sen-material: progs/README@d58f8e3e78a5 (annotated)

392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	1	Virtual-Box
4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	2
410 d0a95f3aa65e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 403 diff changeset	3	Start "Linux Hacking"
d0a95f3aa65e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 403 diff changeset	4	login is cu
d0a95f3aa65e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 403 diff changeset	5	password is "test"
392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	6
393 cb308583d86c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 392 diff changeset	7	The programs are under
392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	8
395 60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	9	cu$> app-material/progs
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	10
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	11
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	12	Programs can be updated using
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	13
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	14	hg pull
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	15	hg update
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	16	hg revert --all
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	17
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	18	Emacs can be used to edit files
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	19
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	20	emacs -nw ...file.... (is also an alias)
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	21
477 b2c5a721f360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 470 diff changeset	22	Compiler
b2c5a721f360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 470 diff changeset	23
b2c5a721f360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 470 diff changeset	24	gcc -O0 -o file file.c
b2c5a721f360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 470 diff changeset	25
b2c5a721f360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 470 diff changeset	26	Backtick is key §/±.
395 60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	27
546 3d1f65e43065 updated cu parents: 479 diff changeset	28	example.c
3d1f65e43065 updated cu parents: 479 diff changeset	29	=========
3d1f65e43065 updated cu parents: 479 diff changeset	30	file to explain assembly code
3d1f65e43065 updated cu parents: 479 diff changeset	31
3d1f65e43065 updated cu parents: 479 diff changeset	32
395 60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	33	C0.c
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	34	====
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	35
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	36	Add the bigger string and the long is printed out differently.
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	37
402 fb0c844a26cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 400 diff changeset	38	foo("my string is too long !!!!! \x15\xcd\x5b\x07");
400 f05368d007dd updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 395 diff changeset	39
395 60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	40	C1.c
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	41	====
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	42
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	43	needs to be called using
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	44
470 6764a249118a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 467 diff changeset	45	./C1 `./args1-good`
6764a249118a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 467 diff changeset	46	./C1 `./args1-bad`
395 60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	47
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	48	or in gdb using
392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	49
395 60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	50	gdb --args ./C1 `args1-bad`
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	51
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	52
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	53	C2.c
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	54	====
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	55
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	56	called with
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	57
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	58	./args2-good \| ./C2
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	59	./args2-bad \| ./C2
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	60
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	61	C3.c
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	62	====
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	63	(shell injection)
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	64
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	65	called with
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	66
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	67	./C3
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	68
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	69	opens a new shell
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	70
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	71
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	72	C4.c
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	73	====
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	74	Format string attack
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	75
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	76	./C4 "%s"
60f64793266f added assembly programs Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 393 diff changeset	77	./C4 `./args4`
392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	78
403 92c49c160b24 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 402 diff changeset	79	This vulnerability does not need the defences, but prints out
92c49c160b24 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 402 diff changeset	80	the string only correctly with `./args4`. The %s option needs
92c49c160b24 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 402 diff changeset	81
92c49c160b24 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 402 diff changeset	82	-mpreferred-stack-boundary=2
392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	83
4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	84
479 f76074ed6c9e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 477 diff changeset	85	C6.c
f76074ed6c9e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 477 diff changeset	86	====
f76074ed6c9e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 477 diff changeset	87	Enter the password :
f76074ed6c9e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 477 diff changeset	88	hhhhhhhhhhhhhhhhhhhh
f76074ed6c9e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 477 diff changeset	89
f76074ed6c9e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 477 diff changeset	90	Wrong Password
f76074ed6c9e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 477 diff changeset	91	Root privileges given to the user
f76074ed6c9e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 477 diff changeset	92
392 4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	93	------------------------------------
4dff36e2bbc6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	94
213 9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	95	to switch off address randomization
9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	96
9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	97	echo 0 \| sudo tee /proc/sys/kernel/randomize_va_space
9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	98
9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	99
212 1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	100
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	101	C0.c
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	102
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	103	add to string
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	104
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	105	" \x15\xcd\x5b\x07"
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	106
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	107	to get
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	108
1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	109	foo("my string is too long !!!!! \x15\xcd\x5b\x07");

author	Christian Urban <urbanc@in.tum.de>
	Sat, 09 Jun 2018 21:01:46 +0100
changeset 565	d58f8e3e78a5
parent 546	3d1f65e43065
permissions	-rw-r--r--