Warm Up

In this assignment, you will:

  1. Form an initial group
  2. Install a basic development environment
  3. Find a crashing input to a simple memory corruption bug

Assignment Group

Assignments are to be completed and submitted for grading by groups of four. As such, you should first find three other students to create your first group. If for whatever reason you don’t create a group, you will be assigned to a group. Note that group composition will change over the course of the semester.

Development Environment

Your group’s first task will be to set up a basic development environment for each of the modules that comprise the course. At the time of writing, these modules are:

  • Web security
  • Memory corruption
  • Vulnerability discovery
  • Malware

Note that some assignments might need tools in addition to the ones listed below.

Linux Environment

The base of your development environment will be a Linux system. It does not matter which distribution you use for this base so long as it is capable of running a container stack such as Docker or OCI. Feel free to use any mainstream Linux distribution. If in doubt, Fedora or Ubuntu are reasonable choices.

Hypervisor

For some assignments, a virtualized environment might be necessary – e.g., to run Windows “malware.” Therefore, you should install a working hypervisor which can either be hosted by your Linux environment or installed alongside it if your Linux environment is itself virtualized.

A free hypervisor option is VirtualBox. However, VirtualBox has a spotty history when it comes to bugs and vulnerabilities. So, you might opt instead for a more robust paid option such as VMware.

Container Stack

Many assignments, including this one, will be distributed as a container image that you will run locally. To do so, you will need to install a container runtime (a.k.a., container stack) within your Linux environment. A safe choice is Docker. Note that some Linux distributions have deprecated Docker in favor of the OCI stack. In that case, it is easiest to simply use those tools which typically amounts to substituting any docker command with podman instead.

If you have never used containers before, there are many container tutorials out there to which you can refer. I also have a short tutorial available as well.

C/C++ Development Tools

Within your Linux environment, you should install a basic set of development tools via the distribution’s package manager. Usually, the package manager is invoked via dnf or apt depending on whether you are using a modern RPM- or Debian-based distribution. Package names can vary between different distributions, so the names below might need to be adjusted for your particular environment. But, dnf search or apt search (or, in the worst case, a Google search) can help you to resolve the package names you need.

Install the following packages:

  • gcc
  • clang
  • nasm
  • cmake
  • binutils
  • gdb

Additionally, you will need to install an editor (at a minimum), an IDE, or perhaps expose your Linux environment’s file system to your preferred tools on your host machine. Recommended IDEs include Visual Studio Code (if you are OK with vendor telemetry) or IntelliJ IDEA (free with a .edu email address).

Python Tools

You will more than likely want a working Python installation, which you should also install via your Linux distribution’s package manager. In this class, we will be using Python 3, so ensure that either you only have a version 3 environment installed or that you are able to unambiguously refer to it if you have multiple Python installations.

In addition to a Python 3 interpreter, you might also want to install IPython which makes interactive Python evaluation or script debugging much more pleasant.

Web Tools

For web assignments, you will need a working browser. Any of the mainstream choices such as Firefox, Chrome , Safari, or Edge will do so long as that browser’s developer tools are available.

In addition to a browser, you should install an interactive web proxy that will allow you to introspect on and modify HTTP messages. In this class, we will use and support mitmproxy since it is open source. However, if you have a Burp Suite license, then feel free to use that with the understanding that you’re on your own if you run into issues.

Reverse Engineering Tools

For the reverse engineering assignments, we will be using Ghidra. Ensure that you have a compatible Java Runtime Environment installed. If you have an IDA Pro and Hex-Rays license then feel free to use those tools instead with the usual caveat.

Vulnerable Program

With the software prerequisites out of the way, let us turn to the first assignment: crashing a vulnerable program. This program is available in Canvas as a container image called vuln00.img.xz. You can decompress the image using xz which can be installed using your distribution’s package manager. From there, you can load the image into your container runtime via docker load and then execute an instance using docker run.

When you run the container image, the vulnerable program will wait for input. While it is running, you can access the program’s source code which is available at /app/vuln00.cpp within the container instance. You can use docker cp to copy this source code to the container host if you so desire.

Analyze the source code to find an input that will crash the program.

Submission Instructions

  1. Send a Canvas message to the instructor and TAs informing them of your group members.
  2. Once your group has been created, submit a .tgz archive containing a single text file called input1. This file should contain an input that crashes the vulnerable program when used as part of the following command: docker run -it $vuln00_image <input1.
  3. Extra credit. Submit a .tgz archive containing two files: input1 and input2. Each of these should exploit distinct bugs in the vulnerable program resulting in crashes when run similarly to the example above.

© 2022 wkr