Difference between revisions of "CTF-practice-evening:2014-02-24"

From Technologia Incognita
Jump to: navigation, search
 
(24 intermediate revisions by the same user not shown)
Line 19: Line 19:
 
* We're happy with our performance at the Codegate CTF!
 
* We're happy with our performance at the Codegate CTF!
 
* Exploiting assembly code with a debugger is still one of our largest hurdles (with the exception of a few people)
 
* Exploiting assembly code with a debugger is still one of our largest hurdles (with the exception of a few people)
* TODO: we still need to save a copy of the pad contents from Riseup.net before it disappears
+
 
 +
* Discussion of problems - we discussed: Weirdshark and 120
 +
* The write-ups for Codegate on CTFtime.org still aren't available yet!
 +
** We'll email a link to the write-ups when they are available, and can discuss them on the mailing list.
 +
 
 +
== Infra issues ==
 +
* Marielle saved a copy of the pad contents from Riseup.net (before it disappears), and will email a link to the ctf mailing list
 
* We need a better way of sharing stuff
 
* We need a better way of sharing stuff
** Dimitris setup some great infra, including a file uploader
+
* Dimitris setup some great infra, including a file uploader
** But Melanie wasn't able to successfully upload IDA Pro
+
** Melanie sent a link to the CTF mailing list with the URL and the login credentials
** TODO Coolfile: setup a Knuffelhackers server + backup file sharing option, since 2 options are better than 1  :-)
+
** Melanie wasn't able to successfully upload IDA Pro though -- file size limit issues
 +
** Another limitation is that we can't arrange things into folders ourselves
 +
** Coolfile also setup a Knuffelhackers (FTP) server, (and emailed the details to the ctf list), since 2 options are better than 1  :-)
 +
 
 +
* During the next CTF, we should definitely use Dimitris' Etherpad infrastructure:
 +
** http://0x41414141.info/pad/
  
= Binary Exploitation =
+
== IDA Pro ==
 +
* IDA Pro was AWESOME for decompiling and reversing!!!
 +
** We definitely need to have an IDA Pro reversing evening -- we'll plan this in
 +
** But first we need to share it with everybody
 +
** Melanie created a Windows VM with IDA.  She can share it with everybody once the file sharing infrastructure is ready..
  
* We're gonna look at Chapter 3 (Exploitation - start at Page 119) of this book:
+
== Next CTF ==
 +
* Next CTF?    We are thinking that 1 CTF/month is a good amount..  enough to keep us in practice, but not too much to burn people out (because CTFs suck up an entire weekend.)
 +
** If VUBAR plays on other weekends, that is always an option for people who want to play more than once/month
 +
** We aren't sure yet which one we want to do.  We are going to look at ctftime.org, think about it, and come back with ideas next week
 +
 
 +
= Intro to x86 Disassembly =
 +
 
 +
* We're gonna look at Chapter 2 (Programming - start at Page 19 'Getting your hands dirty') of this book:
 
** [http://rogunix.com/docs/Reversing&Exploiting/Hacking%20-%20The%20Art%20of%20Exploitation_2nd%20Ed.pdf Hacking: the Art of Exploitation]
 
** [http://rogunix.com/docs/Reversing&Exploiting/Hacking%20-%20The%20Art%20of%20Exploitation_2nd%20Ed.pdf Hacking: the Art of Exploitation]
 
** You can get the Live CD [http://www.nostarch.com/hackingCD.htm here]
 
** You can get the Live CD [http://www.nostarch.com/hackingCD.htm here]
 +
 +
* We talked about calling conventions (cdecl, stdcall, fastcall, etc…) and how they influence function prologues/epilogues/stack cleanup/order of parameter passing/etc…
 +
** Homework - have a look at: [http://en.wikibooks.org/wiki/X86_Disassembly/Calling_Conventions Wikibooks:Calling_Conventions]
 +
* Explanation of commonly used x86 ASM commands: [http://coolfire.insomnia247.nl/BMA/X86_Win32_Reverse_Engineering_Cheat_Sheet.pdf Reverse Engineering Cheat Sheet]
 +
* Commonly used gdb commands: [[GDB-Tips]], [http://darkdust.net/files/GDB%20Cheat%20Sheet.pdf GDB Cheat Sheet]
 +
 +
* We went through pages 19-30 on the beamer, and interactively with GDB in the live CD, with people asking questions
 +
** Homework: read pages 1-30 of 'Hacking: the Art of Exploitation' in detail (following along in the Live CD)

Latest revision as of 22:48, 24 February 2014

CTF-practice-evening:2014-02-24
Date 2014/02/24
Time
Location ACTA
Type Workshop
Contact Melanie

Capture The Flag evening - Part 8

  • 24 February, 2014 - 7 PM
  • Please bring along a laptop with you!!!

General CTF Info

Codegate Retrospective

  • We're happy with our performance at the Codegate CTF!
  • Exploiting assembly code with a debugger is still one of our largest hurdles (with the exception of a few people)
  • Discussion of problems - we discussed: Weirdshark and 120
  • The write-ups for Codegate on CTFtime.org still aren't available yet!
    • We'll email a link to the write-ups when they are available, and can discuss them on the mailing list.

Infra issues

  • Marielle saved a copy of the pad contents from Riseup.net (before it disappears), and will email a link to the ctf mailing list
  • We need a better way of sharing stuff
  • Dimitris setup some great infra, including a file uploader
    • Melanie sent a link to the CTF mailing list with the URL and the login credentials
    • Melanie wasn't able to successfully upload IDA Pro though -- file size limit issues
    • Another limitation is that we can't arrange things into folders ourselves
    • Coolfile also setup a Knuffelhackers (FTP) server, (and emailed the details to the ctf list), since 2 options are better than 1  :-)

IDA Pro

  • IDA Pro was AWESOME for decompiling and reversing!!!
    • We definitely need to have an IDA Pro reversing evening -- we'll plan this in
    • But first we need to share it with everybody
    • Melanie created a Windows VM with IDA. She can share it with everybody once the file sharing infrastructure is ready..

Next CTF

  • Next CTF? We are thinking that 1 CTF/month is a good amount.. enough to keep us in practice, but not too much to burn people out (because CTFs suck up an entire weekend.)
    • If VUBAR plays on other weekends, that is always an option for people who want to play more than once/month
    • We aren't sure yet which one we want to do. We are going to look at ctftime.org, think about it, and come back with ideas next week

Intro to x86 Disassembly

  • We went through pages 19-30 on the beamer, and interactively with GDB in the live CD, with people asking questions
    • Homework: read pages 1-30 of 'Hacking: the Art of Exploitation' in detail (following along in the Live CD)