Minutes 2024-12-05: Difference between revisions
Jump to navigation
Jump to search
m (Added to Meeting Minutes Category) |
(i added a section for solutions then realized idk if we have the mediawiki spoiler extension) |
||
| (One intermediate revision by one other user not shown) | |||
| Line 6: | Line 6: | ||
#### Reset it after the meeting |
#### Reset it after the meeting |
||
## <code>chal0</code> |
## <code>chal0</code> |
||
### input is stdin |
### input is <code>stdin</code> |
||
### set pointer to 0xDEADBEEF |
### set pointer to <code>0xDEADBEEF</code> |
||
## <code>chal00</code> |
## <code>chal00</code> |
||
### input is argv[0] |
### input is <code>argv[0]</code> |
||
### 29 byte offset for integer |
### 29 byte offset for integer |
||
### 4 bytes for EDP |
### 4 bytes for EDP |
||
| Line 23: | Line 23: | ||
## Josh had to disable every security measure in the compiler (such as stack canaries), as well as ASLR on the system for the challenge to even work |
## Josh had to disable every security measure in the compiler (such as stack canaries), as well as ASLR on the system for the challenge to even work |
||
### There are a lot of mechanisms nowadays to prevent these exact vulnerabilities |
### There are a lot of mechanisms nowadays to prevent these exact vulnerabilities |
||
#Solutions to challenges: |
|||
##<code>chal0</code>: |
|||
##<code>chal00</code>: |
|||
##<code>chal1</code>: |
|||
# Some news |
# Some news |
||
## We got the subnet from IT! |
## We got the subnet from IT! |
||
### It'll be a /27 (32 theoretical IPs, probably ~28 usable) |
### It'll be a <code>/27</code> (32 theoretical IPs, probably ~28 usable) |
||
### It's not impossible for student orgs to manage their own domains too |
### It's not impossible for student orgs to manage their own domains too |
||
#### However all subdomains need to be approved by the University's Marketing and Resources department |
#### However all subdomains need to be approved by the University's Marketing and Resources department |
||
Latest revision as of 19:51, 9 December 2024
- Alex showed up for the first time in a while
- Jesse (from IT) showed up!
- Josh's presentation on Linux buffer overflows [1]
- ssh into shell, then
cd /home/jhstiebe/chal- Used Arney's account as temp for a non-member...
- Reset it after the meeting
- Used Arney's account as temp for a non-member...
chal0- input is
stdin - set pointer to
0xDEADBEEF
- input is
chal00- input is
argv[0] - 29 byte offset for integer
- 4 bytes for EDP
- input is
- These are 32-bit binaries
- 64-bit binaries have registers and gadgets instead of a 'stack', "return-oriented programming"
chal1- I didn't get this far lol
- Builds are definitely not optimized by the compiler
- They might even be compiled as debug
- compiler freaked out about
getsbut notstrcpy- libc doesn't even implement it but still gives a bunch of warnings if you import it yourself
- Josh compiled it with default gcc C standard library version,
getsmight have worked if he used C99
- Josh had to disable every security measure in the compiler (such as stack canaries), as well as ASLR on the system for the challenge to even work
- There are a lot of mechanisms nowadays to prevent these exact vulnerabilities
- ssh into shell, then
- Solutions to challenges:
chal0:chal00:chal1:
- Some news
- We got the subnet from IT!
- It'll be a
/27(32 theoretical IPs, probably ~28 usable) - It's not impossible for student orgs to manage their own domains too
- However all subdomains need to be approved by the University's Marketing and Resources department
- I suspect this is why all student orgs I know of just buy their own domain and use that instead
- ITO with itoxygen.com
- LUG with linuxusers.group
- NCSA with ncsa.tech
- WMTU with wmtu.fm
- It'll be a
- The HGST drive hacking continues....
- Jesse says someone in the university might have a license to SCSITools
- Ron will ask around
- Jesse +1'd SartenX's recommendation asking Hydata for a free license as students
- Jesse says someone in the university might have a license to SCSITools
- We got the subnet from IT!