final tweaks to documentations, added intro and final presentation slidesHEAD master

author: Louis Burda <quent.burda@gmail.com> 2021-07-21 19:37:15 +0200
committer: Louis Burda <quent.burda@gmail.com> 2021-07-21 19:37:15 +0200
commit: 6a321759f6f75e7e14a29fde7cd0fa359d14215e (patch)
tree: d3d4e8d1a8a93892ff8dcb9b83d1b0faedfa9bdf /documentation/slides/index.html
parent: 6a5e16ed307a1159d836aa2085f92ecb7532b0a4 (diff)
download: enowars5-service-stldoctor-6a321759f6f75e7e14a29fde7cd0fa359d14215e.tar.gz
enowars5-service-stldoctor-6a321759f6f75e7e14a29fde7cd0fa359d14215e.zip
1 files changed, 0 insertions, 699 deletions
diff --git a/documentation/slides/index.html b/documentation/slides/index.html
deleted file mode 100644
index cc0aa6a..0000000
--- a/documentation/slides/index.html
+++ /dev/null
@@ -1,699 +0,0 @@
-<!doctype html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0">
-  <title>STLDoctor</title>
-  <style type="text/css">
-    body {
-  font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;
-  color: #222;
-  font-size: 100%;
-}
-
-.slide {
-  position: absolute;
-  top: 0; bottom: 0;
-  left: 0; right: 0;
-  background-color: #f7f7f7;
-}
-
-.slide-content {
-  width: 800px;
-  height: 600px;
-  overflow: hidden;
-  margin: 80px auto 0 auto;
-  padding: 30px;
-
-  font-weight: 200;
-  font-size: 200%;
-  line-height: 1.375;
-}
-
-.controls {
-  position: absolute;
-  bottom: 20px;
-  left: 20px;
-}
-
-.arrow {
-  width: 0; height: 0;
-  border: 30px solid #333;
-  float: left;
-  margin-right: 30px;
-
-  -webkit-touch-callout: none;
-  -webkit-user-select: none;
-  -khtml-user-select: none;
-  -moz-user-select: none;
-  -ms-user-select: none;
-  user-select: none;
-}
-
-.prev {
-  border-top-color: transparent;
-  border-bottom-color: transparent;
-  border-left-color: transparent;
-
-  border-left-width: 0;
-  border-right-width: 50px;
-}
-
-.next {
-  border-top-color: transparent;
-  border-bottom-color: transparent;
-  border-right-color: transparent;
-
-  border-left-width: 50px;
-  border-right-width: 0;
-}
-
-.prev:hover {
-  border-right-color: #888;
-  cursor: pointer;
-}
-
-.next:hover {
-  border-left-color: #888;
-  cursor: pointer;
-}
-
-h1 {
-  font-size: 300%;
-  line-height: 1.2;
-  text-align: center;
-  margin: 170px 0 0;
-}
-
-h2 {
-  font-size: 100%;
-  line-height: 1.2;
-  margin: 5px 0;
-  text-align: center;
-  font-weight: 200;
-}
-
-h3 {
-  font-size: 140%;
-  line-height: 1.2;
-  border-bottom: 1px solid #aaa;
-  margin: 0;
-  padding-bottom: 15px;
-}
-
-ul {
-  padding: 20px 0 0 60px;
-  font-weight: 200;
-  line-height: 1.375;
-}
-
-.author h1 {
-  font-size: 170%;
-  font-weight: 200;
-  text-align: center;
-  margin-bottom: 30px;
-}
-
-.author h3 {
-  font-weight: 100;
-  text-align: center;
-  font-size: 95%;
-  border: none;
-}
-
-a {
-  text-decoration: none;
-  color: #44a4dd;
-}
-
-a:hover {
-  color: #66b5ff;
-}
-
-pre {
-  font-size: 60%;
-  line-height: 1.3;
-}
-
-.progress {
-  position: fixed;
-  top: 0; left: 0; right: 0;
-  height: 3px;
-  z-index: 1;
-}
-
-.progress-bar {
-  width: 0%;
-  height: 3px;
-  background-color: #b4b4b4;
-
-  -webkit-transition: width 0.05s ease-out;
-  -moz-transition: width 0.05s ease-out;
-  -o-transition: width 0.05s ease-out;
-  transition: width 0.05s ease-out;
-}
-
-.hidden {
-  display: none;
-}
-
-@media (max-width: 850px) {
-
-  body {
-    font-size: 70%;
-  }
-
-  .slide-content {
-    width: auto;
-  }
-
-  img {
-    width: 100%;
-  }
-
-  h1 {
-    margin-top: 120px;
-  }
-
-  .prev, .prev:hover {
-    border-right-color: rgba(135, 135, 135, 0.5);
-  }
-
-  .next, .next:hover {
-    border-left-color: rgba(135, 135, 135, 0.5);
-  }
-}
-
-@media (max-width: 480px) {
-  body {
-    font-size: 50%;
-    overflow: hidden;
-  }
-
-  .slide-content {
-    padding: 10px;
-    margin-top: 10px;
-    height: 340px;
-  }
-
-  h1 {
-    margin-top: 50px;
-  }
-
-  ul {
-    padding-left: 25px;
-  }
-}
-
-@media print {
-  * {
-    -webkit-print-color-adjust: exact;
-  }
-
-  @page {
-    size: letter;
-  }
-
-  .hidden {
-    display: inline;
-  }
-
-  html {
-    width: 100%;
-    height: 100%;
-    overflow: visible;
-  }
-
-  body {
-    margin: 0 auto !important;
-    border: 0;
-    padding: 0;
-    float: none !important;
-    overflow: visible;
-    background: none !important;
-    font-size: 52%;
-  }
-
-  .progress, .controls {
-    display: none;
-  }
-
-  .slide {
-    position: static;
-  }
-
-  .slide-content {
-    border: 1px solid #222;
-    margin-top: 0;
-    margin-bottom: 40px;
-    height: 3.5in;
-    overflow: visible;
-  }
-
-  .slide:nth-child(even) {
-    /* 2 slides per page */
-    page-break-before: always;
-  }
-}
-
-/*
-
-github.com style (c) Vasily Polovnyov <vast@whiteants.net>
-
-*/
-
-.hljs {
-  display: block;
-  overflow-x: auto;
-  padding: 0.5em;
-  color: #333;
-  background: #f8f8f8;
-}
-
-.hljs-comment,
-.hljs-quote {
-  color: #998;
-  font-style: italic;
-}
-
-.hljs-keyword,
-.hljs-selector-tag,
-.hljs-subst {
-  color: #333;
-  font-weight: bold;
-}
-
-.hljs-number,
-.hljs-literal,
-.hljs-variable,
-.hljs-template-variable,
-.hljs-tag .hljs-attr {
-  color: #008080;
-}
-
-.hljs-string,
-.hljs-doctag {
-  color: #d14;
-}
-
-.hljs-title,
-.hljs-section,
-.hljs-selector-id {
-  color: #900;
-  font-weight: bold;
-}
-
-.hljs-subst {
-  font-weight: normal;
-}
-
-.hljs-type,
-.hljs-class .hljs-title {
-  color: #458;
-  font-weight: bold;
-}
-
-.hljs-tag,
-.hljs-name,
-.hljs-attribute {
-  color: #000080;
-  font-weight: normal;
-}
-
-.hljs-regexp,
-.hljs-link {
-  color: #009926;
-}
-
-.hljs-symbol,
-.hljs-bullet {
-  color: #990073;
-}
-
-.hljs-built_in,
-.hljs-builtin-name {
-  color: #0086b3;
-}
-
-.hljs-meta {
-  color: #999;
-  font-weight: bold;
-}
-
-.hljs-deletion {
-  background: #fdd;
-}
-
-.hljs-addition {
-  background: #dfd;
-}
-
-.hljs-emphasis {
-  font-style: italic;
-}
-
-.hljs-strong {
-  font-weight: bold;
-}
-
-
-  </style>
-    <script async src="http://localhost:35729/livereload.js"></script>
-</head>
-<body>
-    <div class="progress">
-    <div class="progress-bar"></div>
-  </div>
-
-  <div class="slide" id="slide-1">
-    <section class="slide-content"><style>
-
-.footnote {
-    font-size: 16pt;
-    position: absolute;
-    color: gray;
-    bottom: 0px;
-    right: 0px;
-}
-
-.slide-content {
-    position: relative;
-}
-
-.slide-content > ul >li {
-    padding: 7px 0px;
-}
-
-.slide-content > p > img {
-    width: 100%;
-}
-
-</style></section>
-  </div>
-  <div class="slide hidden" id="slide-2">
-    <section class="slide-content"><h1 id="stldoctor-">STLDoctor 💉</h1>
-</section>
-  </div>
-  <div class="slide hidden" id="slide-3">
-    <section class="slide-content"><h3 id="the-plan-">The Plan 💡</h3>
-<!-- Familiar with C and wondered about non-standard
-     buffer-/integer overflow C bugs -->
-<!-- Plaintext file inspection service -->
-<!-- Interesting and realisitic bugs -->
-<!-- Written in C -->
-<!-- Have to combine 'gadgets' for exploit, but
-     as a logic bug, not RCE -->
-<ul>
-<li>Plaintext service</li>
-<li>Interesting C bugs</li>
-<li>Exploit logic bugs, not RCE</li>
-<li>Learn about the STL format</li>
-</ul>
-<p><img style="width: 240px !important; transform: rotate(90deg); height: 240px; position:absolute; top:150px; right:70px;" src="https://upload.wikimedia.org/wikipedia/commons/9/9b/STL_sample_2.png"></p>
-</section>
-  </div>
-  <div class="slide hidden" id="slide-4">
-    <section class="slide-content"><h3 id="setup-">Setup 🔧</h3>
-<ul>
-<li>C binary that communicates via <code>stdin</code> and <code>stdout</code></li>
-<li>Networking abstracted through hosting with <code>socat</code></li>
-<li>File system backend with periodic clean up</li>
-</ul>
-<p><img src="media/socat.gif" alt="socat"></p>
-</section>
-  </div>
-  <div class="slide hidden" id="slide-5">
-    <section class="slide-content"><h3 id="functionality-">Functionality 🎮</h3>
-<!-- file system backend separates user accounts and stl files location for non-guests -->
-<!-- guest account files can be downloaded by knowing their modelname,
-     premium account files can only be downloaded by authenticated users -->
-<ul>
-<li>Users can upload and search for files</li>
-<li>Register to upload private files</li>
-<li>Uploaded files are analyzed and information is returned to the user</li>
-</ul>
-</section>
-  </div>
-  <div class="slide hidden -" id="slide-6">
-    <section class="slide-content"><!-- Sample interaction demonstrating how you would retrieve a file you uploaded -->
-<p><img src="media/search.gif" alt="FileSearch"></p>
-</section>
-  </div>
-  <div class="slide hidden" id="slide-7">
-    <section class="slide-content"><h3 id="1-vuln-">1. Vuln 💉</h3>
-<ul>
-<li>Flags are stored in the solidname of the STL</li>
-<li>Bug in upload info file parsing allows attacker to retrieve any public file</li>
-</ul>
-</section>
-  </div>
-  <div class="slide hidden" id="slide-8">
-    <section class="slide-content"><h3 id="2-vuln-">2. Vuln 💉</h3>
-<ul>
-<li>Flags are stored in the solidname of a private file</li>
-<li>Buffer overflow in hash function allows enumeration of private user hashes</li>
-<li>Generate preimages of weak hash function to login as users</li>
-</ul>
-</section>
-  </div>
-  <div class="slide hidden" id="slide-9">
-    <section class="slide-content"><h3 id="goals-met-">Goals Met 🎉</h3>
-<!-- dont need to be an expert at fancy exploitation to exploit,
-     just basic knowledge of C and testing code snippets to see
-     if they do what you expect them to in different cases -->
-<p>⭐ Plaintext file inspection service <br>
-⭐ Interesting and realisitic bugs <br>
-⭐ Combine different gadgets for exploit <br>
-⭐ Don&#39;t need to be an expert at fancy ROP <br>
-⭐ No SLA lost in TestCTF <br>
-⭐ Written in C</p>
-</section>
-  </div>
-  <div class="slide hidden" id="slide-10">
-    <section class="slide-content"><h3 id="issues-">Issues 📉</h3>
-<!-- Currently, the exploits dont require you to understand the
-    STL file format, however, to make sure that the service
-    is working correctly, you need to inspect the code -->
-<!-- Still considering encoding of flags as STL, but want to
-    avoid -->
-<p>💥 Exploits not directly related to STL format <br>
-💥 (Eno)checker has memory leaks</p>
-</section>
-  </div>
-  <div class="slide hidden" id="slide-11">
-    <section class="slide-content"><h3 id="lesssons-learned">Lesssons Learned</h3>
-<!-- from the feedback I gathered, that not a lot of people write C code
-     often, but this also means it is a great opportunity for learning
-     something new. -->
-<ul>
-<li>Many exploits are not suited for A/D ctfs</li>
-<li>How to write a FSM format parser</li>
-<li>Be careful with casts in C</li>
-<li>People just <em>love</em> C services 🤡</li>
-</ul>
-</section>
-  </div>
-  <div class="slide hidden" id="slide-12">
-    <section class="slide-content"></section>
-  </div>
-  <div class="slide hidden" id="slide-13">
-    <section class="slide-content"></section>
-  </div>
-  <div class="slide hidden" id="slide-14">
-    <section class="slide-content"><h1 id="exploit-1">Exploit 1</h1>
-</section>
-  </div>
-  <div class="slide hidden" id="slide-15">
-    <section class="slide-content"><p><img src="media/exploit-1-1.png" alt="exploit-1-1"></p>
-</section>
-  </div>
-  <div class="slide hidden" id="slide-16">
-    <section class="slide-content"><p><img src="media/exploit-1-2.png" alt="exploit-1-2"></p>
-</section>
-  </div>
-  <div class="slide hidden" id="slide-17">
-    <section class="slide-content"><p><img src="media/exploit-1-3.png" alt="exploit-1-3"></p>
-</section>
-  </div>
-  <div class="slide hidden" id="slide-18">
-    <section class="slide-content"><p><img src="media/exploit-1-4.png" alt="exploit-1-4"></p>
-</section>
-  </div>
-  <div class="slide hidden" id="slide-19">
-    <section class="slide-content"><p><img src="media/exploit-1-5.png" alt="exploit-1-5"></p>
-</section>
-  </div>
-  <div class="slide hidden" id="slide-20">
-    <section class="slide-content"><h1 id="exploit-2">Exploit 2</h1>
-</section>
-  </div>
-  <div class="slide hidden" id="slide-21">
-    <section class="slide-content"><p><img src="media/exploit-2-1.png" alt="exploit-2-1"></p>
-<script>
-    // var slide_headers = document.querySelectorAll(".slide-content > h3");
-    // for (var i = 0; i < slide_headers.length; i++) {
-    //     var img = document.createElement('img')
-    //     img.src = "logo.png";
-    //     img.style = "height: 2.4ex; padding-right: 10px; float:right";
-    //     slide_headers[i].append(img);
-    // }
-</script></section>
-  </div>
-
-
-
-  <script type="text/javascript">
-    /**
- * Returns the current page number of the presentation.
- */
-function currentPosition() {
-  return parseInt(document.querySelector('.slide:not(.hidden)').id.slice(6));
-}
-
-
-/**
- * Navigates forward n pages
- * If n is negative, we will navigate in reverse
- */
-function navigate(n) {
-  var position = currentPosition();
-  var numSlides = document.getElementsByClassName('slide').length;
-
-  /* Positions are 1-indexed, so we need to add and subtract 1 */
-  var nextPosition = (position - 1 + n) % numSlides + 1;
-
-  /* Normalize nextPosition in-case of a negative modulo result */
-  nextPosition = (nextPosition - 1 + numSlides) % numSlides + 1;
-
-  document.getElementById('slide-' + position).classList.add('hidden');
-  document.getElementById('slide-' + nextPosition).classList.remove('hidden');
-
-  updateProgress();
-  updateURL();
-  updateTabIndex();
-}
-
-
-/**
- * Updates the current URL to include a hashtag of the current page number.
- */
-function updateURL() {
-  try {
-    window.history.replaceState({} , null, '#' + currentPosition());
-  } catch (e) {
-    window.location.hash = currentPosition();
-  }
-}
-
-
-/**
- * Sets the progress indicator.
- */
-function updateProgress() {
-  var progressBar = document.querySelector('.progress-bar');
-
-  if (progressBar !== null) {
-    var numSlides = document.getElementsByClassName('slide').length;
-    var position = currentPosition() - 1;
-    var percent = (numSlides === 1) ? 100 : 100 * position / (numSlides - 1);
-    progressBar.style.width = percent.toString() + '%';
-  }
-}
-
-
-/**
- * Removes tabindex property from all links on the current slide, sets
- * tabindex = -1 for all links on other slides. Prevents slides from appearing
- * out of control.
- */
-function updateTabIndex() {
-  var allLinks = document.querySelectorAll('.slide a');
-  var position = currentPosition();
-  var currentPageLinks = document.getElementById('slide-' + position).querySelectorAll('a');
-  var i;
-
-  for (i = 0; i < allLinks.length; i++) {
-    allLinks[i].setAttribute('tabindex', -1);
-  }
-
-  for (i = 0; i < currentPageLinks.length; i++) {
-    currentPageLinks[i].removeAttribute('tabindex');
-  }
-}
-
-/**
- * Determines whether or not we are currently in full screen mode
- */
-function isFullScreen() {
-  return document.fullscreenElement ||
-         document.mozFullScreenElement ||
-         document.webkitFullscreenElement ||
-         document.msFullscreenElement;
-}
-
-/**
- * Toggle fullScreen mode on document element.
- * Works on chrome (>= 15), firefox (>= 9), ie (>= 11), opera(>= 12.1), safari (>= 5).
- */
-function toggleFullScreen() {
-  /* Convenient renames */
-  var docElem = document.documentElement;
-  var doc = document;
-
-  docElem.requestFullscreen =
-      docElem.requestFullscreen ||
-      docElem.msRequestFullscreen ||
-      docElem.mozRequestFullScreen ||
-      docElem.webkitRequestFullscreen.bind(docElem, Element.ALLOW_KEYBOARD_INPUT);
-
-  doc.exitFullscreen =
-      doc.exitFullscreen ||
-      doc.msExitFullscreen ||
-      doc.mozCancelFullScreen ||
-      doc.webkitExitFullscreen;
-
-  isFullScreen() ? doc.exitFullscreen() : docElem.requestFullscreen();
-}
-
-document.addEventListener('DOMContentLoaded', function () {
-  // Update the tabindex to prevent weird slide transitioning
-  updateTabIndex();
-
-  // If the location hash specifies a page number, go to it.
-  var page = window.location.hash.slice(1);
-  if (page) {
-    navigate(parseInt(page) - 1);
-  }
-
-  document.onkeydown = function (e) {
-    var kc = e.keyCode;
-
-    // left, down, H, J, backspace, PgUp - BACK
-    // up, right, K, L, space, PgDn - FORWARD
-    // enter - FULLSCREEN
-    if (kc === 37 || kc === 40 || kc === 8 || kc === 72 || kc === 74 || kc === 33) {
-      navigate(-1);
-    } else if (kc === 38 || kc === 39 || kc === 32 || kc === 75 || kc === 76 || kc === 34) {
-      navigate(1);
-    } else if (kc === 13) {
-      toggleFullScreen();
-    }
-  };
-
-  if (document.querySelector('.next') && document.querySelector('.prev')) {
-    document.querySelector('.next').onclick = function (e) {
-      e.preventDefault();
-      navigate(1);
-    };
-
-    document.querySelector('.prev').onclick = function (e) {
-      e.preventDefault();
-      navigate(-1);
-    };
-  }
-});
-
-
-  </script>
-</body>
-</html>
author	Louis Burda <quent.burda@gmail.com>	2021-07-21 19:37:15 +0200
committer	Louis Burda <quent.burda@gmail.com>	2021-07-21 19:37:15 +0200
commit	6a321759f6f75e7e14a29fde7cd0fa359d14215e (patch)
tree	d3d4e8d1a8a93892ff8dcb9b83d1b0faedfa9bdf /documentation/slides/index.html
parent	6a5e16ed307a1159d836aa2085f92ecb7532b0a4 (diff)
download	enowars5-service-stldoctor-6a321759f6f75e7e14a29fde7cd0fa359d14215e.tar.gz enowars5-service-stldoctor-6a321759f6f75e7e14a29fde7cd0fa359d14215e.zip