Lab 09: Randomization Shmadomization

Submission instructions for labs can be found on the resource pages. In paticular, you should view this subsection: Creating a new branch and submitting

Description

• Write a brute forcing program to exploit the program and retrieve the secret flag.

Preamble

• The assignment must be completed on the saddleback VM which can be reached as follows:

  ssh -p 2222 saddleback.academy.usna.edu
  

• gitlab repository for this lab is found here

  http://saddleback.academy.usna.edu/aviv/lab-9.1
  

Instructions

• Fork and clone the repository
• You will find a compiled binary of the program you will exploit, whatsyourname

• You will exploit this program not on your local VM but on the saddleback VM which you can reach using the instructions above. You can find the whatsourname program here:

  /home/aviv/lab/9.1/whatsyourname
  

• You will need to exploit this program in a brute force manner, however be mindful that there is a bit of extra randomness that you'll need to deal with :)

• Once you've exploited the program, you'll need to develop some shell code that will give you access to the flag, found at this path on the saddleback VM:

  /home/aviv/lab/9.1/flag
  

• Once you've retrieve the flag, copy the contents to the file called flag in your git repo, and submit that with your repository.

Submission

• You must submit at least two files:
  • flag : contents of the flag file
  • brute_force.sh : shell code for completing the brute force, which when run, will exploit the whatsyourname program … eventually.

Hints

• Where is the randomness coming in? How does this affect your ability to hack the program?
• What should your shell code be?

Description

• Develop an exploit for the program and retrieve the secret flag.

Preamble

• The assignment must be completed on the saddleback VM which can be reached as follows:

  ssh -p 2222 saddleback.academy.usna.edu
  

• gitlab repository for this lab is found here

  http://saddleback.academy.usna.edu/aviv/lab-9.2
  

Instructions

• Fork and clone the repository
• You will find a compiled binary of the program you will exploit, information
• The information program is a server and is currently running on the saddleback VM on port 1845. This port is only accesible on the saddleback VM.

• Once you exploit the program, you will need to retrieve the flag found here:

  /home/aviv/lab/9.2/flag
  

• Once you've retrieve the flag, copy the contents to the file called flag in your git repo, and submit that with your repository.

Submission

• You must submit at least one file:
  • flag : contents of the secret flag

Hints

• dmesg output is soooo, sooooo, soooo, sooooo useful

Description

• Develop an exploit for the program and retrieve the secret flag.

Preamble

• The assignment can be completed on your own VM

• gitlab repository for this lab is found here

  http://saddleback.academy.usna.edu/aviv/lab-9.3
  

Instructions

• Fork and clone the repository
• You will find a compiled binary of the programs you will exploit, information and handle_client
• The information program is a server running on a saddleback VM on port 5321. However, this is NOT the same as the saddleback VM you have remote ssh access to.

• Once you exploit the program, you will need to somehow ex filtrate the flag from the server. The flag is found here:

  /home/aviv/lab/9.3/flag
  

• Once you've retrieve the flag information, copy the contents to the file called flag in your git repo, and submit that with your repository.

Submission

• You must submit at least two files:
  • flag : containing the contents of the flag
  • exploit.sh: containing your exploit code that when run will display the flag from the remote server.

Hints

• You'll need to find a bounce point but the program is compiled statically, so there is a HUGE text segment. Use grep, readelf, objdump to find what you are looking for.
• You won't be able to use a remote shell to exfiltrate. You probably want to think a bit more about the shell code you use.