CS 519419 Cyber Attacks Defense Yeongjin Jang 011118
CS 519/419 Cyber Attacks & Defense Yeongjin Jang 01/11/18
To. Do: Send me an SSH pubkey • Create a key • Install openssh client • ssh-keygen –t ecdsa • https: //www. ssh. com/ssh/putty/windows/puttygen • Please choose ecdsa for the key type • Send me (via e-mail): • • Public key: id_ecdsa. pub Your pseudonym on the scoring site Your OSU-ID (9 digits) Your preferred ssh account name
To. Do: Machine Installation • Go to https: //cs 519. unexploitable. systems/web/rules. html • Install Virtual. Box • sudo apt install virtualbox; or • https: //www. virtualbox. org/wiki/Downloads • Install Vagrant • sudo apt install vagrant; or • https: //www. vagrantup. com/downloads. html • Install a VM for CS 519 • . /install_vm. sh
To. Do: Register Yourself on Scoring sys. • Go to https: //ctf. unexploitable. systems • Register yourself!
Fetching Assignment • For the week 1 - connect ssh • ssh week 1@vm-ctf 1. eecs. oregonstate. edu • Password: cs 519 osu • Go to the labs/samples directory • cd labs/samples • For the other weeks • fetch week 1 (from your VM, no flags) • Or, ssh your_id@vm-ctf 1. eecs. oregonstate. edu • cd /home/labs/week 1 (you can get flags from here)
Project Example: Bug finding • Find bugs in real-world programs • Open-sourced software (recommended) • GNU and others • Projects hosted on github. com, etc. • Closed-source and online-services • • Please follow the responsible disclosure rules from software vendors https: //hackerone. com/directory? query=type%3 Ahackerone https: //www. hackerone. com/internet-bug-bounty And see vendor’s rule
Project Example: Vulnerability Analysis • Analyze previously discovered vulnerability • Submit a report on • • What is the cause of the vulnerability? How to exploit the vulnerability? How to fix the vulnerability? What was the impact of the vulnerability? • Write and submit a proof-of-concept exploit
Project Example: Solving wargames • http: //pwnable. kr • http: //pwnable. tw • https: //io. netgarage. org/ • Will announce project proposal date in few weeks…
Tutorials and Slides • https: //cs 519. unexploitable. systems/web/cal. html • At LEC X, you can check links to PPTX and PDF • At TUT X, you can check a link to TXT
Stack • Stores local variables • Stores function arguments • Stores return address, etc.
Stack Caller %ebp • EBP – base pointer • Top of the local stack • ESP – Stack pointer Local • Bottom of the local stack • Local Stack • [ESP, EBP] %esp Not used. .
%ebp Function call 2 • Suppose A() calls B(1, 2) %esp Local - A 1 • Push argument • 2 nd argument is 2 • 1 st argument is 1 • Call B(1, 2) Not used. .
%ebp Function call 2 • Call B(1, 2) • • Allocate new stack space by moving ebp/esp%esp push %ebp mov %esp, %ebp sub 0 x 10, %esp Local - A 1 %ebp-A Local - B
Function Arguments 2 • At B(), 1 • How to access the 1 st argument? • 0 x 4(%ebp) • How to access the 2 nd argument? Local - A %ebp-A • 0 x 8(%ebp) Local - B %esp
Local Variables 2 • Suppose B() uses int i = 5; • int i=5 • mov $0 x 5, -0 x 8(%ebp) 1 %ebp-A 5 • How to call C(i)? • mov -0 x 8(%ebp), %eax • mov %eax, (%esp) Local - A %esp 5 Local - B
Local Variables %ebp 5 • At C(i), • push %ebp • mov %esp, %ebp • sub 0 x 10, %esp %ebp-A %esp %ebp • Access i • mov 0 x 4(%ebp), %eax %esp 5 %ebp-B Local - B
How Functions Return? %ebp 5 • At C(i), • • %ebp-A leave; Leave instruction is a combination of: %esp mov %ebp, %esp pop %ebp %esp 5 %ebp-B Local - B
%ebp Local Variables 2 • At B(1, 2), • • %esp leave; %esp Leave instruction is a combination of: %ebp mov %ebp, %esp pop %ebp %esp Local - A 1 %ebp-A 5 5 Local - B
Recap • Function prologue • push %ebp • mov %esp, %ebp • sub 0 x 10, %esp stores previous base pointer move base pointer to the stack bottom move esp to a new stack bottom (reserve space) • Function epilogue • Leave • mov %ebp, %esp • pop %ebp • ret move up esp to ebp. . move up ebp to the previous one return!
X 86 references • Jumps • http: //unixwiz. net/techtips/x 86 -jumps. html • Other opcodes • http: //www. felixcloutier. com/x 86/
Assignment: Week-1 • Please solve challenges in the labs/samples directory • Debug programs in the labs/samples directory • These programs will not give you the flag • Get flags from programs in the labs/challeges directory • You can get the flags from here (but can’t debug) • Due: 1/16 4: 00 pm -> 1/18 4: 00 pm
- Slides: 21