Please consider donating: https://www.corelan.be/index.php/donate/


3,037 views

ROP your way into B-Sides Las Vegas 2011

 

Ahh.. Vegas.. What happens in Vegas, stays in Vegas right ?

With a variety of cons ahead (BlackHat, Defcon, B-Sides, …) there is plenty of things that can and will happen at Vegas.  Will you be there to witness & enjoy it ?

I won’t be able to make it to Vegas myself this year (timing & budget constraints), but some of the Corelan Team members will be at BlackHat/Defcon. Don’t forget to buy them a beer if you see them (and send me pictures).

Getting to Vegas is just one part of the story.

Getting access to one of the cons is the second part, but in case of B-Sides, there aren’t any tickets left  :(

So, in case you were not able to get one of the free tickets to B-Sides LV, there’s good news !

Our friend @balding_parrot has been so kind to provide us with 2 tickets !!bsides

 

This means that we can give away 2 tickets for B-Sides LV (August 3 & 4, 2011)… but it wouldn’t be fair to just give them away for free…

These tickets certainly deserve a little ‘battle’ !

Last week, we have released a ROPdb page, containing 2 ROP chains.  This is just a start and we believe & are convinced there are a lot more chains waiting to be discovered… by you.

So if you want to contribute to the security community and get the chance to one of the tickets, this would be a good time.

 

The game

Out of the first 5 people (you must be at least 18 years old – due to the BSidesLV location) to send in a rop chain that meets the requirements listed below, we will carefully select the top 2 chains, and those 2 people will get a ticket to B-Sides LV 2011.

This game starts.. umm.. It just did :)

Game ends at the end of July 22nd 2011 (GMT+2)

Submissions after that date will, of course, still be accepted but not as part of the game.

Either way, your chain (if it gets approved) will get listed in the ropdb, crediting you as the author.

 

Rules & requirements

In order for a chain to be valid, it must comply with the following rules :

  • The chain must be based on a single module, taken from a major application/browser/OS version (Windows).
  • If the module is aslr enabled/going to rebase, you have to include a technique on how to make it work (memleak pointer, etc)
  • If the dll is not loaded by default, you have to include code on how to load it.
  • The chain must work on XP, Vista, Windows 7, Windows 2003, Windows 2008 server (one or more OS versions) regardless of SP/patch version of the OS.
  • The chain must be null byte free unless the application typically allows null bytes in input sent to the application
  • The chain must work without any particular setup in terms of register contents or other assumptions.
  • You must be the original author of the chain.

By submitting your chain, you agree that we can make your rop chain public & that you allow other people to use it in their exploits.

When we have received 5 chains, we will select the 2 “best” chains based on

  • number of operating systems the chain will work on (transportability/reliability)
  • whether the application is part of the OS or not
  • how widespread the application is
  • if the chain contains null bytes or not
  • technique to load modules or find base address of ASLR/rebase modules
  • size of the chain
  • style/quality
  • etc

Note : In order to receive the ticket, winners will need to provide proof of identity (real name, email address).

Max. of one ticket per contestant.

How to take part ?

Simple – write your rop chain and submit it to game [at] corelan.be

In the meantime, freel free to join us on IRC (freenode, channel #corelan), try to confuse/mislead/misguide (other) contestants or just watch how they suffer and bleed while puttiing their rop chains together… :-)

 

Game is on, good luck !


What our lawyers make us say : Corelan reserves the right to cancel the game at any time, without providing any form of compensation or reason.



© 2011, Peter Van Eeckhoutte (corelanc0d3r). All rights reserved.

One Response to ROP your way into B-Sides Las Vegas 2011

Corelan Training

We have been teaching our win32 exploit dev classes at various security cons and private companies & organizations since 2011

Check out our schedules page here and sign up for one of our classes now!

Donate

Want to support the Corelan Team community ? Click here to go to our donations page.

Want to donate BTC to Corelan Team?



Your donation will help funding server hosting.

Corelan Team Merchandise

You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Protected by Copyscape Web Plagiarism Tool

Corelan on Slack

You can chat with us and our friends on our Slack workspace:

  • Go to our facebook page
  • Browse through the posts and find the invite to Slack
  • Use the invite to access our Slack workspace
  • Categories