Download Cyber Security notes for the purpose of computer hardware and more Lecture notes Computer Science in PDF only on Docsity!
#Q.
System Calls
Think of a remote starting system for your vehicle. When you press a button, a message is sent to the vehicle and the engine is started. The doors remain locked, the trunk doesn't open, nor does the car put itself in drive. It just starts.
A system call is like a remote start application. It's an interface to an operating system, but it doesn't have direct access to the operating system (the engine). A program accesses the service through an Application Programming Interface (API).
There are common APIs available for most operating systems or virtual machines:
API Operating System Win32 API Windows POSIX API Unix, Linux, Mac OS X Java API Java Virtual Machine (JVM) A processor in an operating system will have two modes for running: user mode and kernel mode. User mode has fewer permissions to the underlying operating system, but a process in kernel mode can work with operating system files or data. In the car-starting program, the actual fob does not have access to the engine, but the software calls the starting routine and that is run in kernel mode.
To invoke a system call, the following registers are
involved
1. RAX — This register contains the system call
number. Each system call has a predefined number
and the system calls are defined in this file /usr/
include/x86_64-linux-gnu/asm/unistd_64.h.
2. RDI — this register contains the value of the first
argument to be passed to the system call
3. RSI — this register contains the value of the second
argument
4. RDX — 3rd argument
5. R10 -4th argument
6. R8- 5th argument
7. R9–6th argument
Lets see how an exit sys call is manifested
The exit system call number is 60. This value will be
put in RAX register. The only argument of an exit call
is status. We put 0 as the value for it as the first
argument in RDI register.
mov rax, 60 //moves 60 to the RAX register
mov rdi, 0 //moves 0 to RDI register
Lets write a simple program which will print a
message on screen. Will explore the write system call.
The write sys call has the underlying signature
ssize_t write(int fd, const void *buf, size_t count)
first argument is the file descriptor. The fd gives the
userspace a handle to the file. Since in Linux
everything is a file, the streams like stdin, stdout and
stderr are also represented as files. The fd for stdin is
0, for stdout is 1 and stderr is 2.
To Print a message to screen we need to write to
stdout , which means to the file descriptor 1.
The sys call number for write is 1 , which means the
RAX register will have the value 1
First argument is put in RDI register, which means RDI
will have value 1 (fd for stdout)
Mov rax 1 puts sys call number 1 into the RAX register.
Sys call number 1 is for write sys call. Similarly all
other arguments are put into specified register as per
sys call protocol.
Finally the syscall instruction is called to make a
switch into kernel space where the control is now
transferred and kernel uses the populated register
values to invoke the system call.
Example
Install nasm and gcc on the ubuntu machine
Create test.nasm
Assemble the file
nasm -felf64 test.nasm -o test.o
Link the file
ld test.o -o test
Executing the file
We see we get a segmentation fault as the code after
the system call doesn’t know where to return
We will add a exit system call to the code
read (system call)
In modern POSIX compliant operating systems, a program that needs to access data from a file stored in a file system uses the read system call. The file is identified by a file descriptor that is normally obtained from a previous call to open. This system call reads in data in bytes, the number of which is specified by the caller, from the file and stores then into a buffer supplied by the calling process.
The read system call takes three arguments:
- The file descriptor of the file.
- the buffer where the read data is to be stored and
- the number of bytes to be read from the file.
In modern POSIX compliant operating systems, a program that needs to access data from a file stored in a file system uses the read system call. The file is identified by a file descriptor that is normally obtained from a previous call to open. This system call reads in data in bytes, the number of which is specified by the caller, from the file and stores then into a buffer supplied by the calling process.
The read system call takes three arguments:
- The file descriptor of the file.
- the buffer where the read data is to be stored and
- the number of bytes to be read from the file.
#Q.
Basically, a step by step approach of what exactly happens:
- (^) Application program makes a system call by invoking wrapper function in C library
- This wrapper functions makes sure that all the system call arguments are available to trap-handling routine
- Generally, a stack is used to pass these arguments to wrapper function. But the Kernel looks into specific registers for these arguments. Hence the wrapper function also takes care of copying these arguments to specific registers
- Each system call has a unique call number which is used by kernel to identify which system call is invoked. The wrapper function again copies the system call number into specific CPU registers
On CTF365 users build and defend their own servers while launching attacks on other users’ servers. The CTF365 training environment is designed for security professionals who are interested in training their offensive skills or sysadmins interested in improving their defensive skills. If you are a beginner to infosec, you can sign up for a free beginner account and get your feet wet with some pre-configured vulnerable servers.
2. OVERTHEWIRE
OverTheWire is designed for people of all experience levels to learn and practice security concepts. Absolute beginners are going to want to start on the Bandit challenges because they are the building blocks you’ll use to complete the other challenges.
3. HACKING-LAB
Hacking-Lab provides the CTF challenges for the European Cyber Security Challenge, but they also host ongoing challenges on their platform that anyone can participate in. Just register a free account, setup vpn and start exploring the challenges they offer.
4. PWNABLE.KR
http://pwnable.kr focuses on ‘pwn’ challenges, similar to CTF, which require you find, read and submit ‘flag’ files corresponding to each challenge. You must use some sort of programming, reverse-engineering or exploitation skill to access the content of the files before you are able to submit the solution.
They divide up the challenge into 4 skill levels: Toddler’s Bottle, Rookiss, Grotesque and Hacker’s Secret. Toddler’s Bottle are very easy challenges for beginners, Rookiss is rookie level exploitation challenges, Grotesque challenges become much more difficult and painful to solve and, finally, Hacker’s Secret challenges require special techniques to solve.
5. IO
IO is a wargame from the createors of netgarage.org, a community project where like-minded people share knowledge about security, AI, VR and more. They’ve created 3 versions, IO, IO64 and IOarm, with IO being the most mature. Connect to IO via SSH and you can begin hacking on their challenges.
6. SMASHTHESTACK
SmashTheStack is comprised of 7 different wargames – Amateria, Apfel (currently offline), Blackbox, Blowfish, CTF (currently offline), Logic and Tux. Every wargame has a variety of challenges ranging from standard vulnerabilities to reverse engineering challenges.
7. MICROCORRUPTION
Microcorruption is an embedded security CTF where you have to reverse engineer fictional Lockitall electronic lock devices. The Lockitall devices secure the bearer bounds housed in warehouses owned by the also fictional Cy Yombinator company.
Along the way you’ll learn some assembly, how to use a debugger, how to single step the lock code, set breakpoints, and examine memory all in an attempt to steal the bearer bonds from the warehouses.
8. REVERSING.KR
Reversing.Kr has 26 challenges to test your cracking and reverse engineering abilities. The site hasn’t been updated since the end of 2012, but the challenges available are still valuable learning resources.
9. HACK THIS SITE
Hack This Site is a free wargames site to test and expand your hacking skills. It features numerous hacking missions across multiple categories including Basic, Realistic, Application, Programming, Phonephreaking, JavaScript, Forensic, Extbasic, Stego and IRC missions. It also boasts a large community with a large catalog of hacking articles and a forum for to have discussions on security related topics. Finally, they’ve recently announced they are going to be overhauling the dated site and codebase, so expect some big improvements in the coming months.
10. W3CHALLS
W3Challs is a pentesting training platform with numerous challenges across different categories including Hacking, Cracking, Wargames, Forensic, Cryptography, Steganography and Programming. The aim of the platform is to provide realistic challenges, not simulations and points are awarded based on the difficulty of the challenge (easy, medium, hard). There’s a forum where you can discuss and walkthrough the challenges with other members.
11. PWN
pwn0 is the VPN where (almost) anything goes. Go up against pwn0bots or other users and score points by gaining root on other systems.
12. EXPLOIT EXERCISES
Exploit Exercises provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.
13. RINGZER0 TEAM ONLINE CTF
RingZer0 Team Online CTF offers a ton of challenges, 234 as of this post, that will test your hacking skills across multiple categories including Cryptography, Jail Escaping, Malware Analysis, SQL Injection, Shellcoding and more. After you successfully complete a challenge, you can write up your solution and submit it to the RingZer0 Team. If your write up is accepted, you’ll earn RingZer0Gold which can be exchanged for hints during future challenges.
14. HELLBOUND HACKERS
22. CTFTIME
While CTFtime is not a hacking site like the others on this list, it is great resource to stay up to date on CTF events happening around the globe. So if you’re interested in joining a CTF team or participating in an event, then this is the resource for you
The hacking contests are commonly known as Capture the Flag (CTF) competitions and these events test your knowledge and familiarity in different fields including (but not limited to) Website exploitation, Reverse Engineering, Cryptography, Privilege Escalation and Forensics to obtain a key (called flag) hidden in the problem, which is the solution to that problem. There are resources (spread all over the internet) to help you build up your skills for these events and also to gain familiarity with practical scenarios in the field of security.
A good site to track various CTFs happening around the world is All about CTF (Capture the Flag). It contains details of previous events and maintains writeups for most of the problems.
In India, many hacking contests are conducted in technical/departmental fests of engineering colleges. Codefest, the fest of the department of Computer Science of IIT(BHU ) also conducts its own CTF event and attracts a huge participation all over the world. Codefest which started way back in 2010, garnered a participation of more than 2000 across 59 countries in its first edition. Since then, there have been 3 more editions of Codefest, with the latest one creating a formidable network of more than 10000 programmers touching 97 countries in 2017.
It also covers a plethora of other online events based on Artificial Intelligence, Machine Learning, Competitive Programming, Cryptography, App Development, etc.
You can visit its website to participate in the CTF (among other) events at Codefest 2018 | IIT (BHU) Varanasi
I would also argue it being one of the largest coding festivals across India with a prize money of Rs.475000 and participation of over 300 colleges in India. With the next edition due in 2018, we hope it will outperform its previous editions and bring out the best of programmers on a single platform.
Some other prominent colleges that conduct CTFs are IIT Roorkee (Backdoor CTF), IIIT Hyderabad (Break-in CTF), Amrita University (InCTF) etc.
Apart from these, information security conferences also conduct CTFs, among which the most well-known is NULLCON.
