187663-Thumbnail Image.png
Description
As computing evolves and libraries are produced for developers to create efficientsoftware at a faster rate, the security of a modern program is an area of great concern because complex software breeds vulnerabilities. Due to the criticality of computer systems security, cybersecurity

As computing evolves and libraries are produced for developers to create efficientsoftware at a faster rate, the security of a modern program is an area of great concern because complex software breeds vulnerabilities. Due to the criticality of computer systems security, cybersecurity education must maintain pace with the rapidly evolving technology industry. An example of growth in cybersecurity education can be seen in Pwn.college – a publicly available resource composed of modules that teach computer systems security. In reaction to the demand for the expansion of cybersecurity education, the pwn.college developers designed a new set of modules for a course at Arizona State University and offered the same modules for public use. One of these modules, the “babyfile” module, was intended to focus on the exploitation of FILE structures in the C programming language. FILE structures allow for fast and efficient file operations. Unfortunately, FILE structures have severe vulnerabilities which can be exploited to attain elevated privileges for reading data, writing data, and executing instructions. By researching the applications of FILE structure vulnerabilities, the babyfile module was designed with twenty challenges that teach pwn.college users how to exploit programs by misusing FILE structures. These challenges are sorted by increasing difficulty and the intended solutions utilize all the vulnerabilities discussed in this paper. In addition to introducing users to exploits against FILE structures, babyfile also showcases a novel attack against the virtual function table, which is located at the end of a FILE structure.
Reuse Permissions


  • Download restricted.
    Download count: 3

    Details

    Title
    • Preparing an Educational Module on File Pointer Exploitation in C
    Contributors
    Date Created
    2023
    Resource Type
  • Text
  • Collections this item is in
    Note
    • Partial requirement for: M.S., Arizona State University, 2023
    • Field of study: Computer Science

    Machine-readable links