In four action-packed hours we will learn how to read and code in the Arm assembly language and exploit Arm binaries using buffer-overflow exploits. Our lab will involve debugging Arm binaries, executing shellcode from the stack, and how to find and use ROP gadgets to allow exploitation even on NX-protected stacks. This lab includes a detailed workbook and a lab VM.
Prerequisites:
• Basic experience with Linux and using the command line
• Basic understanding of how C functions work
What students should bring:
• Laptop with 8GB RAM and around 30GB free disk space
• VMware Player/Workstation/Fusion or VirtualBox installed
PART 2
Memory corruption vulnerabilities
Stack frames
Examples of vulnerable functions
Visualization of a vulnerable function call
Stack corruption
Executing Shellcode on the stack with a simple gadget
Introduction to gadget huntingLab: Exploiting BoF
LAB: In this exercise students will corrupt the stack by exploiting a vulnerable function and create their first exploit in which they identify the offset for the PC crash and leverage a simple gadget to jump to their Shellcode on the stack.
Exploit mitigations
Introduction to the NX bit which makes the stack non-executable
Ways around this restriction
Introduction to Return Oriented Programming
invoking system() via ROP to execute a command – the traditional way
LAB: Bypassing NX – In this exercise, students can’t use the traditional way of invoking system(“/bin/sh”), which is only possible with old libraries containing the ideal gadget. This challenge uses a newer Libc library, in which the ideal gadget is not present. This lab challenges students to creatively think about a restriction and come up with a workaround.