SystemsSec 2018W Lecture 11: Difference between revisions

From Soma-notes
Created page with "==Audio== [https://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/lectures/comp4108-2018w-lec11-12Feb2017.m4a Lecture 11 Audio] ==Notes=="
 
Yannick (talk | contribs)
Line 4: Line 4:


==Notes==
==Notes==
HTTPS
How to set it up?
Get your public/private key pair signed by a respected authority
You can also self-sign but may encounter errors
Current certificate is expired (Feb 2014)
Need to get new certificate
New thing called “Let’s encrypt” that offers free certificates (only for 90 days)
Recommends downloading CertBot
Might already come with Linux distribution
Certbot
Default commands provide useful instructions
Need to enter the webroot and url
This is to prove to Certbot that we have control of the server
Used to generate challenges that Certbot will verify
Update the server’s configuration file with the newly generated certificates
In this case used symbolic links
Restart the server
Buffer overflows
Make a classic C program
Typing over the buffer length
Detected stack smashing
ONLY after writing and reading the bytes
Use of canary words to detect if stack has been modified
If you were a real attacker you would try and target a buffer that wasn’t protected by it
The heap is a prime target
If we turn off the stack protection
Received a SIGSEGV from the kernel and the core is dumped
Kernel saying that you tried to access memory that was not given
Process can intercept signal and choose to do something with it
Default handler causes you to crash with segfault
What is “core dumped”?
Comes from core memory
Means that it’s written memory out
Modify C program to have a function called target in the binary but it’s never called. Goal is to make the code jump to the target function and execute.
What tools can we use?
GDB to figure out what’s happening with memory
“Stack Smashing for Fun and Profit”
Basic idea is you find the address and then overwrite the address
Might have to turn off address space randomization

Revision as of 15:05, 14 February 2018

Audio

Lecture 11 Audio

Notes

HTTPS How to set it up? Get your public/private key pair signed by a respected authority You can also self-sign but may encounter errors

Current certificate is expired (Feb 2014)

Need to get new certificate New thing called “Let’s encrypt” that offers free certificates (only for 90 days) Recommends downloading CertBot Might already come with Linux distribution

Certbot Default commands provide useful instructions Need to enter the webroot and url This is to prove to Certbot that we have control of the server Used to generate challenges that Certbot will verify

Update the server’s configuration file with the newly generated certificates In this case used symbolic links Restart the server


Buffer overflows Make a classic C program Typing over the buffer length Detected stack smashing ONLY after writing and reading the bytes Use of canary words to detect if stack has been modified If you were a real attacker you would try and target a buffer that wasn’t protected by it The heap is a prime target If we turn off the stack protection Received a SIGSEGV from the kernel and the core is dumped Kernel saying that you tried to access memory that was not given Process can intercept signal and choose to do something with it Default handler causes you to crash with segfault What is “core dumped”? Comes from core memory Means that it’s written memory out

Modify C program to have a function called target in the binary but it’s never called. Goal is to make the code jump to the target function and execute. What tools can we use? GDB to figure out what’s happening with memory

“Stack Smashing for Fun and Profit” Basic idea is you find the address and then overwrite the address Might have to turn off address space randomization