pwnable.kr (Passcode)

Final Study Guide

The purpose of this document is to give you a sense of what types of questions will be asked on the final test.

Format

The final test will be 1 hour during class. It will be of mixed format, including:

  • Multiple choice
  • Fill in the blank
  • Short answer

Scope and Purpose

The basic aim of the final test is twofold:

  • Do you understand basic course concepts?
  • Did you complete the assignments yourself?

To that end, we will ask questions to test your knowledge accordingly. Please note, the following list of concepts is not-exhaustive. It is there to give you an idea. Any concepts covered in the main lecture notes (those delivered by Dr. Essex) and the assignments are fair game.

Basic hacking concepts

You should understand and be able to answer basic hacking concepts covered in the course including (but not limited to):

  • Basic hacking ethics. What differentiates black hat, grey hat and white hack hacking?
  • Coordinated vs. full vs. non-disclosure of vulnerabilities
  • What is a vulnerability, exploit payload?
  • The CVE catalogue and CVSS scoring
  • Attack types: phishing, cross-site scripting attack types (persistent/reflected/DOM), code injection, etc.
  • Basic defensive/protective measures: password hashing (including salting, dictionary attacks, and the shadow file), input santization, etc.
  • Basics of the OSI model, specifically the difference between the data link, network, transport and higher layers
  • Wifi: what information information is broadcast and visible with and without wifi encryption
  • Basics if IPv4 including CIDR notation for expressing IP ranges
  • Basics of network services: what is ssh, ports, whois, nmap
  • UNIX/Linux file permissions and privilege, including the difference between a user and group, read/write/execute, SUID and SGID, hidden files (e.g., .filename)
  • Basic C syntax (including the reference (*) and dereference (& operators ), the reason for the insecurity of the gets function.
  • Basics of 32-bit architecture and memory including the difference between big and little endianness, how integers and strings are stored in memory, the the role and locations of the stack, heap, data and text regions
  • Basics of 32-bit executables including the stack frames, the base, stack and instruction pointers and what happens on the stack after a stack frame returns (e.g., how the pointers change and what remains on the stack)
  • Basic gdb commands like print (p), examine (x) and the difference between
  • Basics of stacks and stack frames, including how stack contexts are saved on the stack (i.e., return addresses)
  • Basics execution protections, including non-executable (NX) flags and address-space layout randomization
  • Basics of buffer overflow attacks

In addition, there will be a question that tests your understanding of concepts covered by the 32-bit buffer-overflow exploits we studied in class and in the assignments:

  • The pwnable.kr col, passcode and bof challenges
  • The questions from assignments 3 and 4

Finally, for the most we will not be covering the topics from the presentations.