Program Security


CSE 466 - Fall 2024.

In the realm of cybersecurity, your journey mirrors that of a martial artist mastering the art of defense and attack. The “Program Security” module is where you will train in the ancient techniques of shellcoding and memory corruption. Like a skilled martial artist wielding precise strikes, you will learn to craft shellcode that slips past defenses with the agility of a shadow. You will also study memory corruption vulnerabilities, discovering how to exploit pinpoint weaknesses with the precision of a pressure point strike.



Resources

The excellent Zardus (creator of pwn.college) has recorded lectures and slides that might be useful:

Shellcode Injection: Introduction



Shellcode Injection: Common Challenges



Shellcode Injection: Data Execution Prevention



Memory Errors: Introduction



Memory Errors: High-level Problems



Memory Errors: Smashing the Stack



Memory Errors: Causes of Corruption 1



Memory Errors: Causes of Corruption 2



Memory Errors: Stack Canaries



Memory Errors: ASLR



Memory Errors: Causes of Disclosure




Challenges

Write and execute shellcode to read the flag, but your inputted data is filtered before execution.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but the inputted data cannot contain any form of system call bytes (syscall, sysenter, int), can you defeat this?

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but the inputted data cannot contain any form of system call bytes (syscall, sysenter, int), this challenge adds an extra layer of difficulty!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but all file descriptors (including stdin, stderr and stdout!) are closed.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but you only get 18 bytes.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but your input has data inserted into it before being executed.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but your input is sorted before being executed!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but your input is sorted before being executed and stdin is closed.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but every byte in your input must be unique.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but this time you only get 12 bytes!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but this time you only get 6 bytes :)

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and smash the stack to obtain the flag, but this time bypass a check designed to prevent you from doing so!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and smash the stack to obtain the flag, but this time bypass a check designed to prevent you from doing so!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and smash the stack to obtain the flag, but this time bypass another check designed to prevent you from doing so!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and smash the stack to obtain the flag, but this time bypass another check designed to prevent you from doing so!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and smash the stack to obtain the flag, but this time in a PIE binary with a stack canary. Be warned, this requires careful and clever payload construction!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and smash the stack to obtain the flag, but this time in a PIE binary with a stack canary. Be warned, this requires careful and clever payload construction!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and leak the flag. Be warned, this requires careful and clever payload construction!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and leak the flag. Be warned, this requires careful and clever payload construction!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and leak the flag. Be warned, this requires careful and clever payload construction!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and leak the flag. Be warned, this requires careful and clever payload construction!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Defeat a stack canary in a PIE binary by utilizing a bug left in the binary.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Defeat a stack canary in a PIE binary by utilizing a bug left in the binary.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leak data left behind unintentionally by utilizing clever payload construction.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leak data left behind unintentionally by utilizing clever payload construction.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leak data left behind unintentionally to defeat a stack canary in a PIE binary.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leak data left behind unintentionally to defeat a stack canary in a PIE binary.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank Hacker Badges Score