SystemsSec 2018W Lecture 11: Difference between revisions
No edit summary |
|||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
==Audio== | ==Audio== | ||
[https://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/lectures/comp4108-2018w-lec11- | [https://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/lectures/comp4108-2018w-lec11-12Feb2018.m4a Lecture 11 Audio] | ||
==Notes== | ==Notes== | ||
HTTPS | === HTTPS === | ||
How to set it up? | - How to set it up? | ||
Get your public/private key pair signed by a respected authority | - Get your public/private key pair signed by a respected authority | ||
You can also self-sign but may encounter errors | - You can also self-sign but may encounter errors | ||
Current certificate is expired (Feb 2014) | - Current certificate is expired (Feb 2014) | ||
Need to get new certificate | - Need to get new certificate | ||
New thing called “Let’s encrypt” that offers free certificates (only for 90 days) | - New thing called “Let’s encrypt” that offers free certificates (only for 90 days) | ||
Recommends downloading CertBot | - Recommends downloading CertBot | ||
Might already come with Linux distribution | - Might already come with Linux distribution | ||
Certbot | === Certbot === | ||
Default commands provide useful instructions | - Default commands provide useful instructions | ||
Need to enter the webroot and url | - Need to enter the webroot and url | ||
This is to prove to Certbot that we have control of the server | - This is to prove to Certbot that we have control of the server | ||
Used to generate challenges that Certbot will verify | - Used to generate challenges that Certbot will verify | ||
Update the server’s configuration file with the newly generated certificates | - Update the server’s configuration file with the newly generated certificates | ||
In this case used symbolic links | - In this case used symbolic links | ||
Restart the server | - Restart the server | ||
Buffer overflows | === Buffer overflows=== | ||
Make a classic C program | - Make a classic C program | ||
Typing over the buffer length | - Typing over the buffer length | ||
Detected stack smashing | - Detected stack smashing | ||
ONLY after writing and reading the bytes | - ONLY after writing and reading the bytes | ||
Use of canary words to detect if stack has been modified | - Use of canary words to detect if stack has been modified | ||
If you were a real attacker you would try and target a buffer that wasn’t protected by it | - If you were a real attacker you would try and target a buffer that wasn’t protected by it | ||
The heap is a prime target | - The heap is a prime target | ||
If we turn off the stack protection | - If we turn off the stack protection | ||
Received a SIGSEGV from the kernel and the core is dumped | - Received a SIGSEGV from the kernel and the core is dumped | ||
Kernel saying that you tried to access memory that was not given | - Kernel saying that you tried to access memory that was not given | ||
Process can intercept signal and choose to do something with it | - Process can intercept signal and choose to do something with it | ||
Default handler causes you to crash with segfault | - Default handler causes you to crash with segfault | ||
What is “core dumped”? | - What is “core dumped”? | ||
Comes from core memory | - Comes from core memory | ||
Means that it’s written memory out | - Means that it’s written memory out | ||
Modify C program to have a function called target in the binary but it’s never called. Goal is to make the code jump to the target function and execute. | Modify C program to have a function called target in the binary but it’s never called. Goal is to make the code jump to the target function and execute. |
Latest revision as of 18:15, 14 February 2018
Audio
Notes
HTTPS
- How to set it up? - Get your public/private key pair signed by a respected authority - You can also self-sign but may encounter errors
- Current certificate is expired (Feb 2014)
- Need to get new certificate - New thing called “Let’s encrypt” that offers free certificates (only for 90 days) - Recommends downloading CertBot - Might already come with Linux distribution
Certbot
- Default commands provide useful instructions - Need to enter the webroot and url - This is to prove to Certbot that we have control of the server - Used to generate challenges that Certbot will verify
- Update the server’s configuration file with the newly generated certificates - In this case used symbolic links - Restart the server
Buffer overflows
- Make a classic C program - Typing over the buffer length - Detected stack smashing - ONLY after writing and reading the bytes - Use of canary words to detect if stack has been modified - If you were a real attacker you would try and target a buffer that wasn’t protected by it - The heap is a prime target - If we turn off the stack protection - Received a SIGSEGV from the kernel and the core is dumped - Kernel saying that you tried to access memory that was not given - Process can intercept signal and choose to do something with it - Default handler causes you to crash with segfault - What is “core dumped”? - Comes from core memory - Means that it’s written memory out
Modify C program to have a function called target in the binary but it’s never called. Goal is to make the code jump to the target function and execute. What tools can we use? GDB to figure out what’s happening with memory
“Stack Smashing for Fun and Profit” Basic idea is you find the address and then overwrite the address Might have to turn off address space randomization