More memory corruption

We went through last weeks session for those who where not here, and then did some practical work on how memory corruption vulnerabilities are exploited.

Target of last week was to solve the level bof on https://pwnable.kr/play.php

The information we went through last week was a pretty much the lecture “Introduction to Memory Corruption” from http://security.cs.rpi.edu/courses/binexp-spring2015/ There are good slides, have a look if you want! =)

Stack layout and reverse engineering

We looked at the calling conventions of x86, and how if-then-else looks in assembler code.

Every stack frame has local variables and arguments, see for example: https://ocw.cs.pub.ro/courses/cns/labs/lab-02#function_calls

The site https://godbolt.org is a nice way to see how C-code turns into assembler. It uses color coding to illustrate how C and assembler correspond to each other.

A conditional jump in x86 consists of first a compare and then a conditional jump. Try to think of them as tightly coupled instructions. This might be easier than keeping the flag register in your head.

Remote challenges

We were looking at the challenges at http://io.netgarage.org/ They are a good, progressive introduction to reverse engineering and exploit development.

We played through the first two, they covered basic reverse engineering and integer arithmetics. There are also alternative levels to look at, don’t forget them!

Next week

Lars will be in South Korea to play in a CTF final, so he won’t be able to attend. Is there intrest to meet up anyway?