Contact me at pcgrosen [at] ucsb [dot] edu
Need a slack invite? Email me or talk to me in class.
List of calling conventions
x86 Instruction set reference
IDA Freeware version (get this!)
Final day: XSS Attack/Defense
Slides on Flask Jinja injection
Slides on AES-CBC
Slides on AES-CTR
Slides on AES-ECB
Slides on SQL schema leaks
Slides on blind SQL injection
Slides on basic SQL injection
An sh-based jail and a find-based jail for today's activity
Slides on bash jail escapes
Base script for today's activity, and an example solution
Slides on python jail escapes
Slides on format string exploitation
Slides on fastbin use-after-free pivot
Slides on basic fastbin exploitation
Slides on ASLR and leaking
Slides on ROP
Slides on basic buffer overflows
The calculate function may look intimidating, but it is not very long. Persevere and you will solve it.
Be sure to make use of the type annotations that IDA provides due to the debug info in the binary.
When you are finished, shoot me a message on slack. Try to finish by Friday. Good luck!
Printable amd64 shellcode
Last week's shellcoding.zip has been updated to include level 4 (printables only)
Online assembler for prototyping
afternoon_tea note (start here!)
Compiler Explorer (godbolt)
Challenge note (start here!)
Challenge day! No slides.
nc pwning.int80.net 5559
nc pwning.int80.net 5558
Continuing on with simple_rop from February 9th . . .
Connect to the server with
$ python exploit_starter.py pwning.int80.net 5556
IDA stack layout screenshot
libc.so lookup site
Introduction to Reversing Slides
And a new challenge, BaskinRobins31, from Codegate Quals 2018: BaskinRobins31 Binary
RSA on Wikipedia
Crypto Challenges (see slack for help)
Smashing the Stack for Fun and Profit
Meltdown example (Check out the libkdump folder)
Project Zero Blogpost (highly technical)
Meltdown site, Spectre site