diff options
author | Navan Chauhan <navanchauhan@gmail.com> | 2023-10-18 20:00:35 -0600 |
---|---|---|
committer | Navan Chauhan <navanchauhan@gmail.com> | 2023-10-18 20:00:35 -0600 |
commit | fc6e82f8f35bc178fc01c01f75bd3fc090d22a99 (patch) | |
tree | cb5a6d6ce6e2455c49d4a5a6e2a1c269d0c7d195 /docs/posts | |
parent | 6e1c9bd4ef3658d2fde164c518f8df4c7e57f2bc (diff) |
add link to tags
Diffstat (limited to 'docs/posts')
-rw-r--r-- | docs/posts/2023-10-04-bomb-lab.html | 9 | ||||
-rw-r--r-- | docs/posts/2023-10-05-attack-lab.html | 71 | ||||
-rw-r--r-- | docs/posts/index.html | 230 |
3 files changed, 149 insertions, 161 deletions
diff --git a/docs/posts/2023-10-04-bomb-lab.html b/docs/posts/2023-10-04-bomb-lab.html index 799678d..c6e94db 100644 --- a/docs/posts/2023-10-04-bomb-lab.html +++ b/docs/posts/2023-10-04-bomb-lab.html @@ -49,11 +49,10 @@ <p>Lab 2 for CSCI 2400 @ CU Boulder - Computer Systems</p> <blockquote> - <p>The nefarious Dr. Evil has planted a slew of “binary bombs” on our class machines. A binary bomb is a program that consists of a sequence of phases. Each phase expects you to type a particular string on stdin. If you type the correct string, then the phase is defused and the bomb proceeds to the next phase. Otherwise, the bomb explodes by printing "BOOM!!!" and then terminating. The bomb is defused when every phase has been defused.</p> -</blockquote> - -<blockquote> - <p>There are too many bombs for us to deal with, so we are giving each student a bomb to defuse. Your mission, which you have no choice but to accept, is to defuse your bomb before the due date. Good luck, and welcome to the bomb squad!</p> + <p>The nefarious Dr. Evil has planted a slew of “binary bombs” on our class machines. A binary bomb is a program that consists of a sequence of phases. Each phase expects you to type a particular string on stdin. If you type the correct string, then the phase is defused and the bomb proceeds to the next phase. Otherwise, the bomb explodes by printing "BOOM!!!" and then terminating. The bomb is defused when every phase has been defused. + <br><br> + There are too many bombs for us to deal with, so we are giving each student a bomb to defuse. Your mission, which you have no choice but to accept, is to defuse your bomb before the due date. Good luck, and welcome to the bomb squad! + <cite>Bomb Lab Handout</cite></p> </blockquote> <p>I like using objdump to disassemble the code and get a broad overview of what is happening before I start. </p> diff --git a/docs/posts/2023-10-05-attack-lab.html b/docs/posts/2023-10-05-attack-lab.html index 82a02fe..d049a6b 100644 --- a/docs/posts/2023-10-05-attack-lab.html +++ b/docs/posts/2023-10-05-attack-lab.html @@ -49,7 +49,8 @@ <p>Lab 3 for CSCI 2400 @ CU Boulder - Computer Systems</p> <blockquote> - <p>This assignment involves generating a total of five attacks on two programs having different security vulnerabilities. The directions for this lab are detailed but not difficult to follow.</p> + <p>This assignment involves generating a total of five attacks on two programs having different security vulnerabilities. The directions for this lab are detailed but not difficult to follow. + <cite> Attack Lab Handout </cite></p> </blockquote> <p>Again, I like using objdump to disassemble the code. </p> @@ -113,11 +114,10 @@ NICE<span class="w"> </span>JOB! <h2>Phase 2</h2> <blockquote> - <p>Phase 2 involves injecting a small amount of code as part of your exploit string.</p> -</blockquote> - -<blockquote> - <p>Within the file ctarget there is code for a function touch2 having the following C representation:</p> + <p>Phase 2 involves injecting a small amount of code as part of your exploit string. + <br><br> + Within the file ctarget there is code for a function touch2 having the following C representation: + <cite>Attack Lab Handout</cite></p> </blockquote> <div class="codehilite"> @@ -138,11 +138,10 @@ NICE<span class="w"> </span>JOB! <blockquote> <p>Your task is to get CTARGET to execute the code for touch2 rather than returning to test. In this case, - however, you must make it appear to touch2 as if you have passed your cookie as its argument.</p> -</blockquote> - -<blockquote> - <p>Recall that the first argument to a function is passed in register %rdi</p> + however, you must make it appear to touch2 as if you have passed your cookie as its argument. + <br><br> + Recall that the first argument to a function is passed in register %rdi + <cite>Attack Lab Handout</cite></p> </blockquote> <p>This hint tells us that we need to store the cookie in the rdi register</p> @@ -275,22 +274,17 @@ NICE<span class="w"> </span>JOB! <h2>Phase 3</h2> <blockquote> - <p>Phase 3 also involves a code injection attack, but passing a string as argument.</p> -</blockquote> - -<blockquote> - <p>You will need to include a string representation of your cookie in your exploit string. The string should - consist of the eight hexadecimal digits (ordered from most to least significant) without a leading “0x.”</p> -</blockquote> - -<blockquote> - <p>Your injected code should set register %rdi to the address of this string</p> -</blockquote> - -<blockquote> - <p>When functions hexmatch and strncmp are called, they push data onto the stack, overwriting + <p>Phase 3 also involves a code injection attack, but passing a string as argument. + <br><br> + You will need to include a string representation of your cookie in your exploit string. The string should + consist of the eight hexadecimal digits (ordered from most to least significant) without a leading “0x.” + <br><br> + Your injected code should set register %rdi to the address of this string + <br><br> + When functions hexmatch and strncmp are called, they push data onto the stack, overwriting portions of memory that held the buffer used by getbuf. As a result, you will need to be careful - where you place the string representation of your cookie.</p> + where you place the string representation of your cookie. + <cite>Attack Lab Handout</cite></p> </blockquote> <p>Because <code>hexmatch</code> and <code>strncmp</code> might overwrite the buffer allocated for <code>getbuf</code> we will try to store the data after the function <code>touch3</code> itself.</p> @@ -390,21 +384,16 @@ NICE<span class="w"> </span>JOB! * movq * popq * ret - * nop</p> -</blockquote> - -<blockquote> - <p>All the gadgets you need can be found in the region of the code for rtarget demarcated by the - functions start<em>farm and mid</em>farm</p> -</blockquote> - -<blockquote> - <p>You can do this attack with just two gadgets</p> -</blockquote> - -<blockquote> - <p>When a gadget uses a popq instruction, it will pop data from the stack. As a result, your exploit - string will contain a combination of gadget addresses and data.</p> + * nop + <br><br> + All the gadgets you need can be found in the region of the code for rtarget demarcated by the + functions start<em>farm and mid</em>farm + <br><br> + You can do this attack with just two gadgets + <br><br> + When a gadget uses a popq instruction, it will pop data from the stack. As a result, your exploit + string will contain a combination of gadget addresses and data. + <cite>Attack Lab Handout</cite></p> </blockquote> <p>Let us check if we can find <code>popq %rdi</code> between <code>start_farm</code> and <code>end_farm</code></p> diff --git a/docs/posts/index.html b/docs/posts/index.html index f074fc5..6695789 100644 --- a/docs/posts/index.html +++ b/docs/posts/index.html @@ -6,7 +6,7 @@ <link rel="stylesheet" href="/assets/main.css" /> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> - <title>Section</title> + <title>Posts</title> <meta name="og:site_name" content="Navan Chauhan" /> <link rel="canonical" href="https://web.navan.dev/" /> <meta name="twitter:url" content="https://web.navan.dev/" /> @@ -56,15 +56,15 @@ <li>Published On: 2023-10-05 20:01</li> <li>Tags: - gdb, + <a href='/tags/gdb.html'>gdb</a>, - reverse-engineering, + <a href='/tags/reverse-engineering.html'>reverse-engineering</a>, - c++, + <a href='/tags/c++.html'>c++</a>, - csci2400, + <a href='/tags/csci2400.html'>csci2400</a>, - assembly, + <a href='/tags/assembly.html'>assembly</a> </ul> @@ -75,15 +75,15 @@ <li>Published On: 2023-10-04 13:12</li> <li>Tags: - gdb, + <a href='/tags/gdb.html'>gdb</a>, - reverse-engineering, + <a href='/tags/reverse-engineering.html'>reverse-engineering</a>, - c++, + <a href='/tags/c++.html'>c++</a>, - csci2400, + <a href='/tags/csci2400.html'>csci2400</a>, - assembly, + <a href='/tags/assembly.html'>assembly</a> </ul> @@ -94,9 +94,9 @@ <li>Published On: 2023-04-30 22:50</li> <li>Tags: - astrophysics, + <a href='/tags/astrophysics.html'>astrophysics</a>, - mathematics, + <a href='/tags/mathematics.html'>mathematics</a> </ul> @@ -107,9 +107,9 @@ <li>Published On: 2023-03-17 13:57</li> <li>Tags: - ramblings, + <a href='/tags/ramblings.html'>ramblings</a>, - writing, + <a href='/tags/writing.html'>writing</a> </ul> @@ -120,17 +120,17 @@ <li>Published On: 2023-02-08 17:21</li> <li>Tags: - Tutorial, + <a href='/tags/Tutorial.html'>Tutorial</a>, - Code-Snippet, + <a href='/tags/Code-Snippet.html'>Code-Snippet</a>, - Python, + <a href='/tags/Python.html'>Python</a>, - Siri, + <a href='/tags/Siri.html'>Siri</a>, - macOS, + <a href='/tags/macOS.html'>macOS</a>, - AppleScript, + <a href='/tags/AppleScript.html'>AppleScript</a> </ul> @@ -141,9 +141,9 @@ <li>Published On: 2022-12-25 17:32</li> <li>Tags: - Python, + <a href='/tags/Python.html'>Python</a>, - Mastodon, + <a href='/tags/Mastodon.html'>Mastodon</a> </ul> @@ -154,11 +154,11 @@ <li>Published On: 2022-11-07 23:29</li> <li>Tags: - Python, + <a href='/tags/Python.html'>Python</a>, - OCR, + <a href='/tags/OCR.html'>OCR</a>, - Microsoft Azure, + <a href='/tags/Microsoft Azure.html'>Microsoft Azure</a> </ul> @@ -169,9 +169,9 @@ <li>Published On: 2022-08-05 14:46</li> <li>Tags: - Self-Hosted, + <a href='/tags/Self-Hosted.html'>Self-Hosted</a>, - YunoHost, + <a href='/tags/YunoHost.html'>YunoHost</a> </ul> @@ -182,11 +182,11 @@ <li>Published On: 2022-05-21 17:56</li> <li>Tags: - Python, + <a href='/tags/Python.html'>Python</a>, - Transformers, + <a href='/tags/Transformers.html'>Transformers</a>, - Recommendation-System, + <a href='/tags/Recommendation-System.html'>Recommendation-System</a> </ul> @@ -197,11 +197,11 @@ <li>Published On: 2021-06-27 23:26</li> <li>Tags: - Swift, + <a href='/tags/Swift.html'>Swift</a>, - CoreML, + <a href='/tags/CoreML.html'>CoreML</a>, - NLP, + <a href='/tags/NLP.html'>NLP</a> </ul> @@ -212,9 +212,9 @@ <li>Published On: 2021-06-26 13:04</li> <li>Tags: - Cheminformatics, + <a href='/tags/Cheminformatics.html'>Cheminformatics</a>, - JavaScript, + <a href='/tags/JavaScript.html'>JavaScript</a> </ul> @@ -225,11 +225,11 @@ <li>Published On: 2021-06-25 16:20</li> <li>Tags: - iOS, + <a href='/tags/iOS.html'>iOS</a>, - Shortcuts, + <a href='/tags/Shortcuts.html'>Shortcuts</a>, - Fun, + <a href='/tags/Fun.html'>Fun</a> </ul> @@ -240,11 +240,11 @@ <li>Published On: 2021-06-25 00:08</li> <li>Tags: - Python, + <a href='/tags/Python.html'>Python</a>, - Twitter, + <a href='/tags/Twitter.html'>Twitter</a>, - Eh, + <a href='/tags/Eh.html'>Eh</a> </ul> @@ -255,13 +255,13 @@ <li>Published On: 2020-12-01 20:52</li> <li>Tags: - Tutorial, + <a href='/tags/Tutorial.html'>Tutorial</a>, - Code-Snippet, + <a href='/tags/Code-Snippet.html'>Code-Snippet</a>, - HTML, + <a href='/tags/HTML.html'>HTML</a>, - JavaScript, + <a href='/tags/JavaScript.html'>JavaScript</a> </ul> @@ -272,11 +272,11 @@ <li>Published On: 2020-11-17 15:04</li> <li>Tags: - Tutorial, + <a href='/tags/Tutorial.html'>Tutorial</a>, - Code-Snippet, + <a href='/tags/Code-Snippet.html'>Code-Snippet</a>, - Web-Development, + <a href='/tags/Web-Development.html'>Web-Development</a> </ul> @@ -287,11 +287,11 @@ <li>Published On: 2020-10-11 16:12</li> <li>Tags: - Tutorial, + <a href='/tags/Tutorial.html'>Tutorial</a>, - Review, + <a href='/tags/Review.html'>Review</a>, - Webcam, + <a href='/tags/Webcam.html'>Webcam</a> </ul> @@ -302,13 +302,13 @@ <li>Published On: 2020-08-01 15:43</li> <li>Tags: - Tutorial, + <a href='/tags/Tutorial.html'>Tutorial</a>, - AR.js, + <a href='/tags/AR.js.html'>AR.js</a>, - JavaScript, + <a href='/tags/JavaScript.html'>JavaScript</a>, - Augmented-Reality, + <a href='/tags/Augmented-Reality.html'>Augmented-Reality</a> </ul> @@ -319,11 +319,11 @@ <li>Published On: 2020-07-01 14:23</li> <li>Tags: - Tutorial, + <a href='/tags/Tutorial.html'>Tutorial</a>, - Code-Snippet, + <a href='/tags/Code-Snippet.html'>Code-Snippet</a>, - Colab, + <a href='/tags/Colab.html'>Colab</a> </ul> @@ -334,15 +334,15 @@ <li>Published On: 2020-06-02 23:23</li> <li>Tags: - iOS, + <a href='/tags/iOS.html'>iOS</a>, - Jailbreak, + <a href='/tags/Jailbreak.html'>Jailbreak</a>, - Cheminformatics, + <a href='/tags/Cheminformatics.html'>Cheminformatics</a>, - AutoDock Vina, + <a href='/tags/AutoDock Vina.html'>AutoDock Vina</a>, - Molecular-Docking, + <a href='/tags/Molecular-Docking.html'>Molecular-Docking</a> </ul> @@ -353,15 +353,15 @@ <li>Published On: 2020-06-01 13:10</li> <li>Tags: - Code-Snippet, + <a href='/tags/Code-Snippet.html'>Code-Snippet</a>, - Molecular-Docking, + <a href='/tags/Molecular-Docking.html'>Molecular-Docking</a>, - Cheminformatics, + <a href='/tags/Cheminformatics.html'>Cheminformatics</a>, - Open-Babel, + <a href='/tags/Open-Babel.html'>Open-Babel</a>, - AutoDock Vina, + <a href='/tags/AutoDock Vina.html'>AutoDock Vina</a> </ul> @@ -372,13 +372,13 @@ <li>Published On: 2020-05-31 23:30</li> <li>Tags: - iOS, + <a href='/tags/iOS.html'>iOS</a>, - Jailbreak, + <a href='/tags/Jailbreak.html'>Jailbreak</a>, - Cheminformatics, + <a href='/tags/Cheminformatics.html'>Cheminformatics</a>, - Open-Babel, + <a href='/tags/Open-Babel.html'>Open-Babel</a> </ul> @@ -389,9 +389,9 @@ <li>Published On: 2020-04-13 11:41</li> <li>Tags: - Molecular-Dynamics, + <a href='/tags/Molecular-Dynamics.html'>Molecular-Dynamics</a>, - macOS, + <a href='/tags/macOS.html'>macOS</a> </ul> @@ -402,9 +402,9 @@ <li>Published On: 2020-03-08 23:17</li> <li>Tags: - Vaporwave, + <a href='/tags/Vaporwave.html'>Vaporwave</a>, - Music, + <a href='/tags/Music.html'>Music</a> </ul> @@ -415,9 +415,9 @@ <li>Published On: 2020-03-03 18:37</li> <li>Tags: - Android-TV, + <a href='/tags/Android-TV.html'>Android-TV</a>, - Android, + <a href='/tags/Android.html'>Android</a> </ul> @@ -428,13 +428,13 @@ <li>Published On: 2020-01-19 15:27</li> <li>Tags: - Code-Snippet, + <a href='/tags/Code-Snippet.html'>Code-Snippet</a>, - tutorial, + <a href='/tags/tutorial.html'>tutorial</a>, - Raspberry-Pi, + <a href='/tags/Raspberry-Pi.html'>Raspberry-Pi</a>, - Linux, + <a href='/tags/Linux.html'>Linux</a> </ul> @@ -445,11 +445,11 @@ <li>Published On: 2020-01-16 10:36</li> <li>Tags: - Tutorial, + <a href='/tags/Tutorial.html'>Tutorial</a>, - Colab, + <a href='/tags/Colab.html'>Colab</a>, - Turicreate, + <a href='/tags/Turicreate.html'>Turicreate</a> </ul> @@ -460,13 +460,13 @@ <li>Published On: 2020-01-15 23:36</li> <li>Tags: - Tutorial, + <a href='/tags/Tutorial.html'>Tutorial</a>, - Colab, + <a href='/tags/Colab.html'>Colab</a>, - Turicreate, + <a href='/tags/Turicreate.html'>Turicreate</a>, - Kaggle, + <a href='/tags/Kaggle.html'>Kaggle</a> </ul> @@ -477,9 +477,9 @@ <li>Published On: 2020-01-14 00:10</li> <li>Tags: - Code-Snippet, + <a href='/tags/Code-Snippet.html'>Code-Snippet</a>, - Tutorial, + <a href='/tags/Tutorial.html'>Tutorial</a> </ul> @@ -490,13 +490,13 @@ <li>Published On: 2019-12-22 11:10</li> <li>Tags: - Tutorial, + <a href='/tags/Tutorial.html'>Tutorial</a>, - Colab, + <a href='/tags/Colab.html'>Colab</a>, - SwiftUI, + <a href='/tags/SwiftUI.html'>SwiftUI</a>, - Turicreate, + <a href='/tags/Turicreate.html'>Turicreate</a> </ul> @@ -507,11 +507,11 @@ <li>Published On: 2019-12-16 14:16</li> <li>Tags: - Tutorial, + <a href='/tags/Tutorial.html'>Tutorial</a>, - Tensorflow, + <a href='/tags/Tensorflow.html'>Tensorflow</a>, - Colab, + <a href='/tags/Colab.html'>Colab</a> </ul> @@ -522,11 +522,11 @@ <li>Published On: 2019-12-10 11:10</li> <li>Tags: - Tutorial, + <a href='/tags/Tutorial.html'>Tutorial</a>, - Tensorflow, + <a href='/tags/Tensorflow.html'>Tensorflow</a>, - Code-Snippet, + <a href='/tags/Code-Snippet.html'>Code-Snippet</a> </ul> @@ -537,11 +537,11 @@ <li>Published On: 2019-12-08 14:16</li> <li>Tags: - Tutorial, + <a href='/tags/Tutorial.html'>Tutorial</a>, - Tensorflow, + <a href='/tags/Tensorflow.html'>Tensorflow</a>, - Colab, + <a href='/tags/Colab.html'>Colab</a> </ul> @@ -552,9 +552,9 @@ <li>Published On: 2019-12-08 13:27</li> <li>Tags: - Code-Snippet, + <a href='/tags/Code-Snippet.html'>Code-Snippet</a>, - Tutorial, + <a href='/tags/Tutorial.html'>Tutorial</a> </ul> @@ -565,7 +565,7 @@ <li>Published On: 2019-12-04 18:23</li> <li>Tags: - Tutorial, + <a href='/tags/Tutorial.html'>Tutorial</a> </ul> @@ -576,15 +576,15 @@ <li>Published On: 2019-05-05 12:34</li> <li>Tags: - Tutorial, + <a href='/tags/Tutorial.html'>Tutorial</a>, - Jailbreak, + <a href='/tags/Jailbreak.html'>Jailbreak</a>, - Designing, + <a href='/tags/Designing.html'>Designing</a>, - Snowboard, + <a href='/tags/Snowboard.html'>Snowboard</a>, - Anemone, + <a href='/tags/Anemone.html'>Anemone</a> </ul> @@ -595,7 +595,7 @@ <li>Published On: 2019-04-16 17:39</li> <li>Tags: - hello-world, + <a href='/tags/hello-world.html'>hello-world</a> </ul> @@ -606,7 +606,7 @@ <li>Published On: 2010-01-24 23:43</li> <li>Tags: - Experiment, + <a href='/tags/Experiment.html'>Experiment</a> </ul> |