escaping chroot jails
play

Escaping chroot jails Why? Chroot jails come up in writing - PowerPoint PPT Presentation

May 12, 2023 •247 likes •370 views

Escaping chroot jails Why? Chroot jails come up in writing exploits, CtF competitions, etc. In the context of this class, a good intro to basic UNIX concepts UNIX 101 man man man 2 chroot Users (UID 0 is root)

  1. Escaping chroot jails

  2. Why? ● Chroot jails come up in writing exploits, CtF competitions, etc. ● In the context of this class, a good intro to basic UNIX concepts

  3. UNIX 101 ● “man man” ● “man 2 chroot” ● Users (UID 0 is root) ● Tree of processes, with owners – pstree, ps, top ● Tree of files and directories, with owners and permissions – ls, tree

  4. Explore in the shell a little bit...

  6. After you boot ● Authentication – Ties a person to a process – Typically involves entering username and password

  7. chroot jail ● Intended to keep a process in its own root directory – E.g. , to keep them out of /home directory ● Not intended to keep a superuser who can run arbitrary code contained, but people try to use it for that – FreeBSD has a stronger jail concept, or use Linux Containers

  8. Putting ourselves in a chroot jail...

  9. Breaking out of it... ● Build a new jail inside the one you're in ● Request that the new jail be your jail – Okay because it's smaller and inside the one you're currently in ● Ask to go anywhere you want in the system – Not a problem, because you're not in your jail anyway so you're not getting let out

  10. Explore both versions of the C code...

  11. References ● https://filippo.io/escaping-a-chroot-jail-slash-1/

Recommend

My journey on SMBGhost Angelboy angelboy@chroot.org @scwuaptx Whoami Angelboy

My journey on SMBGhost Angelboy angelboy@chroot.org @scwuaptx Whoami Angelboy

My journey on SMBGhost Angelboy angelboy@chroot.org @scwuaptx Whoami Angelboy Researcher at DEVCORE CTF Player HITCON / 217 Chroot Co-founder of pwnable.tw Speaker HITB GSEC 2018/AVTokyo 2018/VXCON Outline

1.35k views • 107 slides
The structure of the escaping set of a transcendental entire function Gwyneth Stallard (joint

The structure of the escaping set of a transcendental entire function Gwyneth Stallard (joint

The structure of the escaping set of a transcendental entire function Gwyneth Stallard (joint work with Phil Rippon) The Open University Postgraduate Conference in Complex Dynamics March 2015 The escaping set Definition The escaping set is I

650 views • 43 slides
Why I prefer thick jails over thin jails Dan Langille EuroBSDCon 2019 Lillehammer

Why I prefer thick jails over thin jails Dan Langille EuroBSDCon 2019 Lillehammer

Why I prefer thick jails over thin jails Dan Langille EuroBSDCon 2019 Lillehammer @dlangille https://dan.langille.org/ Disclaimer Dont do what Im doing just because Im doing it Its right for me - now Needs

862 views • 30 slides
systemd-nspawn is chroot on steroids LinuxCon Europe 2013 Lennart Poettering October 2013

systemd-nspawn is chroot on steroids LinuxCon Europe 2013 Lennart Poettering October 2013

systemd-nspawn is chroot on steroids LinuxCon Europe 2013 Lennart Poettering October 2013 Lennart Poettering systemd-nspawn is chroot on steroids systemd? systemd! Lennart Poettering systemd-nspawn is chroot on steroids Containers! LXC vs.

460 views • 18 slides
Chw00t: How to break out from various chroot solutions Balzs Bucsay OSCE, OSCP , GIAC GPEN,

Chw00t: How to break out from various chroot solutions Balzs Bucsay OSCE, OSCP , GIAC GPEN,

Chw00t: How to break out from various chroot solutions Balzs Bucsay OSCE, OSCP , GIAC GPEN, OSWP http://rycon.hu/ - https://www.mrg-effitas.com/ @xoreipeip Bio / Balazs Bucsay Hungarian Hacker Strictly technical certificates: OSCE,

557 views • 54 slides
Escaping Saddle Points with Adaptive Gradient Methods Matthew Staib 1 , Sashank Reddi 2 ,

Escaping Saddle Points with Adaptive Gradient Methods Matthew Staib 1 , Sashank Reddi 2 ,

Escaping Saddle Points with Adaptive Gradient Methods Matthew Staib 1 , Sashank Reddi 2 , Satyen Kale 2 , Sanjiv Kumar 2 , Suvrit Sra 1 1. MIT EECS 2. Google Research, New York Escaping Saddle Points with Adaptive Gradient Methods Matthew

614 views • 23 slides
8/29/2018 Diversion, Not Discrimination: Jails, the ADA, and People with Mental Illness ADA

8/29/2018 Diversion, Not Discrimination: Jails, the ADA, and People with Mental Illness ADA

8/29/2018 Diversion, Not Discrimination: Jails, the ADA, and People with Mental Illness ADA Mid-Atlantic Update 2018 September 6, 2018 Tysons, VA Presenter Biography Mark Murphy is the Managing Attorney of the Bazelon Center for Mental

649 views • 19 slides
Current Trends in Jail Operations: Its More Than Just the Sheriffs Problem By: Thomas

Current Trends in Jail Operations: Its More Than Just the Sheriffs Problem By: Thomas

Current Trends in Jail Operations: Its More Than Just the Sheriffs Problem By: Thomas Kerss and David Whitis Law Enforcement Consultants, Texas Association of Counties Managing Risk Exposures for County Jails Operating county jails is

684 views • 17 slides
Magnetospheres of Hot Jupiters: formation of magnetodisk current system in the escaping

Magnetospheres of Hot Jupiters: formation of magnetodisk current system in the escaping

Magnetospheres of Hot Jupiters: formation of magnetodisk current system in the escaping plasma flow of an exoplanet M. L. Khodachenko 1 , T. Zaqarashvili 1 , N.V. Erkaev 2 , S. Dyadechkin 3 , I.F. Shaikhislamov 4 , I.I. Alexeev 5 , E.S.

667 views • 22 slides
RISK MANAGEMENT SERVICES FOR JAILS KY s Statewide Mental Health Service Delivery System

RISK MANAGEMENT SERVICES FOR JAILS KY s Statewide Mental Health Service Delivery System

RISK MANAGEMENT SERVICES FOR JAILS KY s Statewide Mental Health Service Delivery System Montanas Law and Justice Com m ittee Decem ber 1 6 , 2 0 1 1 Connie Milligan, LCSW Ray Sabbatine, MA Bluegrass Regional MH-MR Board Model of

266 views • 16 slides
Creating Learning without Limits: Challenge and Success 1 Baseline assessment? 2 3 Escaping

Creating Learning without Limits: Challenge and Success 1 Baseline assessment? 2 3 Escaping

Creating Learning without Limits: Challenge and Success 1 Baseline assessment? 2 3 Escaping from the bottom set Hargreaves (1982) argues that ability labelling leads to destruction of dignity so massive and pervasive that few

324 views • 19 slides
Escaping the Losses from Trade: The Impact of Heterogeneity on Skill Acquisition Preliminary

Escaping the Losses from Trade: The Impact of Heterogeneity on Skill Acquisition Preliminary

Escaping the Losses from Trade: The Impact of Heterogeneity on Skill Acquisition Preliminary Axelle Ferriere 1 Gaston Navarro 2 Ricardo Reyes-Heroles 2 1 Paris School of Economics 2 Federal Reserve Board Joint Conference on Heterogeneity

845 views • 57 slides
Viral Hepatitis Vaccination Program in County Jails Rebecca Lakey, RN, BSN November 14, 2019

Viral Hepatitis Vaccination Program in County Jails Rebecca Lakey, RN, BSN November 14, 2019

Viral Hepatitis Vaccination Program in County Jails Rebecca Lakey, RN, BSN November 14, 2019 Background Tennessee ranks among states with the highest rates of acute hepatitis B virus (HBV) in the nation In 2012, the Department of Health

373 views • 10 slides
COVID-19: JUSTICE RESPONSES FOR PRETRIAL RELEASE AND JAILS APRIL 29, 2020 1 AGENDA FOR COVID-19

COVID-19: JUSTICE RESPONSES FOR PRETRIAL RELEASE AND JAILS APRIL 29, 2020 1 AGENDA FOR COVID-19

COVID-19: JUSTICE RESPONSES FOR PRETRIAL RELEASE AND JAILS APRIL 29, 2020 1 AGENDA FOR COVID-19 VIRTUAL MEETING Welcome Amber Widgery, NCSL program principal Chief Justice Bridget McCormack, Michigan Supreme Court

325 views • 13 slides
On the escaping set of exponential maps Patrick Comdhr Christian-Albrechts-Universitt zu Kiel

On the escaping set of exponential maps Patrick Comdhr Christian-Albrechts-Universitt zu Kiel

On the escaping set of exponential maps Patrick Comdhr Christian-Albrechts-Universitt zu Kiel Barcelona, 24 November 2015 P. Comdhr (CAU Kiel) Escaping set of exponential maps 24 November 2015 1 / 16 Outline Motivation 1 P. Comdhr

1.12k views • 86 slides
,, LAUNCH A GROUP PROGRAM WHILE ESCAPING YOUR 9 TO 5. NAIL YOUR SYSTEM FOR CONSISTENCY , CLIENTS

,, LAUNCH A GROUP PROGRAM WHILE ESCAPING YOUR 9 TO 5. NAIL YOUR SYSTEM FOR CONSISTENCY , CLIENTS

,, LAUNCH A GROUP PROGRAM WHILE ESCAPING YOUR 9 TO 5. NAIL YOUR SYSTEM FOR CONSISTENCY , CLIENTS AND CASH ~ Sofia Rei fearlessly Who is this webinar for ? If you re a coaching Entrepreneur still in your 9 to 5 and running your

1.3k views • 90 slides
Mental Health Housing and Treatment for Individuals with Serious Mental Illness in the NYC Jails

Mental Health Housing and Treatment for Individuals with Serious Mental Illness in the NYC Jails

Mental Health Housing and Treatment for Individuals with Serious Mental Illness in the NYC Jails Presented by: Elizabeth Ford, MD Chief of Service, Psychiatry Correctional Health Services Mental Health Service Population Data ~3700

405 views • 13 slides
The Anisotropic Noise in Stochastic Gradient Descent: Its Behavior of Escaping from Sharp Minima

The Anisotropic Noise in Stochastic Gradient Descent: Its Behavior of Escaping from Sharp Minima

The Anisotropic Noise in Stochastic Gradient Descent: Its Behavior of Escaping from Sharp Minima and Regularization Effects Zhanxing Zhu , Jingfeng Wu , Bing Yu, Lei Wu, Jinwen Ma. Peking University Beijing Institute of Big Data Research

319 views • 15 slides
Escaping from saddle points on Riemannian manifolds Yue Sun , Nicolas Flammarion , Maryam

Escaping from saddle points on Riemannian manifolds Yue Sun , Nicolas Flammarion , Maryam

Escaping from saddle points on Riemannian manifolds Yue Sun , Nicolas Flammarion , Maryam Fazel Department of Electrical and Computer Engineering, University of Washington, Seattle School of Computer and Communication Sciences,

409 views • 24 slides
Escaping inbox captivity: Managing technology for better employe well-being Larissa (Lacie)

Escaping inbox captivity: Managing technology for better employe well-being Larissa (Lacie)

Escaping inbox captivity: Managing technology for better employe well-being Larissa (Lacie) Barber, Ph.D. San Diego State University Overview Understanding the prevalence, assessment, and costs of inbox captivity Identifying problems with

395 views • 23 slides
Health Coverage for your County Jails Pretrial Population Thursday, February 23, 2012 Support

Health Coverage for your County Jails Pretrial Population Thursday, February 23, 2012 Support

Health Coverage for your County Jails Pretrial Population Thursday, February 23, 2012 Support for this webinar was provided by the Public Welfare Foundation Webinar Agenda Speakers Sarah Somers, Managing Attorney, National Health Law

476 views • 45 slides
86 th Legislative Session Bills Significantly Impacting County Courts County Jails SB 1700

86 th Legislative Session Bills Significantly Impacting County Courts County Jails SB 1700

86 th Legislative Session Bills Significantly Impacting County Courts County Jails SB 1700 Whitmire Relating to the discharge of a prisoner from county jail. 9/1/19 Summary: Amends the Code of Criminal Procedure and the Government Code to

249 views • 4 slides
DISRUPTING MASS INCARCERATION WITH DATA Kelly Jin Every year, 11 million people cycle through

DISRUPTING MASS INCARCERATION WITH DATA Kelly Jin Every year, 11 million people cycle through

DISRUPTING MASS INCARCERATION WITH DATA Kelly Jin Every year, 11 million people cycle through 3,100 local jails, costing over $20B. In local jails: 44% 64% 68% have a mental have a substance have chronic illness use disorder health

310 views • 12 slides
Update on Bail Texas Supreme Court Reforms September 5, 2019 Pretrial Population in Texas Jails

Update on Bail Texas Supreme Court Reforms September 5, 2019 Pretrial Population in Texas Jails

Chief Justice Nathan Hecht Update on Bail Texas Supreme Court Reforms September 5, 2019 Pretrial Population in Texas Jails by Year 45000 80.00% 40000 70.00% 35000 60.00% 30000 50.00% In the past 25 years, the 25000 40.00%

267 views • 6 slides

More recommend