# HG changeset patch # User Christian Urban # Date 1444044347 -3600 # Node ID 4dff36e2bbc6e1c64cb775a2cbb0687ab506a596 # Parent a612dd3ddc818de5131b5b50459d81a39dc4b0e0 updated diff -r a612dd3ddc81 -r 4dff36e2bbc6 hws/hw03.pdf Binary file hws/hw03.pdf has changed diff -r a612dd3ddc81 -r 4dff36e2bbc6 hws/hw03.tex --- a/hws/hw03.tex Mon Oct 05 05:20:07 2015 +0100 +++ b/hws/hw03.tex Mon Oct 05 12:25:47 2015 +0100 @@ -9,13 +9,6 @@ \HEADER \begin{enumerate} -\item What should the architecture of a network application under Unix - be that processes potentially hostile data? - -\item What is a unikernel system and why is a unikernel -preferable on a web server system (in contrast to a traditional -general purpose operating system like Linux). - \item How does a buffer-overflow attack work? (Hint: What happens on the stack.) @@ -41,6 +34,10 @@ \item How can the choice of a programming language help with buffer overflow attacks? (Hint: Why are C-programs prone to such attacks, but not Java programs.) + +\item When filling the buffer that is attacked with a +payload (starting a shell), what is the purpose of +padding the string at the beginning with NOP-instructions. \end{enumerate} \end{document} diff -r a612dd3ddc81 -r 4dff36e2bbc6 hws/hw04.pdf Binary file hws/hw04.pdf has changed diff -r a612dd3ddc81 -r 4dff36e2bbc6 hws/hw04.tex --- a/hws/hw04.tex Mon Oct 05 05:20:07 2015 +0100 +++ b/hws/hw04.tex Mon Oct 05 12:25:47 2015 +0100 @@ -6,6 +6,13 @@ \section*{Homework 4} \begin{enumerate} +\item What should the architecture of a network application under Unix + be that processes potentially hostile data? + +\item What is a unikernel system and why is a unikernel +preferable on a web server system (in contrast to a traditional +general purpose operating system like Linux). + \item What does the principle of least privilege say? \item How can you exploit the fact that every night root has a cron diff -r a612dd3ddc81 -r 4dff36e2bbc6 progs/README --- a/progs/README Mon Oct 05 05:20:07 2015 +0100 +++ b/progs/README Mon Oct 05 12:25:47 2015 +0100 @@ -1,3 +1,14 @@ +Virtual-Box + +Start "Linux Hacking" password is "test" + + + + + + +------------------------------------ + to switch off address randomization echo 0 | sudo tee /proc/sys/kernel/randomize_va_space diff -r a612dd3ddc81 -r 4dff36e2bbc6 slides/slides03.pdf Binary file slides/slides03.pdf has changed diff -r a612dd3ddc81 -r 4dff36e2bbc6 slides/slides03.tex --- a/slides/slides03.tex Mon Oct 05 05:20:07 2015 +0100 +++ b/slides/slides03.tex Mon Oct 05 12:25:47 2015 +0100 @@ -61,10 +61,10 @@ \frametitle{Smash the Stack for Fun\ldots} \begin{itemize} -\item {\bf Buffer Overflow Attacks} or\\ +\item \alert{\bf Buffer Overflow Attacks (BOAs)} or\\ {\bf Smashing the Stack Attacks}\medskip -\item one of the most popular attacks, unfortunately\\ +\item unfortunately one of the most popular attacks\\ ($>$ 50\% of security incidents reported at CERT are related to buffer overflows) \begin{flushright} @@ -409,20 +409,6 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] -\frametitle{Format String Vulnerability} - -\small -\texttt{string} is nowhere used:\bigskip - -{\footnotesize\lstinputlisting[language=C]{../progs/C4.c}}\bigskip - -this vulnerability can be used to read out the stack - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] \frametitle{\begin{tabular}{c}Protections against\\ Buffer Overflow Attacks\end{tabular}} \begin{itemize} @@ -564,6 +550,19 @@ \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Format String Vulnerability} + +\small +\texttt{string} is nowhere used:\bigskip + +{\footnotesize\lstinputlisting[language=C]{../progs/C4.c}}\bigskip + +this vulnerability can be used to read out the stack + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \end{document}