Introduction
In this activity, we will explore basic concepts of memory safety and control flow integrity attacks. We will use input to a vulnerable software to modify the data flow and the control flow of a program, in the goal of eventually take over the machine running the program.
Getting the source
Back up your lab code
If you are currently working in another lab, make sure to back up your progress before switching branches.
$ git commit -am 'saving progress'
$ git push
Getting on the right branch
Then, we need to switch to the main
branch using
$ git checkout main
Next, fetch the updates and pull them into your main
branch:
$ git fetch upstream
$ git pull upstream main
If you are asked for a merge message, enter any appropriate message and exit the editor, if any.
The code for this activity is found under the mem_safety_intro
directory
under acitivities
.
Installing tools
We need a few tools for this activity and for your next lab, so here’s how you can get them. We will need to cross compile code for the Intel i386 32 bits architecture, so we must have the necessary compiler and libraries. To download and install those, use:
sudo apt install -y gdb gdb-multiarch gcc-multilib python2
We will also attach a better wrapper on top of gdb
to be able to explore
memory more clearly. We will use gef
to achieve that. You can install gef
using:
bash -c "$(curl -fsSL https://gef.blah.cat/sh)"
If curl
is not installed, then you can install it using sudo apt install -y
curl
.
Upgrade WSL1
It seems that WSL1 on Windows is not able to run 32 bit applications. To be able
to do this lab, you must be running on WSL2. To upgrade from WSL1 to WSL2,
follow the instructions
here and
here.
If running the wsl
command from Powershell does not work, then you are running
an older version of Windows, and you need to manually upgrade WSL by following
the instructions
here.
Note that you can still run Linux virtual machines on WSL1 if you require them,
you can use the command wsl --set-version <vm-name> 1
from Powershell, where
<vm-name>
is the name of the distribution that you would like to run on WSL1.