Binary file hws/hw03.pdf has changed
--- a/hws/hw03.tex Mon Oct 05 05:20:07 2015 +0100
+++ b/hws/hw03.tex Mon Oct 05 12:25:47 2015 +0100
@@ -9,13 +9,6 @@
\HEADER
\begin{enumerate}
-\item What should the architecture of a network application under Unix
- be that processes potentially hostile data?
-
-\item What is a unikernel system and why is a unikernel
-preferable on a web server system (in contrast to a traditional
-general purpose operating system like Linux).
-
\item How does a buffer-overflow attack work? (Hint: What happens on
the stack.)
@@ -41,6 +34,10 @@
\item How can the choice of a programming language help with buffer
overflow attacks? (Hint: Why are C-programs prone to such attacks,
but not Java programs.)
+
+\item When filling the buffer that is attacked with a
+payload (starting a shell), what is the purpose of
+padding the string at the beginning with NOP-instructions.
\end{enumerate}
\end{document}
Binary file hws/hw04.pdf has changed
--- a/hws/hw04.tex Mon Oct 05 05:20:07 2015 +0100
+++ b/hws/hw04.tex Mon Oct 05 12:25:47 2015 +0100
@@ -6,6 +6,13 @@
\section*{Homework 4}
\begin{enumerate}
+\item What should the architecture of a network application under Unix
+ be that processes potentially hostile data?
+
+\item What is a unikernel system and why is a unikernel
+preferable on a web server system (in contrast to a traditional
+general purpose operating system like Linux).
+
\item What does the principle of least privilege say?
\item How can you exploit the fact that every night root has a cron
--- a/progs/README Mon Oct 05 05:20:07 2015 +0100
+++ b/progs/README Mon Oct 05 12:25:47 2015 +0100
@@ -1,3 +1,14 @@
+Virtual-Box
+
+Start "Linux Hacking" password is "test"
+
+
+
+
+
+
+------------------------------------
+
to switch off address randomization
echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
Binary file slides/slides03.pdf has changed
--- a/slides/slides03.tex Mon Oct 05 05:20:07 2015 +0100
+++ b/slides/slides03.tex Mon Oct 05 12:25:47 2015 +0100
@@ -61,10 +61,10 @@
\frametitle{Smash the Stack for Fun\ldots}
\begin{itemize}
-\item {\bf Buffer Overflow Attacks} or\\
+\item \alert{\bf Buffer Overflow Attacks (BOAs)} or\\
{\bf Smashing the Stack Attacks}\medskip
-\item one of the most popular attacks, unfortunately\\
+\item unfortunately one of the most popular attacks\\
($>$ 50\% of security incidents reported at CERT are related
to buffer overflows)
\begin{flushright}
@@ -409,20 +409,6 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
-\frametitle{Format String Vulnerability}
-
-\small
-\texttt{string} is nowhere used:\bigskip
-
-{\footnotesize\lstinputlisting[language=C]{../progs/C4.c}}\bigskip
-
-this vulnerability can be used to read out the stack
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
\frametitle{\begin{tabular}{c}Protections against\\ Buffer Overflow Attacks\end{tabular}}
\begin{itemize}
@@ -564,6 +550,19 @@
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{Format String Vulnerability}
+
+\small
+\texttt{string} is nowhere used:\bigskip
+
+{\footnotesize\lstinputlisting[language=C]{../progs/C4.c}}\bigskip
+
+this vulnerability can be used to read out the stack
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\end{document}