forked from open-education-hub/operating-systems
-
Notifications
You must be signed in to change notification settings - Fork 61
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Vica Teodor Andrei <[email protected]>
- Loading branch information
Showing
59 changed files
with
373 additions
and
852 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 0 additions & 31 deletions
31
chapters/data/memory-security/drills/tasks/aslr/solution/Makefile
This file was deleted.
Oops, something went wrong.
8 changes: 0 additions & 8 deletions
8
chapters/data/memory-security/drills/tasks/aslr/solution/Makefile.aslr
This file was deleted.
Oops, something went wrong.
13 changes: 0 additions & 13 deletions
13
chapters/data/memory-security/drills/tasks/aslr/solution/aslr.c
This file was deleted.
Oops, something went wrong.
1 change: 1 addition & 0 deletions
1
chapters/data/memory-security/drills/tasks/aslr/solution/src/.gitignore
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
/aslr |
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
41 changes: 41 additions & 0 deletions
41
chapters/data/memory-security/drills/tasks/aslr/solution/tests/graded_test.inc.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
#!/bin/bash | ||
# SPDX-License-Identifier: BSD-3-Clause | ||
|
||
# | ||
# Print test result. Printed message should fit in 72 characters. | ||
# | ||
# Print format is: | ||
# | ||
# description ...................... passed ... NNN | ||
# description ...................... failed ... NNN | ||
# 32 chars 24 chars 6 3 3 | ||
# | ||
|
||
print_test() | ||
{ | ||
func="$1" | ||
result="$2" | ||
points="$3" | ||
|
||
if test "$points" -gt 999; then | ||
points=999 | ||
fi | ||
|
||
printf "%-32s " "${func:0:31}" | ||
printf "........................" | ||
if test "$result" -eq 0; then | ||
printf " passed ... %3d\n" "$points" | ||
else | ||
printf " failed ... 0\n" | ||
fi | ||
} | ||
|
||
run_test() | ||
{ | ||
func="$1" | ||
points="$2" | ||
|
||
# Run in subshell. | ||
(eval "$func") | ||
print_test "$func" "$?" "$points" | ||
} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
36 changes: 36 additions & 0 deletions
36
chapters/data/memory-security/drills/tasks/aslr/solution/tests/test.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
#!/bin/bash | ||
# SPDX-License-Identifier: BSD-3-Clause | ||
|
||
source graded_test.inc.sh | ||
|
||
shellcode=./../aslr | ||
#result=./../solution/results.txt | ||
|
||
if test -z "$SRC_PATH"; then | ||
SRC_PATH=./.. | ||
fi | ||
|
||
test_aslr() | ||
{ | ||
# echo -n "edx,0x" >> result | ||
# objdump -M intel -d "$shellcode" | grep "<pawned>:" | awk '{gsub(/^0+/, "", $1); print $1}' >> result | ||
# vari=$(cat result) | ||
|
||
# objdump -M intel -d "$shellcode" | grep "$vari" >> result | ||
|
||
# if [ $? -eq 0 ]; then | ||
# rm result | ||
# exit 0 | ||
# fi | ||
|
||
# rm result | ||
# exit 1 | ||
nm "$shellcode" | grep -q "w _ITM_deregisterTMCloneTable" | ||
if [ $? -eq 0 ]; then | ||
exit 0 | ||
fi | ||
|
||
exit 1 | ||
} | ||
|
||
run_test test_aslr 100 |
18 changes: 18 additions & 0 deletions
18
chapters/data/memory-security/drills/tasks/bypassing-stack-protector/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,27 @@ | ||
# Bypassing the Stack Protector | ||
|
||
For the beggining, use the `generate_skels.py` script to generate the `support` directory where you will solve the task. To use the script, simply type `make skels` in the `bypassing-stack-protector` directory. | ||
|
||
Then, go to `support`. Here, you need to access the directory named `src` where you will find the checker and all the files needed for this task. | ||
|
||
|
||
Inspect the `chapters/data/memory-security/drills/tasks/bypassing-stack-protector/support/stack_protector.c` source file. | ||
Compile the program and examine the object code. | ||
Try to identify the canary value. | ||
Using the `addr` variable, write 2 `scanf` instructions: one that overwrites the canary with the correct value and one that overwrites the return address with the address of function `pawned`. | ||
In case of a successful exploit a video will be offered as reward. | ||
|
||
If you're having difficulties solving this exercise, go through [this](../../../reading/memory-security.md) reading material. | ||
|
||
### Checker ### | ||
To run the checker, go into the `tests` directory located in `src`, then type `make check`. | ||
A successful output of the checker should look like this : | ||
|
||
```console | ||
student@os:~/.../drills/tasks/aslr/support/src/tests make check | ||
test_bypassing-stackprotector ........................ passed ... 100 | ||
|
||
======================================================================== | ||
|
||
Total: 100/100 | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
chapters/data/memory-security/drills/tasks/bypassing-stack-protector/solution/src/.gitignore
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
/stack_protector |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
34 changes: 34 additions & 0 deletions
34
chapters/data/memory-security/drills/tasks/bypassing-stack-protector/solution/tests/Makefile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
SRC_PATH ?= ../ | ||
FULL_SRC_PATH = $(realpath $(SRC_PATH)) | ||
CPPFLAGS = -I. -I$(realpath $(SRC_PATH)) -I../utils | ||
CFLAGS = -Wall -Wextra | ||
# Remove the line below to disable debugging support. | ||
CFLAGS += -g -O0 | ||
|
||
SRCS = $(wildcard *.asm) | ||
SHELLCODES = $(patsubst %.asm,%,$(SRCS)) | ||
|
||
.PHONY: all src check lint clean | ||
|
||
all: $(SHELLCODES) src | ||
|
||
$(SHELLCODES): %:%.asm | src | ||
nasm -o $@ $< | ||
|
||
src: | ||
make -C $(FULL_SRC_PATH) | ||
|
||
check: $(SHELLCODES) | ||
make -C $(FULL_SRC_PATH) clean | ||
make clean | ||
make -i SRC_PATH=$(FULL_SRC_PATH) | ||
sudo bash ./run_all_tests.sh | ||
|
||
lint: | ||
-cd .. && checkpatch.pl -f src/*.c | ||
-cd .. && checkpatch.pl -f tests/*.sh | ||
-cd .. && cpplint --recursive src/ | ||
-cd .. && shellcheck tests/*.sh | ||
|
||
clean: | ||
-rm -f *~ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -38,4 +38,4 @@ run_test() | |
# Run in subshell. | ||
(eval "$func") | ||
print_test "$func" "$?" "$points" | ||
} | ||
} |
21 changes: 21 additions & 0 deletions
21
...ta/memory-security/drills/tasks/bypassing-stack-protector/solution/tests/run_all_tests.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
#!/bin/bash | ||
# SPDX-License-Identifier: BSD-3-Clause | ||
|
||
if test -z "$SRC_PATH"; then | ||
SRC_PATH=../ | ||
fi | ||
|
||
export SRC_PATH | ||
echo "" | ||
( | ||
bash test.sh | ||
) | tee results.txt | ||
echo "" | ||
echo "========================================================================" | ||
total=$(grep '\( passed \| failed \)' results.txt | rev | cut -d ' ' -f 1 | rev | paste -s -d'+' | bc) | ||
echo "" | ||
echo -n "Total: " | ||
echo -n " " | ||
LC_ALL=C printf "%3d/100\n" "$total" | ||
|
||
rm results.txt |
Oops, something went wrong.