Difference between revisions of "Binary Exploitation Workshop"

From Chaosdorf Wiki
Jump to navigation Jump to search
 
(19 intermediate revisions by 10 users not shown)
Line 3: Line 3:
 
|Description=== AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA == Segmentation fault (core dumped)
 
|Description=== AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA == Segmentation fault (core dumped)
 
|Type=Meet-Up
 
|Type=Meet-Up
|Date=2019-07-02
 
|Start=17:00
 
 
|isRelevant=Yes
 
|isRelevant=Yes
 
}}
 
}}
Line 20: Line 18:
 
|Description=Binary Exploitation Workshop
 
|Description=Binary Exploitation Workshop
 
|Type=Workshop
 
|Type=Workshop
|Date=
+
|Date=2019-08-05
|Start=17:00
+
|Start=13:00
 
|Host=ilias
 
|Host=ilias
 
|isRelevant=Yes
 
|isRelevant=Yes
 
}}
 
}}
 
 
  
 
== Please read ==
 
== Please read ==
Line 54: Line 50:
  
 
The focus will be:
 
The focus will be:
* learning about vulnerable C functions
+
* to learn about vulnerable C functions
* learning how simple exploits used to be
+
* to learn how simple exploits used to be
* learning what the GOT is
+
* to learn what the GOT is
* learn what mitigations have been introduced in modern systems
+
* to learn what mitigations have been introduced in modern systems
* using ROP (return oriented programming) to bypass many exploit mitigations
+
* to learn how to use ROP (return oriented programming) to bypass many exploit mitigations
  
I will bring some binarys that we can attempt exploit.  
+
I will bring some binaries that we can attempt exploit.  
 
The goal is for every participant to be able to write a stackpivot->malloc->memcpy->mprotect ropchain to execute shellcode.
 
The goal is for every participant to be able to write a stackpivot->malloc->memcpy->mprotect ropchain to execute shellcode.
  
Line 71: Line 67:
  
  
== Participants (please register!) ==
+
== Participants (please add your name!) ==
 
* {{U|barbieauglend}}
 
* {{U|barbieauglend}}
 
* {{U|ytvwld}}
 
* {{U|ytvwld}}
 
* {{U|hanemile}}
 
* {{U|hanemile}}
 +
* {{U|bison}} (in blind mode)
 +
* fl0_id
 +
* Plant
 +
* gabriel
 +
* gglyptodon
 +
* Nico
 +
 +
== Resolving technical issues ==
 +
 +
try:
 +
$ wget -q -O- https://github.com/hugsy/gef/raw/master/scripts/gef.sh | sh
 +
  
 
== Resources ==
 
== Resources ==
Line 82: Line 90:
 
     https://github.com/tharina/BlackHoodie-2018-Workshop
 
     https://github.com/tharina/BlackHoodie-2018-Workshop
 
     https://github.com/chiliz16/ROP-Workshop
 
     https://github.com/chiliz16/ROP-Workshop
 +
    https://wiki.osdev.org/Calling_Conventions
 +
    https://github.com/pythonfoo/pythonfooLite/wiki/Python27
 +
 +
    https://md.darknebu.la/_hYEB9-aT6-mQbjaXOftzQ?both

Latest revision as of 14:42, 5 August 2019


Binary Exploitation Workshop
== AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA == Segmentation fault (core dumped)
Art Meet-Up
relevant? Yes
Binary Exploitation Workshop alpha
Pushfur.jpg
Binary Exploitation Workshop
Ort Chaosdorf
Beteiligt iliasx


Exploitation Workshop
Binary Exploitation Workshop
Art Workshop
Datum 2019-08-05
Start 13:00
Host iliasx
relevant? Yes

Please read[edit]

Option 1:

   - Virtual machine software (VMWare, VirtualBox etc...)
   - Ubuntu 16.04 guest system(with binutils, gdb, python2.7, and the pwntools python module)
   - your C editor of choice

Option 2:

   This is the prefered method.
   - Install VirtualBox
   - Install Vagrant (wrapper for VirtualBox)
   - download this Vagrantfile
   - run vagrant up && vagrant ssh
   That will automatically create the ubuntuVM, install all the packages we need and setup a nice debugging environment.
   Another plus is that you will have exactly the same setup as me so debugging any problems is going to be easier.
   NOTE: The installation can take up to an hour.


This Workshop is for beginners. Beginner as in new to binary exploitation not as in new to low level stuff, c and assembly.

We'll try to briefly cover the usage of:

  • the pwntools python module
  • radare2 dissassembler (mostly for static analysis)
  • gdb (for dynamic analysis)
  • automated ROP-gadget finders

The focus will be:

  • to learn about vulnerable C functions
  • to learn how simple exploits used to be
  • to learn what the GOT is
  • to learn what mitigations have been introduced in modern systems
  • to learn how to use ROP (return oriented programming) to bypass many exploit mitigations

I will bring some binaries that we can attempt exploit. The goal is for every participant to be able to write a stackpivot->malloc->memcpy->mprotect ropchain to execute shellcode.

Prerequisites[edit]

As a participant, you should at least know:

   - C
   - Intel x86_64 assembly
   - the x86_64 calling convention
   Bonus points for knowing the layout of a process in memory and where each section gets loaded into ;D


Participants (please add your name!)[edit]

Resolving technical issues[edit]

try: $ wget -q -O- https://github.com/hugsy/gef/raw/master/scripts/gef.sh | sh


Resources[edit]

   https://github.com/r0hi7/BinExp
   https://null-byte.wonderhowto.com/how-to/exploit-development-learn-binary-exploitation-with-protostar-0181154/
   https://github.com/Bretley/how2exploit_binary
   https://github.com/tharina/BlackHoodie-2018-Workshop
   https://github.com/chiliz16/ROP-Workshop
   https://wiki.osdev.org/Calling_Conventions
   https://github.com/pythonfoo/pythonfooLite/wiki/Python27
   https://md.darknebu.la/_hYEB9-aT6-mQbjaXOftzQ?both