Minutes 2024-12-05

From MTU LUG Wiki
Revision as of 19:51, 9 December 2024 by DangerDC (talk | contribs) (i added a section for solutions then realized idk if we have the mediawiki spoiler extension)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
  1. Alex showed up for the first time in a while
  2. Jesse (from IT) showed up!
  3. Josh's presentation on Linux buffer overflows [1]
    1. ssh into shell, then cd /home/jhstiebe/chal
      1. Used Arney's account as temp for a non-member...
        1. Reset it after the meeting
    2. chal0
      1. input is stdin
      2. set pointer to 0xDEADBEEF
    3. chal00
      1. input is argv[0]
      2. 29 byte offset for integer
      3. 4 bytes for EDP
    4. These are 32-bit binaries
      1. 64-bit binaries have registers and gadgets instead of a 'stack', "return-oriented programming"
    5. chal1
      1. I didn't get this far lol
    6. Builds are definitely not optimized by the compiler
      1. They might even be compiled as debug
    7. compiler freaked out about gets but not strcpy
      1. libc doesn't even implement it but still gives a bunch of warnings if you import it yourself
      2. Josh compiled it with default gcc C standard library version, gets might have worked if he used C99
    8. Josh had to disable every security measure in the compiler (such as stack canaries), as well as ASLR on the system for the challenge to even work
      1. There are a lot of mechanisms nowadays to prevent these exact vulnerabilities
  4. Solutions to challenges:
    1. chal0:
    2. chal00:
    3. chal1:
  5. Some news
    1. We got the subnet from IT!
      1. It'll be a /27 (32 theoretical IPs, probably ~28 usable)
      2. It's not impossible for student orgs to manage their own domains too
        1. However all subdomains need to be approved by the University's Marketing and Resources department
        2. I suspect this is why all student orgs I know of just buy their own domain and use that instead
          1. ITO with itoxygen.com
          2. LUG with linuxusers.group
          3. NCSA with ncsa.tech
          4. WMTU with wmtu.fm
    2. The HGST drive hacking continues....
      1. Jesse says someone in the university might have a license to SCSITools
        1. Ron will ask around
      2. Jesse +1'd SartenX's recommendation asking Hydata for a free license as students