CMU 15-445/645 – Homework assignment #1 SQL

0x00. Desciption

execute sql queies in SQLite in IMDB database.

0x01. Evn setup

I’m using Ubuntu20.04 VM for this homework. The VM is installed on VMware Workstation Pro 15. There’re several steps to prepare:

  1. install SQLite, sudo apt-get install sqlite3 libsqlite3-dev

  2. Download dataset, wget https://15445.courses.cs.cmu.edu/fall2019/files/imdb-cmudb2019.db.gz

  3. verify dataset, md5 imdb-cmudb2019.db.gz

  4. Unzip and execute it, gunzip imdb-cmudb2019.db.gz and sqlite3 imdb-cmudb2019.db

继续阅读“CMU 15-445/645 – Homework assignment #1 SQL”

ECE9609 – Notes for Sudo Heap-based Buffer Overflow (CVE-2021-3156)

Sudo Heap-based Buffer Overflow (CVE-2021-3156)

Background

Common Vulnerabilities & Exposures, so-called CVE, is a dictionary of system vulnerabilities that has been disclosed to the public. Normally, it consists of CVE-ID, a description, and a list of references. Specifically speaking, the CVE-ID specifies the identity of a particular CVE, the description field explains the detail of this CVE, and the references list all reports from each department that found this CVE. In this presentation, we are going to explore the latest CVE, CVE-2021-3156. It reported that the command “sudoedit -s” and any command that ends with a single backslash character will mistakenly promote the user’s permission as well as the root.

继续阅读“ECE9609 – Notes for Sudo Heap-based Buffer Overflow (CVE-2021-3156)”

Limit GPU memory growth in tensorflow 2.4.x by setting environment variable

Simplest way(TensorFlow 2.2+)

import tensorflow as tfgpus = tf.config.experimental.list_physical_devices('GPU')for gpu in gpus:  tf.config.experimental.set_memory_growth(gpu, True)

Or set environment variable

set TF_FORCE_GPU_ALLOW_GROWTH to true.

if TensorFlow 2.0 and 2.1

import tensorflow as tftf.config.gpu.set_per_process_memory_growth(True)

Source:

  1. https://www.tensorflow.org/guide/gpu#limiting_gpu_memory_growth
  2. https://stackoverflow.com/questions/34199233/how-to-prevent-tensorflow-from-allocating-the-totality-of-a-gpu-memory/34200194#34200194

ECE9609 – assignment 2, PicoCTF buffer overflow challenges

Assignmnet 2

Starting from assignment 2, I’ll use a Kali Linux VM to do the homework.


Question 1 – File Permissions

Following the steps:

Daddy told me about cool MD5 hash collision today.
I wanna do something like that too!

ssh col@pwnable.kr -p2222 (pw:guest)

Login pwnable’s server through port 2222:

继续阅读“ECE9609 – assignment 2, PicoCTF buffer overflow challenges”

ECE9609 – assignment 1, PicoCTF easy challenges

Web Exploitation

dont-use-client-side

from the title of the challenge, I could know that the exploit is most likely on the client side, which is the web page of the challenge.
After open the web page provided in the description, it’s a simple login form asking for a credential. Since it’s a web page, I open dev tool in Chrome to look at the source.
And then, I discoverd the following JS code. The js is to valid the string input from the form. and valid the string by spliting the string. So just append the string together would be the flag I need(at the order of the splitting).

function verify() {
    checkpass = document.getElementById("pass").value;
    split = 4;
    if (checkpass.substring(0, split) == 'pico') {
      if (checkpass.substring(split*6, split*7) == '723c') {
        if (checkpass.substring(split, split*2) == 'CTF{') {
         if (checkpass.substring(split*4, split*5) == 'ts_p') {
          if (checkpass.substring(split*3, split*4) == 'lien') {
            if (checkpass.substring(split*5, split*6) == 'lz_7') {
              if (checkpass.substring(split*2, split*3) == 'no_c') {
                if (checkpass.substring(split*7, split*8) == 'e}') {
                  alert("Password Verified")
                  }
                }
              }
      
            }
          }
        }
      }
    }
    else {
      alert("Incorrect password");
    }
    
  }

the flag is picoCTF{no_clients_plz_7723ce}(the reassemble of the flag could be done by a simple program, but it’s just very short string, I just glued it together by hand).

继续阅读“ECE9609 – assignment 1, PicoCTF easy challenges”

项目服务器选择,Linode vs Vultr vs Upcloud

0. intro

最近新的项目需要一台VPS,要求域名不需要备案,带宽以及流量大,国内访问速度尚可,稳定。经过考虑,首先排除了国内的商家(阿里云,腾讯云境外机房贵而且带宽小),其次排除国内外小商家(oneman),以免随时跑路。最终还是在Linode, Vultr 和 Upcloud等几个商家中。

除了上面提到的几个外,可选的还有例如Amazon Lightsail,GCE,DO,Krypt等,但是这几个都不符合我的要求,要么线路太差,要么价格太贵。

我需要缓存一定量的数据到内存中,内存大小也是我一个重要的考虑因素,虽然如此,但这几家的内存大小都和价格一致,也没什么办法了。在寻找VPS的过程中,我发现了一家德国公司Contabo,他们公司新开了一个美国机房,虽然线路不好,但是套个Cloudflare也不是不可用。Contabo可以做到13 usd给16G内存,400G的SSD,6个vCore(部分还是EYPC)以及400Mb的不限量带宽,非常诱人。

德国的厂商只用过Netcup的VDS,给我的印象是他们对客户的身份审核非常认真,Netcup我发送了信用卡以及护照+驾照的翻译件才通过审核(国际驾照翻译即可),所以对德国商家还是印象不错的。不过Contabo我需要的这款需要5 EUR的设置费,十分难受,就没有测试,如果之后10 usd的2G内存不够用,再考虑迁移吧。

继续阅读“项目服务器选择,Linode vs Vultr vs Upcloud”