Sheet 4

General Information

All solutions must be created with Python but could also be combined with some Bash scripting. If you are new to Python have a look online… there are many good resources to get started such as this course, this blog post and this slide deck. Feel free to post other resources to the mailing list to help other PABE students.

Please keep in mind that you should:

  • read the task description carefully

  • push all your changes to the GitLab repository (master branch) before the deadline. Make also sure that the file permissions are set correctly! If you are new to Git check out this site!

  • make sure that your solution (also) runs on the virtual machine (and not just your local machine); this also means that you must install all additional packages yourself from within the solution script (e.g., os.system("pip install --user -r requirements.txt"))

  • make sure that the solution is an executable script named solution (chmod +x ./solution) with a working shebang line at the top (e.g., #!/usr/bin/env python2) so that it can be executed like this: ./solution (do not name your script solution.py, Solution, solution.sh, … just solution)

  • the final solution string, and only that, must be written to stdout and could be a number, a string, a string with the format FLAG{some letters and digits here}, depending on the specific task

  • describe what you are doing using detailed comments for all your solution scripts no matter if it is a Python or Bash script! For Python, for example, use Docstrings (link) or inline comments:

    1
2
3
4
5
6
7
8

    def check_input_length(input_string):
    """
    The input string must have a length greater than 42 and must also be even.
    """
    length = len(input_string)

    # the final check happens here
    return (length > 42) and (length % 2 == 0)

    This helps us to find out if you really understood the task and you are not just brute-forcing some solutions. Please do not leave any commented code (i.e., code that is not needed to solve the task) in your solution files!

  • make sure that your solution executes within 10 seconds (this is a hard timeout on our server)

The deadline for this sheet is Tuesday, 2019-12-17 23:59:59

Task 16 – Say my name!

We have reused code from an old authentication system. It seems like security was not that important in these days… Can you check, if the binary has a vulnerability? If so, exploit it to make the binary print the flag. Where is the bug and how can it be fixed? Write the answer as a comment!

Task 17 – Respect my borders

Part 1: Our smart engineer has implemented his own idea of a patch, to increase the security :). I don’t think you will make the binary print the flag anymore… But if you do, exploit the binary so that it prints the flag!

Part 2: We received a working exploit for our binary. Unfortunately it seems, that it only works on certain times of the day. Find out what the problem could be and write a check in your exploit code that only runs the code, when the exploit will be successful. Comment and describe the check as well.

Task 18 – Shellter your code!

We finally removed the unnecessary code! Is our binary still exploitable? If it is, show us how and print the flag…

Task 19 – No Xystem for you

We made indeed a huge mistake by disabling the compiler’s default option… Now your previous exploit shouldn’t work. I am getting out on our campus and head back to our building C - the library - to read about methods to increase security even more. In the meantime, try to exploit our new binary and print the flag.

Task 20 – ret2libc is soooo 90s

This time you must not use libc functions! This means, for example, ret2libc with system() or other high level libc functions is not allowed! Try to find a way to print the content of flag.txt with the aforementioned constraints.

Hint: I like Rop Music and Hip Hop! What do you like?

6 Dec 2019