More actions
- Alex showed up for the first time in a while
- Jesse (from IT) showed up!
- Josh's presentation on Linux buffer overflows [1]
- ssh into shell, then
cd /home/jhstiebe/chal- Used Arney's account as temp for a non-member...
- Reset it after the meeting
- Used Arney's account as temp for a non-member...
chal0- input is stdin
- set pointer to 0xDEADBEEF
chal00- input is argv[0]
- 29 byte offset for integer
- 4 bytes for EDP
- These are 32-bit binaries
- 64-bit binaries have registers and gadgets instead of a 'stack', "return-oriented programming"
chal1- I didn't get this far lol
- Builds are definitely not optimized by the compiler
- They might even be compiled as debug
- compiler freaked out about
getsbut notstrcpy- libc doesn't even implement it but still gives a bunch of warnings if you import it yourself
- Josh compiled it with default gcc C standard library version,
getsmight have worked if he used C99
- Josh had to disable every security measure in the compiler (such as stack canaries), as well as ASLR on the system for the challenge to even work
- There are a lot of mechanisms nowadays to prevent these exact vulnerabilities
- ssh into shell, then
- Some news
- We got the subnet from IT!
- It'll be a /27 (32 theoretical IPs, probably ~28 usable)
- It's not impossible for student orgs to manage their own domains too
- However all subdomains need to be approved by the University's Marketing and Resources department
- I suspect this is why all student orgs I know of just buy their own domain and use that instead
- ITO with itoxygen.com
- LUG with linuxusers.group
- NCSA with ncsa.tech
- WMTU with wmtu.fm
- The HGST drive hacking continues....
- Jesse says someone in the university might have a license to SCSITools
- Ron will ask around
- Jesse +1'd SartenX's recommendation asking Hydata for a free license as students
- Jesse says someone in the university might have a license to SCSITools
- We got the subnet from IT!