Task categories

Category 1: bug hunting (sources and binaries at http://swarm.cs.pub.ro/~rcaragea/bug_hunt.zip )

  • bitcount
    • The program has three methods of computing set bits, are they equivalent? Fix the bugs and end all doubts.
  • index
    • It shouldn't be possible to call 'good_func()' but it is. Fix it.
  • string_lord
    • Find out the bugs with calc_size(). See what happens with inputs like:
      • 1 aaaaaaaaaaaaaa
      • 128 aaaa

Category 2: address space recap

  • gatekeeper_01 Login password: '4321'
  • gatekeeper_02 Login password: '657a609fb15bfb8aa11d4566143e11eb'
  • gatekeeper_03 Login password: 'd7e3fb11c279ca1eb7df1039880f20f5'
    • Hint: what happens before main() is called?

Category 3: memory corruption

  • randmin_01 Login password: '1234'
  • randmin_02 Login password: '2c9788a87a7acb45cdb145f1a838af40'
  • randmin_03: You need to defeat NX by returning to (hijacking control flow into) a libc function. Login password: 'd1c740616eea5ce69d53a4493cf15fa7'
  • randmin_04: Same as above but this task does not call system anywhere.
  • randmin_05: You need to defeat NX + ASLR
    • To solve this task and the next ones you have to activate ASLR. There is a shortcut provided for this: just run 'aslr_online' on the lab machines
    • Why doesn't the previous solution work this time?
  • randmin_06: You need to defeat NX + ASLR + PIE
  • randmin_07 (Bonus) : You need to defeat NX + ASLR + PIE + SSP
sesiuni/memory/5.txt · Last modified: 2013/07/12 17:45 by rcaragea