Question: 2. Exploiting Buffer Overflow (50 points) The attached C code (sort.c) contains a stack buffer overflow vulnerability. Please write an exploit (by modifying data.txt) to

2. Exploiting Buffer Overflow (50 points) The attached C code (sort.c) contains a stack buffer overflow vulnerability. Please write an exploit (by modifying data.txt) to open a shell on Linux. The high level idea is to overwrite the return address with the address of function system(), and pass the parameter /bin/sh to this function. Once the return instruction is executed, this function will be called to open a shell.

3) Compile the provided C code (which you will be exploiting): gcc sort.c -o sort -fno-stack- 4) To run this program, put some hexadecimal integers in the file: data.tct, and execute sort by: 5) When you put a very long list of integers in data.at, you will notice sort crashes with memory protector. (DO NOT use other options) /sort data tct segfault, this is because the return address has been overwritten by your data. If you first answer step 1, part 1 above, you should understand the goal of this exploit and why a seg fault occors. Pay aikxnon to inc .non broaUy, a locakxl boi ix and what it does to tue stack. S ROCONe (and you can see this in GDB) Now you can craft your shellcode in data.axt. Again, your goal is to overwrite the return address with the address of function 'system0 and pass it with the address of string "bin/sh". Do not use environment variables to store these addresses and then access those environment variables Use the library addresses of "system0" and "bin/sh" explicitly. GDB (if you're using GDB for the first time, we recommend checking out Gdblnit) can be used to find these library addresses and test/debug your exploit. However, it should be noted that your final exploit (i.e., the final 6 version of your data.tat) should work outside of GDB. Just running "/sort data.tf should spawn a shell for you. This needs to be a clean shell, with NO segfaults. 7) You can verify the exploit has occurred because you will get a new, clean command prompt. But, how do we know it is not the same bash shell that invoked the sort program? To verify you have successfully caused a buffer overflow, issuing echo SS will give the process ID of the current process. Issuing: echo SS (shows PID of current bash shell), then run /sort data.txt, (then after sort completes to a clean shell) issue echo S$ to show the PID of the current exploited shell. (noted echo $0 instead of or in addition to echo SS will return the name of the current shel) 8) Provide a screenshot of you exploiting sort

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Stack buffer overflow (25 points) a. (15 points) Memory Architecture. Describe the stack in the address space of the VM, in generalities. Specifically, address where in memory the stack would be...

1) Stack buffer overflow (25 points) a. (15 points) Memory Architecture. Describe the stack in the address space of the VM, in generalities. Specifically, address where in memory the stack would be...

Exercise: Buffer Overflow (85 points) The Buffer Overflow vulnerability has been discovered as early as 1972, and has long been among the most critical application security flaws. It is still very...

a. Memory Architecture. Describe the stack in the address space of the VM, in generalities. Specifically, address where in memory the stack would be located, what the stack structure looks like when...

computer security course, please I need help it due 3 hours. 1 Lab Overview The learning objective of this lab is for students to gain the first-hand experience on buffer-overflow vulner- ability by...

please answer 4,5&6 as they are interconnected to task 1&2 . the first page is instructions and then task 2 . at the end i have uploaded task 1 . dont know the answer? task 4,5&6 based on 1&2 SEED...

Goal: Understand the concept of Buffer Overflows, potential security impacts and ways to help prevent them Task: In teams of 2 students, complete as much of the lab as time allows. Both individuals...

There are two problems due this week (each worth 35 points) as follows. Case 5-1David L. Miller: Portrait of a White-Collar Criminal (page 144). In comprehensive paragraphs, answerrequirements 1?6....

Please write in CPP language. 1. Overview The first project is going to be a MIPS simulator. In general, you will be building a program that simulates the execution of an assembly language file. The...

If, in a sample of n = 16 selected from a normal population, = 56 and 5 = 12, what is the value of tSTAT if you are testing the null hypothesis H0 : p. = 50?

The following information applies to Babydoll Companys defined benefit pension plan at December 31, year 8: Projected benefit obligation, December 31, year 7. $ 2,000,000 Projected benefit...

1 Sasha owns a business which produces office furniture. She employs 100 workers in the Operations department and 15 workers in the offices. Sasha believes in a democratic leadership style. Sasha...

Given a tax rate of 13% for income up to $50,000, a tax rate of 25% for income between $50,001 and $75,000, and a tax rate of 34% for income between $75,001 and $100,000, and a tax rate of 39% for...

Interview a representative of a local newspaper or area radio or television station to learn how the organization uses news releases. If possible, obtain copies of one or two news releases received...

Teamwork. As your instructor directs,work independently or as a member of a team to prepare all or selected parts of a business plan designed to obtain the funding necessary to start one of the...

How can a performance appraisal help a worker? the workers organization? (Objective 7)