn what mitigations have been introduced in modern systems | * to learn what mitigations have been introduced in modern systems | ||
* | * to learn how to use ROP (return oriented programming) to bypass many exploit mitigations | ||
I will bring some | I will bring some binaries that we can attempt exploit. | ||
The goal is for every participant to be able to write a stackpivot->malloc->memcpy->mprotect ropchain to execute shellcode. | The goal is for every participant to be able to write a stackpivot->malloc->memcpy->mprotect ropchain to execute shellcode. | ||
== | == Prerequisites == | ||
As a participant, you should at least know: | As a participant, you should at least know: | ||
- C | - C | ||
- Intel x86_64 assembly | - Intel x86_64 assembly | ||
- the x86_64 calling convention | - the x86_64 calling convention | ||
Bonus points for knowing the layout of a process in memory and where each section gets loaded into ;D | Bonus points for knowing the layout of a process in memory and where each section gets loaded into ;D | ||
== Participants (please add your name!) == | |||
* {{U|barbieauglend}} | |||
* {{U|ytvwld}} | |||
* {{U|hanemile}} | |||
* {{U|bison}} (in blind mode) | |||
* fl0_id | |||
* Plant | |||
* gabriel | |||
* gglyptodon | |||
* Nico | |||
== Resolving technical issues == | |||
try: | |||
$ wget -q -O- https://github.com/hugsy/gef/raw/master/scripts/gef.sh | sh | |||
== | == Resources == | ||
- | https://github.com/r0hi7/BinExp | ||
https://null-byte.wonderhowto.com/how-to/exploit-development-learn-binary-exploitation-with-protostar-0181154/ | |||
https://github.com/Bretley/how2exploit_binary | |||
https://github.com/tharina/BlackHoodie-2018-Workshop | |||
https://github.com/chiliz16/ROP-Workshop | |||
https://wiki.osdev.org/Calling_Conventions | |||
https://github.com/pythonfoo/pythonfooLite/wiki/Python27 | |||
https://md.chaosdorf.de/_hYEB9-aT6-mQbjaXOftzQ?view | |||
https:// | |||
Latest revision as of 19:56, 19 April 2024
| Binary Exploitation Workshop | |
|---|---|
| Segmentation fault (core dumped) | |
| Art | Meet-Up |
| Relevant? | Yes |
| Binary Exploitation Workshop obsolete | |
|---|---|
| |
| Binary Exploitation Workshop | |
| Ort | Chaosdorf |
| Beteiligt | ilias
|
| Exploitation Workshop | |
|---|---|
| Binary Exploitation Workshop | |
| Art | Workshop |
| Datum | 2019-08-05 |
| Start | 13:00 |
| Host | ilias
|
| Relevant? | Yes |
Please read[edit | edit source]
Option 1:
- Virtual machine software (VMWare, VirtualBox etc...) - Ubuntu 16.04 guest system(with binutils, gdb, python2.7, and the pwntools python module) - your C editor of choice
Option 2:
This is the prefered method. - Install VirtualBox - Install Vagrant (wrapper for VirtualBox) - download this Vagrantfile - run vagrant up && vagrant ssh That will automatically create the ubuntuVM, install all the packages we need and setup a nice debugging environment. Another plus is that you will have exactly the same setup as me so debugging any problems is going to be easier. NOTE: The installation can take up to an hour.
This Workshop is for beginners. Beginner as in new to binary exploitation not as in new to low level stuff, c and assembly.
We'll try to briefly cover the usage of:
- the pwntools python module
- radare2 dissassembler (mostly for static analysis)
- gdb (for dynamic analysis)
- automated ROP-gadget finders
The focus will be:
- to learn about vulnerable C functions
- to learn how simple exploits used to be
- to learn what the GOT is
- to learn what mitigations have been introduced in modern systems
- to learn how to use ROP (return oriented programming) to bypass many exploit mitigations
I will bring some binaries that we can attempt exploit. The goal is for every participant to be able to write a stackpivot->malloc->memcpy->mprotect ropchain to execute shellcode.
Prerequisites[edit | edit source]
As a participant, you should at least know:
- C - Intel x86_64 assembly - the x86_64 calling convention Bonus points for knowing the layout of a process in memory and where each section gets loaded into ;D
Participants (please add your name!)[edit | edit source]
- barbieauglend
- ytvwld
- hanemile
- bison (in blind mode)
- fl0_id
- Plant
- gabriel
- gglyptodon
- Nico
Resolving technical issues[edit | edit source]
try: $ wget -q -O- https://github.com/hugsy/gef/raw/master/scripts/gef.sh | sh
Resources[edit | edit source]
https://github.com/r0hi7/BinExp https://null-byte.wonderhowto.com/how-to/exploit-development-learn-binary-exploitation-with-protostar-0181154/ https://github.com/Bretley/how2exploit_binary https://github.com/tharina/BlackHoodie-2018-Workshop https://github.com/chiliz16/ROP-Workshop https://wiki.osdev.org/Calling_Conventions https://github.com/pythonfoo/pythonfooLite/wiki/Python27
https://md.chaosdorf.de/_hYEB9-aT6-mQbjaXOftzQ?view