SystemsSec 2018W Lecture 11: Difference between revisions

From Soma-notes
Yannick (talk | contribs)
Yannick (talk | contribs)
Line 4: Line 4:


==Notes==
==Notes==
HTTPS
=== HTTPS ===
How to set it up?
- How to set it up?
Get your public/private key pair signed by a respected authority
- Get your public/private key pair signed by a respected authority
You can also self-sign but may encounter errors
- You can also self-sign but may encounter errors


Current certificate is expired (Feb 2014)
- Current certificate is expired (Feb 2014)


Need to get new certificate
- Need to get new certificate
New thing called “Let’s encrypt” that offers free certificates (only for 90 days)
- New thing called “Let’s encrypt” that offers free certificates (only for 90 days)
Recommends downloading CertBot
- Recommends downloading CertBot
Might already come with Linux distribution
- Might already come with Linux distribution


Certbot
=== Certbot ===
Default commands provide useful instructions
- Default commands provide useful instructions
Need to enter the webroot and url
- Need to enter the webroot and url
This is to prove to Certbot that we have control of the server
- This is to prove to Certbot that we have control of the server
Used to generate challenges that Certbot will verify
- Used to generate challenges that Certbot will verify


Update the server’s configuration file with the newly generated certificates
- Update the server’s configuration file with the newly generated certificates
In this case used symbolic links
- In this case used symbolic links
Restart the server
- Restart the server






Buffer overflows
=== Buffer overflows===
Make a classic C program
- Make a classic C program
Typing over the buffer length
- Typing over the buffer length
Detected stack smashing
- Detected stack smashing
ONLY after writing and reading the bytes
- ONLY after writing and reading the bytes
Use of canary words to detect if stack has been modified
- Use of canary words to detect if stack has been modified
If you were a real attacker you would try and target a buffer that wasn’t protected by it
- If you were a real attacker you would try and target a buffer that wasn’t protected by it
The heap is a prime target
- The heap is a prime target
If we turn off the stack protection
- If we turn off the stack protection
Received a SIGSEGV from the kernel and the core is dumped
- Received a SIGSEGV from the kernel and the core is dumped
Kernel saying that you tried to access memory that was not given
- Kernel saying that you tried to access memory that was not given
Process can intercept signal and choose to do something with it
- Process can intercept signal and choose to do something with it
Default handler causes you to crash with segfault
- Default handler causes you to crash with segfault
What is “core dumped”?
- What is “core dumped”?
Comes from core memory
- Comes from core memory
Means that it’s written memory out
- Means that it’s written memory out


Modify C program to have a function called target in the binary but it’s never called. Goal is to make the code jump to the target function and execute.
Modify C program to have a function called target in the binary but it’s never called. Goal is to make the code jump to the target function and execute.

Revision as of 15:07, 14 February 2018

Audio

Lecture 11 Audio

Notes

HTTPS

- How to set it up? - Get your public/private key pair signed by a respected authority - You can also self-sign but may encounter errors

- Current certificate is expired (Feb 2014)

- Need to get new certificate - New thing called “Let’s encrypt” that offers free certificates (only for 90 days) - Recommends downloading CertBot - Might already come with Linux distribution

Certbot

- Default commands provide useful instructions - Need to enter the webroot and url - This is to prove to Certbot that we have control of the server - Used to generate challenges that Certbot will verify

- Update the server’s configuration file with the newly generated certificates - In this case used symbolic links - Restart the server


Buffer overflows

- Make a classic C program - Typing over the buffer length - Detected stack smashing - ONLY after writing and reading the bytes - Use of canary words to detect if stack has been modified - If you were a real attacker you would try and target a buffer that wasn’t protected by it - The heap is a prime target - If we turn off the stack protection - Received a SIGSEGV from the kernel and the core is dumped - Kernel saying that you tried to access memory that was not given - Process can intercept signal and choose to do something with it - Default handler causes you to crash with segfault - What is “core dumped”? - Comes from core memory - Means that it’s written memory out

Modify C program to have a function called target in the binary but it’s never called. Goal is to make the code jump to the target function and execute. What tools can we use? GDB to figure out what’s happening with memory

“Stack Smashing for Fun and Profit” Basic idea is you find the address and then overwrite the address Might have to turn off address space randomization