Guest Lecture by Robert Xiao

Exploiting a Filesystem Driver in a Kernel CTF Challenge

When and Where

You got this information via the mailing list or via other channels.

Abstract

In this talk, we will dissect the process of exploiting a buggy filesystem driver, by walking through the final part of the SSTIC 2022 CTF challenge. We will cover how to achieve filesystem corruption and ultimately kernel memory corruption, and along the way learn about filesystems and filesystem abstractions in the Linux kernel.

Hands-on

  • Download the following archive and extract it: redacted-package.zip
  • Install QEMU. Then, you can run the VM using ./start_vm.sh.
  • You can mount the “goodfs” filesystem using mounter_client mount goodfs n1Q0TRoxE9Y061TTFy6fMoEIVfDOhPfE. It will appear in mnt/goodfs.
  • The first goal is to open /mnt/goodfs/private/first_flag, which requires corrupting the goodfs filesystem.
  • The second goal is to open /root/final_secret.txt, which requires compromising either the kernel or the mounter_server daemon.
  • There will be a remote version with the real flags. The IPs and ports will be published during the talk.
21 Aug 2023