Introduction to Systems Security¶
We make the first steps into systems security and talk about the high level topics. We present logistics and organizational aspects for the “Security of Information Systems” class.
Slides for this session:
Tasks¶
Use
checksec.shto audit the security of the executables on your system. You can downloadchecksec.shfrom the following link.Or you can use pwntools as a wrapper of
checksec.Use GCC and its options to create executables with all sorts of combinations (NX, PIE, stack canary, RELRO). Build (compile and link) an executable with all hardening options on:
$ checksec a.out [...] Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: PIE enabled
And build (compile and link) an executable with all hardening options off:
$ checksec a.out [...] Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX: NX disabled PIE: No PIE (0x400000) RWX: Has RWX segments
You can’t read the
/flagfile. Still, it might be duplicated somewhere else. Where could you find it?Connect using SSH to ctf@141.85.224.104:10000. The account password is look-for-me-0.
Submit the flag on the CTF platform. You need to create an account on the platform if you don’t already have one.
When you can’t read the
/home/ctf/flag, ask someone else.Connect using SSH to ctf@141.85.224.104:10001. The account password is reverse-kitten-0.
Submit the flag on the CTF platform. You need to create an account on the platform if you don’t already have one.
The
/home/ctf/flagis already there. You just have to read it.Connect using SSH to ctf@141.85.224.104:10002. The account password is hit-me-hard-0.
Submit the flag on the CTF platform. You need to create an account on the platform if you don’t already have one.
You know how the flag looks. Find it somewhere where data could be stored.
Connect using SSH to ctf@141.85.224.104:10003. The account password is cant-find-me-0.
Submit the flag on the CTF platform. You need to create an account on the platform if you don’t already have one.