Module: Memory Errors

Because of the lack of memory safety in low-level languages, such as C, memory corruption vulnerabilities manifest quite frequently, to brutal effect. This module will explore a number of different exploitation scenarios, using different types of flaws to achieve control over software.

Lectures

The lectures for this module are:

• Memory Errors: Introduction (slides here)
• Memory Errors: High-level Problems (slides here)
• Memory Errors: Smashing the Stack (slides here)
• Memory Errors: Causes of Corruption 1 (slides here)
• Memory Errors: Causes of Corruption 2 (slides here)
• Memory Errors: Stack Canary Mitigations (slides here)
• Memory Errors: ASLR Mitigations (slides here)
• Memory Errors: Causes of Disclosure (slides here)

The following lectures from previous modules are also quite relevant:

• Shellcoding: Data Execution Prevention (slides here)

Additionally, you should be quite familiar with the following fundamental knowledge:

• Fundamentals: Computer Architecture (slides here)
• Fundamentals: Assembly (slides here)
• Fundamentals: Binary Files (slides here)
• Fundamentals: Linux Process Loading (slides here)
• Fundamentals: Linux Process Execution (slides here)

Practice

• Challenges: babymem

The goal of the challenge sets in this module is to get the flag. There are a number of difficulty levels, but the programs are structured similarly. Each program takes user input on stdin (or otherwise) and contains at least one (intentional) vulnerability. If you exploit it, you can get it to read the flag and print it out to you.

The up-shot is this: to read the /flag for a binary, you will have to understand how to exploit it.

If you are ready to tackle the challenges, go to https://cse466.pwn.college!