HITB LAB: Azeria’s ARM Exploitation Lab (Part 2)

Please attend Part 1 of this lab in order to participate

In four action-packed hours we will learn how to read and code in the Arm assembly language and exploit Arm binaries using buffer-overflow exploits. Our lab will involve debugging Arm binaries, executing shellcode from the stack, and how to find and use ROP gadgets to allow exploitation even on NX-protected stacks. This lab includes a detailed workbook and a lab VM.

Prerequisites:

• Basic experience with Linux and using the command line

• Basic understanding of how C functions work

What students should bring:

• Laptop with 8GB RAM and around 30GB free disk space

• VMware Player/Workstation/Fusion or VirtualBox installed

PART 2

  • Memory corruption vulnerabilities
  • Stack frames
  • Examples of vulnerable functions
  • Visualization of a vulnerable function call
  • Stack corruption
  • Executing Shellcode on the stack with a simple gadget
  • Introduction to gadget huntingLab: Exploiting BoF
  • LAB: In this exercise students will corrupt the stack by exploiting a vulnerable function and create their first exploit in which they identify the offset for the PC crash and leverage a simple gadget to jump to their Shellcode on the stack.
  • Exploit mitigations
  • Introduction to the NX bit which makes the stack non-executable
  • Ways around this restriction
  • Introduction to Return Oriented Programming
  • invoking system() via ROP to execute a command – the traditional way
  • LAB: Bypassing NX – In this exercise, students can’t use the traditional way of invoking system(“/bin/sh”), which is only possible with old libraries containing the ideal gadget. This challenge uses a newer Libc library, in which the ideal gadget is not present. This lab challenges students to creatively think about a restriction and come up with a workaround.

MAIN CONFERENCE
Location: Track 3 / HITB Labs Date: May 10, 2019 Time: 2:00 pm - 4:00 pm Maria Markstedter