CCC – Page 3 – muellis blog

BufferOverflow Workshop at EasterHegg09

During Easterhegg I held a workshop together with hc. It was about Buffer Overflows, which used to be the most common security vulnerability a couple of years ago.

We gave a talk explaining the basic concepts of processes and how they work on x86 machines. This was heavily packed with information and I really think we couldn’t make everything clear in the first run. But as it was planned as workshop, we intended to give people stuff they can chew on Basically, we took stuff from the excellent Phrack article Smashing the Stack for Fun and Profit which is nearly 13 years old by now.

As modern operating systems protect themselves against the consequences of buffer overflows, we prepared a virtual machine with QEmu/KVM so that exploits will work. It’s an old debian woody with an SSH daemon and build essentials.

Of course I have changed the image in the last minutes, because I wanted to improve it. And of course something went terribly wrong: The root filesystem was corrupted and fsck deleted important files, leaving the image in a useless state. We had to port my changes back to the old image.

Of course, we wanted to distribute the ~1GB image among our workshop guests. As we expected 50 people to show up and didn’t want to stress the WiFi so much, I intended to use BitTorrent, but it’s not as easy and smart as it could be: We are NATted, so using an external tracker would FAIL. Also, it can’t multicast the packets, which would perfectly make sense if many people start to download the torrent in the same network. We ended up having a usb pendrive and a thttpd serving the tarred image. Not very smart or efficient.

After the people ran that images, they couldn’t login with SSH due to a mysterious heisenbug. I suspect our last-minutes changes to be the culprit but I can’t provide a more technical error description. The SSH daemon worked quite well *in* the image, but as soon as you wanted QEmu to redirect the traffic into the machine, it FAILed: The connection was established, but no data was transferred. Could be a bug in QEmu as well.
The people either worked through the QEmu widget or set up a TUN device to get the network up and running…
That pissed some people off which then left. We ended up with 20 people trying to hack themselves

We prepared examples in the image, some of them copied from Gera, e.g.:

/* stack1.c                                     *
 * specially crafted to feed your brain by gera */

int main() {
	int cookie;
	char buf[80];

	printf("buf: %08x cookie: %08xn", &buf, &cookie);
	gets(buf);

	if (cookie == 0x41424344)
		printf("you win!n");
}

The people were supposed to make the program print “you win!”. If you know, how a stack works, it’s actually simple. Do you know, what input you have to feed in order to win!?
Oh, you don’t want to compile this program with anything other than -O0 because the compiler rearranges the variables on the stack so that you can’t overwrite the integer…

In the end, I think I am satisifed with the workshop, although things could have worked better. We had pretty smart people which were really curious how stuff works. They have learned a lot and I guess they had fun with that as well

mrmcd0x8 – Call for Participation

Die MetaRheinMain ChaosDays gehen in eine neue Runde *yay*! Ich werd’ wohl dieses Jahr nicht koennen, aber ich war ja nun auch schon oft genug dort Wenn du einen Vortrag oder einen Workshop einreichen willst, benutze bitte das Pentabarf. Ein Grund, etwas einzureichen (oder um einfach nur hinzugehen) ist das Pornophonique Konzert! Wirklich empfehlenswert.

c&p von der offiziellen Seite:

Der CCCMZ, C3F2M, CCC Mannheim, oqlt, der IT Stammtisch Darmstadt und CDA laden zu den achten MetaRheinMain ChaosDays ein.

Die MetaRheinMain Chaosdays 0x8 sind ein jährlich stattfindender Kongress, der dieses Jahr unter dem Motto “Zurueck zum Thema” mit den Themenschwerpunkten Journalismus, Gesellschaft und Technik vom c3f2m Frankfurt, CCCmz (Mainz/Wiesbaden), der Hochschulgruppe Chaos Darmstadt, dem AK Vorrat und weiteren regionalen Gruppen im Rhein-Main-Neckargebiet organisiert wird. Die MRMCDs finden dieses Jahr vom 04.09-06.09.2009 an der Technischen Universität Darmstadt statt. Drei Tage lang werden Vorträge, Diskussionen und ein Hackcenter geboten.

Die Vorträge und Workshops richten sich mit Themen sowohl an die breite Öffentlichkeit, als auch an spezialisierte Interessen. Auf diese Weise soll die wissenschaftliche Anbindung und der Bezug zum aktuellen öffentlichen Diskurs gewahrt werden. Folgende Schwerpunkte bilden das Rückgrat der Veranstaltung:

Journalismus

Gesellschaft

Technik

Darunter fallen z. B.: Wahlmaschinen, Überwachung, Kryptographie, IT-Sicherheit, Biometrie, Vorratsdatenspeicherung, BKA-Gesetz, Elektronische Gesundheitskarte, Auswirkung der Weiterentwicklung von Technik auf die Gesellschaft, Chaos Kultur, Projekt- und Selbstmanagement.

26C3: Here Be Dragons

Well well, the next Chaos Communication Congress has been officially announced *yay*! This years motto will be Here Be Dragons.

This motto is not as bad as I intuitively thought. It reflects the current political situation pretty well: It seems as if the politicians are actively avoiding knowledge in the area of IT.

You should consider to come by as well as sending in a paper! You have time until 2009-10-09 to submit your proposal via Pentabarf.

I don’t know if I can make it, but I’ll certainly try

Taxi from Hamburg to HAR2009

Pre-Sense is sponsoring a bus ride for up to 30 people to the HAR2009! The way back to Hamburg is sponsored as well. Also, you can win two HAR tickets!

It’s very kind of that young company to sponsor that trip and thus enable young hackers to meet with the brightest people in the IT-Security area. I wonder if they hope that some of these young hackers will take one of their open positions in the future

Anyway, feel free to register for the bus ride or win a ticket. The details can be found at http://www.pre-sense.de/har2009.html.

Easterhegg 2009

The Hamburg branch from CCC is going to hold the annual Easterhegg! If you have spare time around easter (2009-04-10 till 2009-04-13) then consider to come around!

Easterhegg Logo

Also, see the website for further information.

Your HAR2009 Tickets

I received my ticket for the HAR2009 which takes place from August 13th till August 16th somewhere in the Netherlands!

If you buy your ticket until 2009-03-31, you’ll get a 25 Euro discount. If you additionally use the code “SURFBIRD”, you’ll get additional 5 Euro off. That translates to 150 Euros for a ticket.

I hope, it’s going to be an awesome CCCamp this year I’m really looking forward to this hackers holidays.

Balls of Steel (§202c)

I just received a mail where some dude told that he reported himself to the Police. He accused himself of “obtaining posesssion” and “creating” passwords which could be used for a crime afterwards. He supposes that to be illegal due to the famous german “Hackerparagraph” §202c.

He says he downloaded and printed an article from the New York Times (maybe he meant this one?) which listed the 20 most common passwords on MySpace.
Also he used pwgen to generate passwords himself.

His first try to denounce himself failed because the police officer said that *this* wasn’t justiciable. The second attempt, though, succeeded. He offered his police report as downloadable PDF.

I have to say: Respect Mr. Balls of Steel! I am eager to see how that’s turning out.