Question: 2.5 Task 3: Exploiting the buffer-overflow vulnerability We are ready to create the content of badfile. Since the content involves some binary data (e.g., the

2.5 Task 3: Exploiting the buffer-overflow vulnerability We are ready to

create the content of badfile. Since the content involves some binary data

(e.g., the address of the libc functions), we can use C or

2.5 Task 3: Exploiting the buffer-overflow vulnerability We are ready to create the content of badfile. Since the content involves some binary data (e.g., the address of the libc functions), we can use C or Python to do the construction. Using Python. We provide you with a skeleton of the code, with the essential parts left for you to fill out. #!/usr/bin/python3 import sys # Fill content with non-zero values content = bytearray (Oxaa for i in range (300)) SEED Labs - Return-to-libc Attack Lab sh_addr = 0x00000000 # The address of "/bin/sh" content [X:X+4] = (sh_addr).to_bytes (4, byteorder='little') system_addr = 0x00000000 # The address of system) content [Y:Y+4] = (system_addr).to_bytes (4, byteorder='little') exit_addr = 0x00000000 # The address of exit() content [2:2+4] = (exit_addr).to_bytes (4, byteorder='little') # Save content to a file with open ("badfile", "wb") as f: f.write (content) You need to figure out the three addresses and the values of X, Y, and Z. If your values are incorrect, your attack might not work. In your report, you need to describe how you decide the values for X, Y and Z. Either show us your reasoning or, if you use a trial-and-error approach, show your trials. Using C. We provide you with a skeleton of the code, with the essential parts left for you to fill out. /* exploit.c */ #include #include #include int main(int argc, char **argv) char buf[40]; FILE *badfile; badfile = fopen("./badfile", "W"); /* You need to decide the addresses and the values for X, Y, 2. The order of the following three statements does not imply the order of X, Y, 2. Actually, we intentionally scrambled the order. * (long *) &buf[X] = some address; // "/bin/sh" * (long *) &buf[Y] = some address; // system) * (long *) &buf[2] = some address; // exit() fwrite(buf, sizeof(buf), l, badfile); fclose (badfile); You need to figure out the addresses in lines marked by *, as well as to find out where to store those addresses (i.e., the values for X, Y, and z). If your values are incorrect, your attack might not work. In your report, you need to describe how you decide the values for X, Y and Z. Either show us your reasoning or, if you use a trial-and-error approach, show your trials. After you finish the above program, compile and run it; this will generate the contents for badfile. Run the vulnerable program retlib. If your exploit is implemented correctly, when the function bof() returns, it will return to the system () function, and execute system("/bin/sh"). If the vulnerable program is running with the root privilege, you can get the root shell at this point. SEED Labs - Return-to-libc Attack Lab $ gcc -o exploit exploit.c $./exploit // create the badfile $./retlib // launch the attack by running the vulnerable program # #include #include int main(int argc, char **argv) char buf[40]; FILE *badfile; badfile = fopen("./badfile", "W"); /* You need to decide the addresses and the values for X, Y, 2. The order of the following three statements does not imply the order of X, Y, 2. Actually, we intentionally scrambled the order. * (long *) &buf[X] = some address; // "/bin/sh" * (long *) &buf[Y] = some address; // system) * (long *) &buf[2] = some address; // exit() fwrite(buf, sizeof(buf), l, badfile); fclose (badfile); You need to figure out the addresses in lines marked by *, as well as to find out where to store those addresses (i.e., the values for X, Y, and z). If your values are incorrect, your attack might not work. In your report, you need to describe how you decide the values for X, Y and Z. Either show us your reasoning or, if you use a trial-and-error approach, show your trials. After you finish the above program, compile and run it; this will generate the contents for badfile. Run the vulnerable program retlib. If your exploit is implemented correctly, when the function bof() returns, it will return to the system () function, and execute system("/bin/sh"). If the vulnerable program is running with the root privilege, you can get the root shell at this point. SEED Labs - Return-to-libc Attack Lab $ gcc -o exploit exploit.c $./exploit // create the badfile $./retlib // launch the attack by running the vulnerable program #

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

computer security course, please I need help it due 3 hours. 1 Lab Overview The learning objective of this lab is for students to gain the first-hand experience on buffer-overflow vulner- ability by...

Q:

please answer 4,5&6 as they are interconnected to task 1&2 . the first page is instructions and then task 2 . at the end i have uploaded task 1 . dont know the answer? task 4,5&6 based on 1&2 SEED...

Q:

"PLEASE DO TASK 3 AND READ EVERYTHING CAREFULLY" in C++ "DO STEP BY STEP. THANK YOU" 5. Task 3: Launching Attack on 32-bit Program (Level 1)\} Investigation To exploit the buffer-overflow...

Q:

Public Health Preparedness Capabilities: National Standards for State and Local Planning March 2011 Centers for Disease Control and Prevention Table of Contents Public Health Preparedness...

Q:

CHA P TER 9 Understanding Software: A Primer for Managers 1. INTRODUCTION L E A R N I N G O B J E C T I V E S 1. Recognize the importance of software and its implications for the rm and strategic...

Q:

Supply Chain Management Introduction Outline What is supply chain management? Significance of supply chain management. Push vs. Pull processes utdallas.edu/~metin 1 A Generic Supply Chain Sources:...

Q:

Case Assessment Read case abstract: Blackboard Weekly Sessions/Case Assessment folder Format & Structure: Conduct a 5-7-page case analysis. Times New Roman or Cambria font is required, and it is a...

Q:

Task 1: Distance Map Requires: knowing how to design and implement a class In file distance_map.py, use the Class Design Recipe to define a class called DistanceMap that lets client code store and...

Q:

ELE VATE t h e three disciplines o f advanced strate g i c th i nk ing R I C H H O R WAT H NEW YORK Times Be s ts ellin g A u thor O n s trateg y Contents Introduction 1 Elevate\t1 Importance of...

Q:

On the profitability side, you should specifically address the following points: a) Is the cost structure of the two companies similar or different? Does the cost structure reflect their respective...

Q:

You are a consultant for a company whose service has been highly successful in the business market. You have recently been contracted to provide an analysis and interpretation of a corporation's...

Q:

State which of the following topologies are not solvable: (i) 5 nodes, 10 branches, 5 independent voltage sources; (ii) 7 nodes, 12 branches, 7 indepen- dent current sources; (iii) 4 nodes, 7...

Q:

5. Consider the following cost data for a perfectly competitive firm in the short run: Output (Q) Total Fixed Cost (TFC) Total Variable Cost (TVC) Total Cost (TC) Total Revenue (TR) Profit 1 $100...

Q:

Compared with half a century ago, adoption has become _ _ _ _ _ _ _ _ _ common, but it is more open and acceptabl e , so we probably discuss it _ _ _ _ _ _ _ . fill in the blanks more or much less or...

Q:

___ 29. I will feel successful in my career only if I have succeeded in creating or building something that is entirely my own?

Q:

4. When verbally attacked, I allow for the probability that the attack is prompted by pain or fear.

Q:

3. When verbally attacked, I allow for the likelihood that the attackers might never have learned how to respond when their needs arent met.