sen-material: progs/README@64c20ed7941a (annotated)

392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	1	Virtual-Box
4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	2
410 d0a95f3aa65e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 403 diff changeset	3	Start "Linux Hacking"
d0a95f3aa65e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 403 diff changeset	4	login is cu
d0a95f3aa65e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 403 diff changeset	5	password is "test"
392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	6
393 cb308583d86c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 392 diff changeset	7	The programs are under
392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	8
395 60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	9	cu$> app-material/progs
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	10
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	11
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	12	Programs can be updated using
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	13
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	14	hg pull
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	15	hg update
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	16	hg revert --all
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	17
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	18	Emacs can be used to edit files
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	19
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	20	emacs -nw ...file.... (is also an alias)
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	21
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	22
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	23	C0.c
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	24	====
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	25
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	26	Add the bigger string and the long is printed out differently.
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	27
402 fb0c844a26cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 400 diff changeset	28	foo("my string is too long !!!!! \x15\xcd\x5b\x07");
400 f05368d007dd updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 395 diff changeset	29
395 60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	30	C1.c
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	31	====
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	32
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	33	needs to be called using
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	34
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	35	./C1 `args1-good`
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	36	./C1 `args1-bad`
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	37
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	38	or in gdb using
392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	39
395 60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	40	gdb --args ./C1 `args1-bad`
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	41
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	42
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	43	C2.c
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	44	====
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	45
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	46	called with
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	47
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	48	./args2-good \| ./C2
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	49	./args2-bad \| ./C2
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	50
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	51	C3.c
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	52	====
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	53	(shell injection)
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	54
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	55	called with
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	56
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	57	./C3
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	58
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	59	opens a new shell
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	60
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	61
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	62	C4.c
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	63	====
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	64	Format string attack
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	65
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	66	./C4 "%s"
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	67	./C4 `./args4`
392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	68
403 92c49c160b24 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 402 diff changeset	69	This vulnerability does not need the defences, but prints out
92c49c160b24 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 402 diff changeset	70	the string only correctly with `./args4`. The %s option needs
92c49c160b24 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 402 diff changeset	71
92c49c160b24 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 402 diff changeset	72	-mpreferred-stack-boundary=2
392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	73
4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	74
4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	75	------------------------------------
4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	76
213 9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	77	to switch off address randomization
9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	78
9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	79	echo 0 \| sudo tee /proc/sys/kernel/randomize_va_space
9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	80
9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	81
212 1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	82
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	83	C0.c
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	84
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	85	add to string
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	86
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	87	" \x15\xcd\x5b\x07"
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	88
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	89	to get
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	90
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	91	foo("my string is too long !!!!! \x15\xcd\x5b\x07");

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Thu, 11 Feb 2016 09:33:01 +0000
changeset 446	64c20ed7941a
parent 410	d0a95f3aa65e
child 467	da4896f201b5
permissions	-rw-r--r--