Binary Exploitation Workshop

From Chaosdorf Wiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Binary Exploitation Workshop
Segmentation fault (core dumped)
Art Meet-Up
Relevant? Yes
Binary Exploitation Workshop obsolete
Pushfur.jpg
Binary Exploitation Workshop
Ort Chaosdorf
Beteiligt ilias


Exploitation Workshop
Binary Exploitation Workshop
Art Workshop
Datum 2019-08-05
Start 13:00
Host ilias
Relevant? Yes

Please read

Option 1: 

   - Virtual machine software (VMWare, VirtualBox etc...)
   - Ubuntu 16.04 guest system(with binutils, gdb, python2.7, and the pwntools python module)
   - your C editor of choice

Option 2: 

   This is the prefered method.
   - Install VirtualBox
   - Install Vagrant (wrapper for VirtualBox)
   - download this Vagrantfile
   - run vagrant up && vagrant ssh
   That will automatically create the ubuntuVM, install all the packages we need and setup a nice debugging environment.
   Another plus is that you will have exactly the same setup as me so debugging any problems is going to be easier.
   NOTE: The installation can take up to an hour.


This Workshop is for beginners. Beginner as in new to binary exploitation not as in new to low level stuff, c and assembly.

We'll try to briefly cover the usage of:

  • the pwntools python module
  • radare2 dissassembler (mostly for static analysis)
  • gdb (for dynamic analysis)
  • automated ROP-gadget finders

The focus will be:

  • to learn about vulnerable C functions
  • to learn how simple exploits used to be
  • to learn what the GOT is
  • to learn what mitigations have been introduced in modern systems
  • to learn how to use ROP (return oriented programming) to bypass many exploit mitigations

I will bring some binaries that we can attempt exploit. The goal is for every participant to be able to write a stackpivot->malloc->memcpy->mprotect ropchain to execute shellcode.

Prerequisites

As a participant, you should at least know: 

   - C
   - Intel x86_64 assembly
   - the x86_64 calling convention
   Bonus points for knowing the layout of a process in memory and where each section gets loaded into ;D


Participants (please add your name!)

Resolving technical issues

try: $ wget -q -O- https://github.com/hugsy/gef/raw/master/scripts/gef.sh | sh


Resources

   https://github.com/r0hi7/BinExp
   https://null-byte.wonderhowto.com/how-to/exploit-development-learn-binary-exploitation-with-protostar-0181154/
   https://github.com/Bretley/how2exploit_binary
   https://github.com/tharina/BlackHoodie-2018-Workshop
   https://github.com/chiliz16/ROP-Workshop
   https://wiki.osdev.org/Calling_Conventions
   https://github.com/pythonfoo/pythonfooLite/wiki/Python27

   https://md.chaosdorf.de/_hYEB9-aT6-mQbjaXOftzQ?view
Retrieved from "https://wiki.chaosdorf.de/index.php?title=Binary_Exploitation_Workshop&oldid=31587"