Hey everyone! This post will serve as a supplement to my first of many tutorials on Buffer Overflows for Linux which will tie into my Exploit Development tutorials. I will try to keep this post focused on the minimum amount of knowledge needed to understand what a buffer overflow is, how it works, and how to perform one. Knowing how to perform Static Analysis or Code Auditing to detect a Buffer Overflow in a program requires some programming knowledge, so I will go into a little bit of programming background (just enough to understand these simple programs), but I will leave any extra knowledge up to the reader by providing resources, and possibly a tutorial later down the road that focuses on actual programming fundamentals.
What You Will Need:
- The VSW VM (VetSec Wargame Virtual Machine), if you plan to follow along. Also has tools pre-installed and all programs pre-loaded. This VM is a light version of Ubuntu 18.04.
- Vagrant, to be able to spin up the VM. This program gives us quick access to tearing down and spinning up VM’s. It also allows me to store my VM as just a config file which is relatively small, adhering to Githubs’ <100MB restriction.
- Virtual Box, to run my VM. I personally prefer VMWare, but to make a quick and easy VM with Vagrant, I had to use Virtual Box, since it was much easier to work with.
- Optional: Git, if you plan to follow the tutorial directly, though you can also just download the VM from my Github without Git. Git will allow you to pull the most recent changes very easily and I highly recommend using it. If you want to learn more, I recommend this for an introduction, this for setting it up, and this for more learning.
- A C compiler. The code in this tutorial is all in C, so a C compiler is needed to compile the programs. I use GCC which is standard to use on Linux.
- Optional: PEDA (Python Exploit Development Assistance), useful for exploit development work and viewing memory. Provides some additional features to GDB.
- Optional but recommended: An initial internet connection when spinning up the VM with Vagrant. Vagrant downloads an image and tools from the internet that are hard-coded into my config file (Vagrantfile). One alternative would be to download the packed VM as a whole from my Google Drive and running it with Vagrant after that. But I can’t guarantee that my Google Drive VM will be the most up to date.
Useful Background Knowledge and Resources:
- C Programming Knowledge. I provide some basics of this programming language that will help you understand what is going on here and will provide more information as needed, but I recommend going beyond that for future tutorials and challenges. The beginning of the book, Hacking: The Art of Exploitation, does a great intro to C programming and is also a great resource for learning this material in general.
- x86 Computer Organization Knowledge. I provide the necessary knowledge that is required to understand a buffer overflow in this tutorial and on my other blog posts here and here, but this base knowledge will need to be expanded as we move into later tutorials. For some basics, I recommend the beginning of this book.
- [Optional] x86 Assembly Language Knowledge: For future challenges/tutorials, knowing x86 Assembly Language will help when not given the source code to look at. (Black Box Testing) A good resource I recommend would be my other blog post here, or this set of youtube videos and/or this crash course from UCF. Or, if you’re a book reader, this book does a great job as well.
- Optional: Reading/skimming my First Post on creating this Wargame that explains more about Vagrant.
Let’s Get Started! But First:
To follow along, make sure you grab the most up to date VM here. To do this, navigate to the link to my VetSec VM, then click the green button near the top right that says ‘Clone or download‘.
Git Method (Preferred):
If you are using Git, first, navigate to a location that you would like to place the download, then copy the link that is displayed, and run the command ‘git clone <paste link here>‘ in a terminal. If HTTPS doesn’t work, you can try SSH which is done by clicking the blue ‘Use SSH‘ after pressing the green button.
Direct Download Method:
You can always download it as a ZIP file and unpack it yourself. This will not allow you to pull the latest changes easily, as you will have to re-download the full zip file and unpack it again, whereas with Git, you simple go to the repository (downloaded/cloned folder) and type ‘git pull‘, which will download just updates for you.
Other Software Checks:
Be sure you have Virtual Box and Vagrant installed, otherwise my VM config file will not work for you and you’re going to have a hard time following along.
Spinning Up The VM:
After downloading the VetSec VM via whatever method you choose and making sure you have Virtual Box and Vagrant installed, we can move on to spinning up the VM. To do this, navigate to the root folder of the Wargame (/VetSec-Wargame) which should have a file called ‘Vagrantfile‘ in it. In this directory, run the command ‘vagrant up‘, and you should see something similar to the image below.
NOTE: If you happen to run into the issue such as:
A VirtualBox machine with the name 'vetsec-wargame' already exists.
Please use another name or delete the machine with the existing
name, and try again.
Then I would suggest opening up the virtualbox app and deleteing/removing the old ‘vetsec-wargame’ vm and delete all of the files with it. Then try ‘vagrant up‘ again.
This will download the OS image for the VM as well as install the tools needed and put the Modules/tutorials into the right places. It may take some time due to internet speed and connection as well as tool installation.
After the command is done running, you will be able to SSH into the VM by running the command ‘vagrant ssh‘.
Navigating To The Modules:
Once you’re logged into the VM, you will be able to navigate to the modules section in the tutorials folder. To begin navigating, I would first use the ‘ls‘ command (which stands for list) in the terminal, which will allow you to see the folders and files that exist at the current directory. Then, using the ‘cd‘ command (which stands for change directory), you can then make your way to the first module. The current path (subject to change) is:
Module 1 – Introduction:
In the Module 1 directory, there should be 7 files, like in the picture below.
Each of the files that ends with ‘.c‘ are known as source files. The ‘.c’ is an extension for a program that was written in the C programming language. Depending on the language a program is written in, this can change. For example, a C++ file would have the extension of ‘.cpp‘ and Java would have the extension of ‘.java‘.
The ‘makefile‘ is a file that I explain in my second post on creating the VetSec VM here and here. What this is used for, is a way for me to automate the commands required to compile my c programs without having a user have to type each command in. I did this because of the odd flags that I had to uses in order to get this challenge to work.
The ‘setup.sh‘ file is a bash script that I wrote in order to run my makefile as well as set up the environment to work for the challenges. In order for these to work in the fashion that I intend to start with, I have to turn off ASLR. This will allow us to not have to factor in one of the more current mitigations to buffer overflows, which is that the stack will shift around and not be at the same memory address each time, which makes exploiting a little bit more difficult.
The ‘README‘ file is just a text file that can be viewed with the ‘cat‘ (short for concatenate) command. This will display the text file in the terminal. It will just explain how to get started with the challenges, assuming someone isn’t following along with this tutorial.
For a better overview of these files, you can read this post. Otherwise, you can move on to the next post, which starts the tutorial for the bufferoverflows.