forked from cliffe/SecGen
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path3_c_and_asm.xml
135 lines (118 loc) · 6.39 KB
/
3_c_and_asm.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<name>C and Assembly lab</name>
<author>Thalita Vergilio</author>
<description>
# Introduction
In this lab, we delve into the world of C programming and assembly language, covering essential concepts and practical tasks to build a strong foundation in low-level programming. We begin by exploring the use of structs in C, a fundamental data type for handling composite data structures. You'll learn how to define and manipulate structs, enabling you to work with more complex data in programs.
Moving on to memory management, you'll understand the difference between the stack and heap, gaining insights into dynamic memory allocation and the crucial task of memory deallocation to prevent memory leaks. Practical examples and exercises will guide you through these concepts, including using the Valgrind tool to check for memory issues. Additionally, you'll dive into the world of bitwise operators, essential for disassembling code. You'll explore the use of operators like AND, OR, XOR, and more, and even work on a challenge where you'll need to reverse engineer a binary code. Finally, we introduce you to the fascinating realm of assembly language for 32-bit x86 processors, covering registers, flags, operands, and basic instructions. You'll practice disassembling code, identifying key elements, and gaining insights into the low-level operations of a computer system. Practical challenges and real-world scenarios will empower you with the knowledge and skills needed for low-level programming and reverse engineering.
In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you have found the password, run the program and enter the password to receive the flag.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1mVd3oXwGTE3zbMirJ0-0c3WROpjvtxAhTLw6lS9sZTg/edit?usp=sharing</lab_sheet_url>
<type>ctf-lab</type>
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="MAT" topic="Malware Analysis">
<keyword>analysis techniques</keyword>
<keyword>analysis environments</keyword>
</CyBOK>
<CyBOK KA="MAT" topic="Technical Underpinning">
<keyword>Technical underpinnings for malware analysis: C</keyword>
<keyword>Technical underpinnings for malware analysis: ASM</keyword>
</CyBOK>
<video>
<title>From C to Assembly Language</title>
<by>Thalita Vergilio</by>
<url>https://youtu.be/QbyorEb3WTs</url>
<type>lecture-prerecorded</type>
<CyBOK KA="MAT" topic="Technical Underpinning">
<keyword>Technical underpinnings for malware analysis: ASM</keyword>
<keyword>Technical underpinnings for malware analysis: C</keyword>
</CyBOK>
</video>
<system>
<system_name>metactf</system_name>
<base distro="Debian 12" type="desktop" name="KDE"/>
<utility module_path=".*/reversing_tools"/>
<utility module_path=".*/parameterised_accounts">
<input into="accounts" into_datastore="account">
<generator type="account">
<input into="username">
<generator type="random_sanitised_word">
<input into="wordlist">
<value>mythical_creatures</value>
</input>
</generator>
</input>
<input into="password">
<value>tiaspbiqe2r</value>
</input>
<input into="super_user">
<value>false</value>
</input>
</generator>
</input>
</utility>
<utility module_path=".*/kde_minimal">
<input into="autologin_user">
<datastore access="0" access_json="['username']">account</datastore>
</input>
<input into="accounts">
<datastore>account</datastore>
</input>
<input into="autostart_konsole">
<value>true</value>
</input>
</utility>
<utility module_path=".*/handy_cli_tools"/>
<utility module_path=".*/hash_tools"/>
<utility module_path=".*/metactf">
<input into="challenge_list">
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_csp/Ch1-2/Ch2_03_IntOverflow</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_csp/Ch1-2/Ch2_03_TwosComplement</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_csp/Ch1-2/Ch2_03_XorInt</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch01-08/Ch04x86_AsciiInstr</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch01-08/Ch04x86_AsciiStrcmp</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_csp/Ch1-2/Ch2_01_Endian</value>
</input>
</generator>
</input>
<input into="account">
<datastore>account</datastore>
</input>
</utility>
<network type="private_network" range="dhcp"/>
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
</scenario>