Maier Johannes
45af305522
Address CVE-2024-42471 ( #9 )
...
* Fix CVE-2024-42471
* Include fnetd into repository, download link is broken
2024-09-13 23:21:32 +10:00
5df3832489
finishing touches on presentation
2024-02-06 20:02:01 +01:00
e33df5cb42
added clarification for bug on slides
2024-02-06 18:00:41 +01:00
Maier Johannes
4654c8b6be
Presentation ( #7 )
...
* Add presentation template.
* Start with presentation.
* Small fixes
* Extend section on exploit primitives
* Extend program slide
* added exploit explanation and cool profit image
* added decoy presentation. Add to normal presentation with make add_decoy
---------
Co-authored-by: Simon Bußmann <simon.bussmann@tum.de >
2024-02-05 18:22:36 +01:00
cato
b8c0cbbb98
Submission ready state achieved ( #8 )
2024-01-29 17:37:10 +01:00
Maier Johannes
01934af8be
Random code addresses ( #5 )
...
* Enable random addresses for generated code
* Enable custom stack in sandbox
* Triggering CI?
* Update exploit to work in release mode.
2024-01-25 01:24:31 +01:00
Maier Johannes
b3e3b7b049
Enable testing of the exploit ( #4 )
...
* Enable testing exploit
* Fix unused result warning
* Fix oversight in CI
* Fix oversight in CI II
* Fix oversight in CI III
* Fix oversight in CI IV
* Debugging CI
* Debugging CI
* Debugging CI
* Debugging & supplying custom libc
* Trying out stuff.
* Triggering CI?
* Testing around.
* Fix test_exploit CI.
* Fix test_exploit CI.
2024-01-25 00:55:49 +01:00
a90702d68f
implemented second exploit phase
2024-01-16 23:18:20 +01:00
Johannes Maier
7710474cd2
Reformat exploit.py.
2024-01-16 22:04:01 +01:00
Johannes Maier
f84a733706
Add exploit extracting the premium activation key.
2024-01-16 21:41:50 +01:00
Johannes Maier
71b527efa1
Fix bug to be exploitable
2024-01-16 19:24:54 +01:00
Johannes Maier
0d44710dc7
Add basic exploit
2024-01-16 18:26:46 +01:00
Johannes Maier
06fc784871
Change the pun.
2024-01-16 18:02:10 +01:00
Johannes Maier
9ede0db8d7
Remove attribute.
2024-01-16 17:45:29 +01:00
Johannes Maier
f6e817eba6
Remove todos.
2024-01-16 17:45:09 +01:00
Johannes Maier
12765a9a11
Fix register names.
2024-01-16 17:38:27 +01:00
Johannes Maier
3f0967d7f5
Add seccomp jail. New pun.
2024-01-16 17:35:55 +01:00
Johannes Maier
4dd7d3d9d6
Add premium mode. Closes #3 .
2024-01-16 15:58:52 +01:00
Johannes Maier
f244d69127
Add more registers to ISA, required for exploit.
2024-01-16 09:12:57 +01:00
Johannes Maier
ab724721c0
Add more tests for add and addi
2024-01-13 13:46:09 +01:00
Johannes Maier
50405ab89a
Introduce bug
2024-01-13 13:44:11 +01:00
Maier Johannes
338f0eda4d
Add CI and test ( #1 )
...
Add CI and test
2024-01-12 04:02:30 +01:00
Johannes Maier
d0f0ea6e56
Add '!' to exit code printing message + formatting
2024-01-12 03:56:28 +01:00
Johannes Maier
b56a224044
Add dockerfile for DEBUGGING purposes!
2024-01-12 01:36:52 +01:00
Johannes Maier
74bed6b74d
Bug fixes and convenience improvements.
2024-01-12 01:33:08 +01:00
Johannes Maier
7f74e2934c
Make vuln.c compiling & running on debian bullseye.
2024-01-12 01:32:35 +01:00
Johannes Maier
cd077bd814
First code generator
2024-01-11 21:02:52 +01:00
Johannes Maier
6b7a4100ae
Begin code generator.
2024-01-10 16:20:55 +01:00
Johannes Maier
2d8f9eba01
Rework registers.
2024-01-10 16:10:11 +01:00
Johannes Maier
29e9b2ea43
Extend framework
2024-01-10 16:03:06 +01:00
Johannes Maier
a6fbc73d55
Add project propossal.
2024-01-10 16:02:51 +01:00
Johannes Maier
7991f82fee
Use all security measures:
...
- Full RELRO
- Stack Canary
- NX
- PIE
2024-01-05 19:04:02 +01:00
Johannes Maier
0f9fe1288f
Add read of input program.
2024-01-05 17:51:01 +01:00
Johannes Maier
8176a353c1
Add .clang-format and rename to vuln.c
2024-01-05 17:40:12 +01:00
Johannes Maier
1ef96d8206
Init
2024-01-05 17:06:49 +01:00
Maier Johannes
91ca5f9e63
Initial commit
2024-01-05 17:01:10 +01:00
