sen-material: progs/README@272dd46ff9b2 (annotated)

392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	1	Virtual-Box
4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	2
4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	3	Start "Linux Hacking" password is "test"
4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	4
393 cb308583d86c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 392 diff changeset	5	The programs are under
392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	6
395 60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	7	cu$> app-material/progs
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	8
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	9
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	10	Programs can be updated using
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	11
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	12	hg pull
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	13	hg update
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	14	hg revert --all
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	15
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	16	Emacs can be used to edit files
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	17
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	18	emacs -nw ...file.... (is also an alias)
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	19
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	20
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	21	C0.c
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	22	====
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	23
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	24	Add the bigger string and the long is printed out differently.
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	25
402 fb0c844a26cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 400 diff changeset	26	foo("my string is too long !!!!! \x15\xcd\x5b\x07");
400 f05368d007dd updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 395 diff changeset	27
395 60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	28	C1.c
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	29	====
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	30
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	31	needs to be called using
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	32
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	33	./C1 `args1-good`
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	34	./C1 `args1-bad`
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	35
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	36	or in gdb using
392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	37
395 60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	38	gdb --args ./C1 `args1-bad`
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	39
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	40
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	41	C2.c
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	42	====
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	43
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	44	called with
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	45
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	46	./args2-good \| ./C2
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	47	./args2-bad \| ./C2
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	48
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	49	C3.c
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	50	====
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	51	(shell injection)
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	52
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	53	called with
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	54
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	55	./C3
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	56
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	57	opens a new shell
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	58
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	59
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	60	C4.c
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	61	====
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	62	Format string attack
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	63
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	64	./C4 "%s"
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	65	./C4 `./args4`
392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	66
403 92c49c160b24 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 402 diff changeset	67	This vulnerability does not need the defences, but prints out
92c49c160b24 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 402 diff changeset	68	the string only correctly with `./args4`. The %s option needs
92c49c160b24 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 402 diff changeset	69
92c49c160b24 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 402 diff changeset	70	-mpreferred-stack-boundary=2
392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	71
4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	72
4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	73	------------------------------------
4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	74
213 9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	75	to switch off address randomization
9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	76
9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	77	echo 0 \| sudo tee /proc/sys/kernel/randomize_va_space
9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	78
9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	79
212 1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	80
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	81	C0.c
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	82
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	83	add to string
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	84
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	85	" \x15\xcd\x5b\x07"
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	86
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	87	to get
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	88
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	89	foo("my string is too long !!!!! \x15\xcd\x5b\x07");

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Thu, 15 Oct 2015 01:57:33 +0100
changeset 407	272dd46ff9b2
parent 403	92c49c160b24
child 410	d0a95f3aa65e
permissions	-rw-r--r--