Minutes 2024-12-05: Difference between revisions

Jump to navigation Jump to search

Minutes 2024-12-05 (view source)

Revision as of 04:57, 6 December 2024

1,137 bytes added ,  6 December
fixed up unfinished notes and added some more content
(initial commit)
 
(fixed up unfinished notes and added some more content)
# Alex showed up for the first time in a while
# Jesse (from IT) and Alex showed up!
# Josh's presentation on Linux buffer overflows!
# Josh's presentation on Linux buffer overflows [https://docs.google.com/presentation/d/1d3SiXnAacS5PeexusyiQWOLgdcf_MXyxOBSMpc6mIdM/edit#slide=id.p]
## ssh into shell, then <code>cd /home/jhstiebe/chal</code>
### Used Arney's account as temp for a non-member...
#### Reset it after the meeting
## chal0
## <code>chal0</code>
### input is stdin
### set value '____'pointer to 0xDEADBEEF
## <code>chal00</code>
### input is argv[0]
### 29 bytesbyte offset for ____integer
### 4 bytes for EDP
## These are 32-bit binaries
### 64-bit binaries have registers and gadgets instead of a 'stack', "return-oriented programming"
## <code>chal1</code>
###I didn't get this far lol
###
## buildsBuilds are definitely not optimized by the compiler
### They might even be compiled as debug
## compiler freaked out about <code>gets</code> but not <code>strcpy</code>
### libc doesn't even implement it but still gives a bunch of warnings whenif reimplementingyou import it yourself
### Josh compiled it with default gcc C standard library version, <code>gets</code> might have worked if he used C99
## Josh had to disable every security measure in the compiler (such as stack canaries), as well as ASLR on the system for the challenge to even work
### There are a lot of mechanisms nowadays to prevent these exact vulnerabilities
# Some news
## We got the subnet from IT!
### It'll be a /27 (32 theoretical IPs, probably ~28 usable)
### It's not impossible for student porgsorgs to anagemanage their own domains too
#### ManagedHowever all subdomains need to be approved by the University's Marketing and Resources department
#### I suspect this is why all student orgs I know of just buy their own domain and use that instead
 
##### ITO with [https://www.itoxygen.com/ itoxygen.com]
 
##### LUG with [https://linuxusers.group/ linuxusers.group]
 
##### NCSA with [https://ncsa.tech/ ncsa.tech]
Solutions:
##### WMTU with [https://wmtu.fm/ wmtu.fm]
## [[Locked HGST drives|The HGST drive hacking]] continues....
### Jesse says someone in the university might have a license to SCSITools
#### Ron will ask around
### Jesse +1'd SartenX's recommendation asking Hydata for a free license as students
Retrieved from "https://lug.mtu.edu/wiki/Special:MobileDiff/7732"

Navigation menu