<discocaml>
<dubious245> I mean its a discord for a programming language and discord supports coding blocks.
<discocaml>
<dubious245> Its bound to happen with everyone
<discocaml>
<dubious245> Not saying it should, just thats it going to be peoples first and second instinct.
<discocaml>
<Kali> i think it wouldn't happen so much if it got put at the front of the channel description instead of the end
wickedshell has joined #ocaml
<discocaml>
<Kali> currently it's not even visible unless you open up the channel description which many don't even do
<discocaml>
<dubious245> Huh, I have never checked.
<discocaml>
<Kali> case in point
<discocaml>
<._null._> Can you not see the whole channel description ? On my computer (where I guess most people write code), I have no issue seeing it in its entirety. On a phone I have to open it to read it, so I don't see where you can have it cut off
<discocaml>
<Kali> you must be very zoomed out or have a high resolution screen in order to be able to see the whole thing
<discocaml>
<dubious245> I am on mobilw right now, but Honestly I just dont check the channel description. I just look at the names when I first join.
<discocaml>
<dubious245>
<discocaml>
<dubious245> If you were really commited to expressing that rule you could have a welcome channel thay new people were locked in until they read the rules.
<discocaml>
<dubious245> I am on mobile right now, but Honestly I just dont check the channel description. I just look at the names when I first join.
<discocaml>
<dubious245>
<discocaml>
<dubious245> If you were really commited to expressing that rule you could have a welcome channel thay new people were locked in until they read the rules.
<discocaml>
<dubious245> Like... exception handling. For people.
<discocaml>
<contificate> IRC users to need get with the times, they're missing out on all levels of Discord nonsense (cat ears on avatars and animated reactions)
theze_ is now known as Humean
<qu1j0t3>
eh.
<qu1j0t3>
not to open up a can of worms but there are plenty of reasons why people don't want to keep discord open just for some emojis
<qu1j0t3>
otoh, i don't mind even edits and code blocks. i can cope.
<discocaml>
<yawaramin> i suspect most people don't really mind
<dh`>
the major problem is that anything large interferes with irc flood/spam protection
<dh`>
and will cause the bot to either lag out or possibly get punted off
<dh`>
anyway, unrelatedly: does anyone know whether there's any particular downside to enabling the dune cache in the github ocaml-setup action?
<dh`>
I can't find any documentation about it
<dh`>
but it also seems that there must be some reason it's off by default
<dh`>
also there isn't any obvious way to flush said cache if it gets corrupted, and corrupted caches seem to be a routine result on GH
<discocaml>
<yawaramin> the cache keeps growing in size. there is a command to garbage collect it but needs to be run manually
<discocaml>
<yawaramin> eg `dune cache trim --size=1GiB`
<dh`>
there's more or less no way to do that directly in the GH Actions context
<dh`>
except I guess by running such a trim on every go
<dh`>
ah, there is a cache-prefix setting to adjust the cache key
troydm has quit [Quit: What is Hope? That all of your wishes and all of your dreams come true? To turn back time because things were not supposed to happen like that (C) Rau Le Creuset]
troydm has joined #ocaml
trillion_exabyte has quit [Ping timeout: 252 seconds]
trillion_exabyte has joined #ocaml
euphores has joined #ocaml
Haudegen has quit [Quit: Bin weg.]
Haudegen has joined #ocaml
wbooze has quit [Quit: Leaving]
pi3ce has quit [Ping timeout: 260 seconds]
pi3ce has joined #ocaml
euphores has quit [Quit: Leaving.]
Humean has joined #ocaml
euphores has joined #ocaml
Serpent7776 has quit [Ping timeout: 244 seconds]
bartholin has joined #ocaml
wbooze has joined #ocaml
Tuplanolla has joined #ocaml
Serpent7776 has joined #ocaml
<discocaml>
<mbacarella> do you have access to the binary that produced the marshalled data? the source code?
<discocaml>
<mbacarella> I don't using marshalling too much but pretty sure to consume values you need
<discocaml>
<mbacarella> * to build your consumer with the exact ocaml version the producer was built with
<discocaml>
<mbacarella> * know and specify the exact type of the marshalled object
<discocaml>
<mbacarella> in your case I might try just doing something like `let obj = Marshall.from-channel chan : string in` in case it's a marshalled string
<discocaml>
<mbacarella> though you say `Digest` above somewhere so maybe it's something from the `cryptokit` library
<discocaml>
<trilon> I do not have the source code
<discocaml>
<trilon> but I have the binary
<discocaml>
<trilon> and that is what im debugging
<discocaml>
<mbacarella> if you `strings` the binary you might learn the ocaml version by looking for `/home/$user/.opam/$version` or something or `/Users/$user/.opam/$version`
<discocaml>
<mbacarella> oh, there's a digest in the Stdlib. maybe you can just do this
<discocaml>
<mbacarella>
<discocaml>
<mbacarella> replace:
<discocaml>
<mbacarella> let obj = Marshal.from_channel chan in
<discocaml>
<mbacarella> with:
<discocaml>
<mbacarella> let obj = (Marshal.from_channel chan : Digest.t) in
<discocaml>
<trilon> wanna hop on a vc? I am not exactly familiar with the language, I am just doing this ctf challenge
<discocaml>
<trilon> Just to share my screen, if you cant talk we can mute
<discocaml>
<mbacarella> I'm afk actually
<discocaml>
<trilon> alright
<discocaml>
<mbacarella> happy to help if you're still struggling in a few hours
<discocaml>
<contificate> is the CTF challenge public
<discocaml>
<trilon> my Uni's
<discocaml>
<trilon> it's not public its for my class
<discocaml>
<trilon> you need a university account to join
<discocaml>
<contificate> I would have expected it to go wrong sooner in the code
<discocaml>
<contificate> it has to have made progress to get here
<discocaml>
<contificate> I'm not overly familiar with the marshalling format, but I'm surprised it doesn't actually prepend it with some header specifying some level of compatibility information (or does it?)
<discocaml>
<trilon> wait
<discocaml>
<trilon> I was checking out the hex code
<discocaml>
<trilon> it has some information
<discocaml>
<trilon> regarding what objects it has on it, how much bytes is the data, and a magic number
<discocaml>
<contificate> but there's no header to specify anything more version-wise, right
<discocaml>
<contificate> it's just slop in, slop out
<discocaml>
<trilon> no I don't think so I cant find the exact version
<discocaml>
<trilon> I have an idea regarding on how to exploit it though
<discocaml>
<trilon> the payload is a number always
<discocaml>
<trilon> it cant be a string
<discocaml>
<trilon> so I guess it is related to that
<discocaml>
<trilon> so the version is < 4.06.0
<discocaml>
<trilon> so the version is <= 4.06.0
<discocaml>
<contificate> but I mean.. do you need to feed something to the program that produced it?
<discocaml>
<contificate> I was expecting you had only to get the flag out of the marshalled payload in some fromat
<discocaml>
<contificate> I was expecting you had only to get the flag out of the marshalled payload in some format
<discocaml>
<trilon> AAhhh no no no
<discocaml>
<trilon> that's not the concept
<discocaml>
<contificate> alright, you probably won't get much help here w.r.t exercising OCaml CVE PoCs
<discocaml>
<trilon> Well
<discocaml>
<trilon> true
<discocaml>
<trilon> Do you want me to explain what I have found
<discocaml>
<trilon> and in general
<discocaml>
<trilon> what the program does from my reverse engineering
<discocaml>
<contificate> what is the concept, how do you get the flag
<discocaml>
<trilon> well thats unknown
<discocaml>
<trilon> but
<discocaml>
<trilon> Type Safe 2 (0 solves)
<discocaml>
<trilon> 250 POINTS
<discocaml>
<trilon> We are fed up with memory corruption vulnerabilities. All our software from now on will be written in functional type-safe languages like OCaml. In fact, our latest service type_safe_2 is built on top of that and allows for safe computations on the cloud. Our production server is running at xxxxxxxxxxxxxxx:yyyyy and it's completely safe. Feel free to use it.
<discocaml>
<trilon>
<discocaml>
<trilon> HINTS
<discocaml>
<trilon> Feel free to use the program to generate valid inputs (there's a secret option, but requires a token).
<discocaml>
<trilon> No more hints, you're on your own.
<discocaml>
<trilon> I have found the secret option using IDA
<discocaml>
<trilon> so you can generate a valid marshal
<discocaml>
<trilon> that you can after give to the program by doing:
<discocaml>
<trilon> `./type_safe_2 -i XXyyZZ`
<discocaml>
<trilon> XXyyZZ is the secret token (seriously im not hiding it)
<discocaml>
<contificate> alright so you get out a marshalled payload, then what
<discocaml>
<trilon> and then you can give it some data and do CTRL+D (EOF)
<discocaml>
<trilon> then you can give it to the program, and it gives you an md5 of the number
<discocaml>
<trilon> [TypeSafe 2] Welcome! Please enter a name for your computation: Please send your serialized computation (raw only): test : 123456789 [hash: e57a71a071cb60c7ef0f8d1aca5a5732]trilon@AK-47:~/hackintro25$ ```
<discocaml>
<trilon> [TypeSafe 2] Welcome! Please enter a name for your computation: Please send your serialized computation (raw only): test : 123456789 [hash: e57a71a071cb60c7ef0f8d1aca5a5732]
<discocaml>
<trilon> [TypeSafe 2] Welcome! Please enter a name for your computation: test
<discocaml>
<trilon> Please send your serialized computation (raw only): oijdfogjsdogjsdorgjs
<discocaml>
<trilon> Fatal error: exception Failure("input_value: bad object")
<discocaml>
<trilon> ^C
<discocaml>
<trilon> trilon@AK-47:~/hackintro25$
<discocaml>
<trilon> ```
<discocaml>
<contificate> alright so you think you have to craft a payload to try and exploit this and then chain some ROP gadgets together to get a shell or something
<discocaml>
<contificate> is that the gist of this
<discocaml>
<trilon> I don't know I am just guessing, I am as clueless as you are
<discocaml>
<trilon> I gave you what hints it gives xD
<discocaml>
<trilon> The category is `binary exploitation`
<discocaml>
<trilon> that's all
<discocaml>
<contificate> > Please send your serialized computation
<discocaml>
<contificate> this is interesting, "computation" is important here, I expect
<discocaml>
<contificate> is this some kind of interpreter maybe
<discocaml>
<trilon> look the payload 100% contains 2 modules which I have no idea which they are or anything
<discocaml>
<mbacarella> what's considered a computation though? can you just say `true` instead of `123456789`
<discocaml>
<trilon> I havent tried true but I can give it a go
<discocaml>
<mbacarella> I was making a not extremely extremely hard version of this. I would just have it be executing arbitrary code that's been marshalled
<discocaml>
<trilon> [TypeSafe 2] Welcome! Please enter a name for your computation: Please send your serialized computation (raw only): Fatal error: exception Failure("invalid digit")
<discocaml>
<mbacarella> I was making a not extremely extremely hard version of this. I would just have it be evaling arbitrary code that's been marshalled
<discocaml>
<trilon> I am really guessing it is that CVE
<discocaml>
<mbacarella> what about `2+2`?
<discocaml>
<contificate> it's unclear to me where you go from there though
<discocaml>
<trilon> [TypeSafe 2] Welcome! Please enter a name for your computation: Please send your serialized computation (raw only): Fatal error: exception Failure("invalid digit")
<discocaml>
<trilon> exploitation of the stack if you can buffer overflow
<discocaml>
<contificate> the stack is non-executable and has canaries
<discocaml>
<trilon> if the canary is not kernel made and is user made, you can jump to the fini_array
<discocaml>
<trilon> checksec doesn't know if it is user or kernel
<discocaml>
<trilon> I suppose it is user made
<discocaml>
<trilon> But now that I think about it, yes you are correct
<discocaml>
<trilon> But still, I don't know what canaries does OCaml put
<discocaml>
<contificate> this seems like a nightmare, I wish you the best of luck with it
<discocaml>
<trilon> hahaha thanks
<discocaml>
<trilon> It is the hardest challenge, our professor doesn't expect anyone to solve it, he just put it there
<discocaml>
<trilon> Unknown to me why but
<discocaml>
<trilon> it seems interesting ¯\_(ツ)_/¯
<discocaml>
<trilon> I have solved all the other ones
<discocaml>
<trilon> If you want I can give you the executable
<discocaml>
<contificate> are the other ones of this magnitude
<discocaml>
<trilon> There are simpler ones
<discocaml>
<contificate> like are you actually doing remote ROP chaining stuff
<discocaml>
<contificate> for the other tasks
<discocaml>
<contificate> a really cute task would've just been to make some kind of evaluator and then make students craft an encoded AST or whatever
<discocaml>
<trilon> this is the hardest one, there are a variety of other ones
<discocaml>
<trilon> There are crafting shells, rops, stack, bruteforce
<discocaml>
<contificate> I think you'd be better off with a community centered around this kind of stuff, I don't think it's the background of most people here
<discocaml>
<contificate> despite the fact it's an OCaml challenge
<discocaml>
<contificate> the OCaml is probably peripheral to the main thing
<discocaml>
<contificate> like.. before I read the context, I was going to say "never use this marshal slop"
<discocaml>
<contificate> but then I read the message history and I'm like "yeah man this is why"
<discocaml>
<mbacarella> this just seems like an exercise in looking at the implementation of `Marshal.from_channel` which is almost certainly implemented in C and writing a buffer overflow for it
<discocaml>
<mbacarella> assuming there isn't an easier contrivance like finding that it's actually just passing your payload to something that calls an interpreter eval
<discocaml>
<mbacarella> writing a buffer overflow will be very frustrated if you don't know the version of OCaml that program was compiled for
<discocaml>
<mbacarella> writing a buffer overflow will be possibly frustrated if you don't know the version of OCaml that program was compiled for
<discocaml>
<contificate> yeah, the simpler challenge would be to craft something and nothing more
<discocaml>
<contificate> having to craft something malicious to then do a bunch of other stuff
<discocaml>
<contificate> is very speculatory to me
ddakx has joined #ocaml
Serpent7776 has quit [Ping timeout: 272 seconds]
bartholin has quit [Quit: Leaving]
chiselfuse has quit [Ping timeout: 264 seconds]
chiselfuse has joined #ocaml
myrkraverk has joined #ocaml
myrkraverk_ has quit [Ping timeout: 244 seconds]
<discocaml>
<trilon> I solved it
<discocaml>
<trilon> anyone interested send a DM ill explain
<discocaml>
<contificate> do tell
polykernel has quit [Ping timeout: 252 seconds]
Haudegen has quit [Quit: Bin weg.]
polykernel has joined #ocaml
ddakx has quit [Quit: leaving]
bibi_ has quit [Quit: Konversation terminated!]
lthms6 has joined #ocaml
lthms has quit [Read error: Connection reset by peer]