Difference between revisions of "SystemsSec 2018W Lecture 11"
(Created page with "==Audio== [https://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/lectures/comp4108-2018w-lec11-12Feb2017.m4a Lecture 11 Audio] ==Notes==") |
(→Notes) |
||
| Line 4: | Line 4: | ||
==Notes== | ==Notes== | ||
HTTPS | |||
How to set it up? | |||
Get your public/private key pair signed by a respected authority | |||
You can also self-sign but may encounter errors | |||
Current certificate is expired (Feb 2014) | |||
Need to get new certificate | |||
New thing called “Let’s encrypt” that offers free certificates (only for 90 days) | |||
Recommends downloading CertBot | |||
Might already come with Linux distribution | |||
Certbot | |||
Default commands provide useful instructions | |||
Need to enter the webroot and url | |||
This is to prove to Certbot that we have control of the server | |||
Used to generate challenges that Certbot will verify | |||
Update the server’s configuration file with the newly generated certificates | |||
In this case used symbolic links | |||
Restart the server | |||
Buffer overflows | |||
Make a classic C program | |||
Typing over the buffer length | |||
Detected stack smashing | |||
ONLY after writing and reading the bytes | |||
Use of canary words to detect if stack has been modified | |||
If you were a real attacker you would try and target a buffer that wasn’t protected by it | |||
The heap is a prime target | |||
If we turn off the stack protection | |||
Received a SIGSEGV from the kernel and the core is dumped | |||
Kernel saying that you tried to access memory that was not given | |||
Process can intercept signal and choose to do something with it | |||
Default handler causes you to crash with segfault | |||
What is “core dumped”? | |||
Comes from core memory | |||
Means that it’s written memory out | |||
Modify C program to have a function called target in the binary but it’s never called. Goal is to make the code jump to the target function and execute. | |||
What tools can we use? | |||
GDB to figure out what’s happening with memory | |||
“Stack Smashing for Fun and Profit” | |||
Basic idea is you find the address and then overwrite the address | |||
Might have to turn off address space randomization | |||
Revision as of 11:05, 14 February 2018
Audio
Notes
HTTPS How to set it up? Get your public/private key pair signed by a respected authority You can also self-sign but may encounter errors
Current certificate is expired (Feb 2014)
Need to get new certificate New thing called “Let’s encrypt” that offers free certificates (only for 90 days) Recommends downloading CertBot Might already come with Linux distribution
Certbot Default commands provide useful instructions Need to enter the webroot and url This is to prove to Certbot that we have control of the server Used to generate challenges that Certbot will verify
Update the server’s configuration file with the newly generated certificates In this case used symbolic links Restart the server
Buffer overflows Make a classic C program Typing over the buffer length Detected stack smashing ONLY after writing and reading the bytes Use of canary words to detect if stack has been modified If you were a real attacker you would try and target a buffer that wasn’t protected by it The heap is a prime target If we turn off the stack protection Received a SIGSEGV from the kernel and the core is dumped Kernel saying that you tried to access memory that was not given Process can intercept signal and choose to do something with it Default handler causes you to crash with segfault What is “core dumped”? Comes from core memory Means that it’s written memory out
Modify C program to have a function called target in the binary but it’s never called. Goal is to make the code jump to the target function and execute. What tools can we use? GDB to figure out what’s happening with memory
“Stack Smashing for Fun and Profit” Basic idea is you find the address and then overwrite the address Might have to turn off address space randomization