We went through last weeks session for those who where not here, and then did some practical work on how memory corruption vulnerabilities are exploited.
Target of last week was to solve the level
bof on https://pwnable.kr/play.php
The information we went through last week was a pretty much the lecture “Introduction to Memory Corruption” from http://security.cs.rpi.edu/courses/binexp-spring2015/ There are good slides, have a look if you want! =)
Stack layout and reverse engineering
We looked at the calling conventions of x86, and how if-then-else looks in assembler code.
Every stack frame has local variables and arguments, see for example: https://ocw.cs.pub.ro/courses/cns/labs/lab-02#function_calls
The site https://godbolt.org is a nice way to see how C-code turns into assembler. It uses color coding to illustrate how C and assembler correspond to each other.
A conditional jump in x86 consists of first a compare and then a conditional jump. Try to think of them as tightly coupled instructions. This might be easier than keeping the flag register in your head.
We were looking at the challenges at http://io.netgarage.org/ They are a good, progressive introduction to reverse engineering and exploit development.
We played through the first two, they covered basic reverse engineering and integer arithmetics. There are also alternative levels to look at, don’t forget them!
Lars will be in South Korea to play in a CTF final, so he won’t be able to attend. Is there intrest to meet up anyway?