Editing Binary Exploitation Workshop

From Chaosdorf Wiki
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 3: Line 3:
|Description= Segmentation fault (core dumped)
|Description= Segmentation fault (core dumped)
|Type=Meet-Up
|Type=Meet-Up
|Date=2019-07-02
|Start=17:00
|isRelevant=Yes
|isRelevant=Yes
}}
}}
Line 10: Line 12:
|project category=Meet-Up
|project category=Meet-Up
|location=Chaosdorf
|location=Chaosdorf
|image=Pushfur.jpg
|image=https://cdn.discordapp.com/attachments/575376648086618112/592638795526963200/pushfur.jpg
|status=obsolete
|status=alpha
|people={{U|ilias}}
|people={{U|ilias}}
}}
}}
Line 18: Line 20:
|Description=Binary Exploitation Workshop
|Description=Binary Exploitation Workshop
|Type=Workshop
|Type=Workshop
|Date=2019-08-05
|Date=
|Start=13:00
|Start=17:00
|Host=ilias
|Host=ilias
|isRelevant=Yes
|isRelevant=Yes
}}
}}


== Please read ==
== Please read ==
Prerequisites:


Option 1:
Option 1:
Line 48: Line 53:
* gdb (for dynamic analysis)
* gdb (for dynamic analysis)
* automated ROP-gadget finders
* automated ROP-gadget finders
* oneshot gadgets


The focus will be:
The focus will be:
* to learn about vulnerable C functions
* learning about vulnerable C functions
* to learn how simple exploits used to be
* learning how simple exploits used to be
* to learn what the GOT is
* learning what the GOT is
* to learn what mitigations have been introduced in modern systems
* learn what mitigations have been introduced in modern systems
* to learn how to use ROP (return oriented programming) to bypass many exploit mitigations
* using ROP (return oriented programming) to bypass many exploit mitigations


I will bring some binaries that we can attempt exploit.  
I will bring some binarys that we can attempt exploit.  
The goal is for every participant to be able to write a stackpivot->malloc->memcpy->mprotect ropchain to execute shellcode.
The goal is for every participant to be able to write a stackpivot->malloc->memcpy->mprotect ropchain to execute shellcode.


== Prerequisites ==
== Participants (please register!) ==
As a participant, you should at least know:
As a participant, you should at least know:
    - C
- C
    - Intel x86_64 assembly
- Intel x86_64 assembly
    - the x86_64 calling convention
- the x86_64 calling convention
    Bonus points for knowing the layout of a process in memory and where each section gets loaded into ;D
Bonus points for knowing the layout of a process in memory and where each section gets loaded into ;D
 
 
== Participants (please add your name!) ==
* {{U|barbieauglend}}
* {{U|ytvwld}}
* {{U|hanemile}}
* {{U|bison}} (in blind mode)
* fl0_id
* Plant
* gabriel
* gglyptodon
* Nico
 
== Resolving technical issues ==
 
try:
$ wget -q -O- https://github.com/hugsy/gef/raw/master/scripts/gef.sh | sh




== Resources ==
== Participants (please register!) ==
    https://github.com/r0hi7/BinExp
- {{U|barbieauglend}}
    https://null-byte.wonderhowto.com/how-to/exploit-development-learn-binary-exploitation-with-protostar-0181154/
    https://github.com/Bretley/how2exploit_binary
    https://github.com/tharina/BlackHoodie-2018-Workshop
    https://github.com/chiliz16/ROP-Workshop
    https://wiki.osdev.org/Calling_Conventions
    https://github.com/pythonfoo/pythonfooLite/wiki/Python27


    https://md.chaosdorf.de/_hYEB9-aT6-mQbjaXOftzQ?view
== Recources ==
https://github.com/r0hi7/BinExp
https://null-byte.wonderhowto.com/how-to/exploit-development-learn-binary-exploitation-with-protostar-0181154/
https://github.com/Bretley/how2exploit_binary
Please note that all contributions to Chaosdorf Wiki are considered to be released under the Attribution 3.0 Unported (see Chaosdorf Wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!
Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://wiki.chaosdorf.de/Binary_Exploitation_Workshop"