Question: 6 Task 4: Launching Attack without Knowing Buffer Size (Level 2) In the Level-1 attack, using gdb, we get to know the size of the

6 Task 4: Launching Attack without Knowing Buffer Size (Level 2) In the Level-1 attack, using gdb, we get to know the size of the buffer. In the real world, this piece of information may be hard to get. For example, if the target is a server program running on a remote machine, we will not be able to get a copy of the binary or source code. In this task, we are going to add a constraint: you can still use gdb, but you are not allowed to derive the buffer size from your investigation. Actually, the buffer size is provided in Makefile, but you are not allowed to use that information in your attack. Your task is to get the vulnerable program to run your shellcode under this constraint. We assume that you do know the range of the buffer size, which is from 100 to 200 bytes. Another fact that may be useful to you is that, due to the memory alignment, the value stored in the frame pointer is always multiple of four (for 32-bit programs). Please be noted, you are only allowed to construct one payload that works for any buffer size within this range. You will not get all the credits if you use the brute-force method, i.e., trying one buffer size each time. The more you try, the easier it will be detected and defeated by the victim. Thats why minimizing the number of trials is important for attacks. In your lab report, you need to describe your method, and provide evidences.

We use a skeleton exploit.py code

#!/usr/bin/python3 import sys # Replace the content with the actual shellcode shellcode= ( "\x90\x90\x90\x90" "\x90\x90\x90\x90" ).encode('latin-1') # Fill the content with NOP's content = bytearray(0x90 for i in range(517)) ################################################################## # Put the shellcode somewhere in the payload content[517-len(shellcode):] = shellcode # Decide the return address value ret = 0x00 # Change this number # Spray the buffer with the return address for offset in range(): # Change this number content[offset*4:offset*4 + 4] = (ret).to_bytes(4,byteorder='little') ################################################################## # Write the content to a file with open('badfile', 'wb') as f: f.write(content)

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

computer security course, please I need help it due 3 hours. 1 Lab Overview The learning objective of this lab is for students to gain the first-hand experience on buffer-overflow vulner- ability by...

Q:

Providing Quality School-Based Learning and Support Services 239 Chapter 6 Language and literacy support Your core task The core task of almost all TAs is to support students language and literacy...

Q:

please answer 4,5&6 as they are interconnected to task 1&2 . the first page is instructions and then task 2 . at the end i have uploaded task 1 . dont know the answer? task 4,5&6 based on 1&2 SEED...

Q:

There are two problems due this week (each worth 35 points) as follows. Case 5-1David L. Miller: Portrait of a White-Collar Criminal (page 144). In comprehensive paragraphs, answerrequirements 1?6....

Q:

It's divided in 2 parts: Part 1: Summarize all of it in 1 page (Use word or docs for reference) Part 2: Answer Short question after summarizing all. This would help a lot, thank you! Part 1:...

Q:

Strategic Leadership Real Life Case Study Assignment (Individual Basis) Purpose of the learning activity: This project will allow the students to use the concepts of Strategic Leadership learned over...

Q:

This text was adapted by The Saylor Foundation under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License without attribution as requested by the work's original creator or licensee. 1...

Q:

London School of Science & Technology Qualification Unit number and title BTEC Level 5 HND Diploma Business UNIT 6: Business Decision Making Student name and ID number Assessor name Al Hassan Barrie...

Q:

Describe one specific section which surprised you. Explain the concept that was surprising and explain why I Self-Management Copyright 2007. Arnacorn. All rights reserved. Selfmanagement happens when...

Q:

3. How did you feel about the content --- did it enlighten you? Was it not very helpful? Was it interesting? I Self-Management Copyright 2007. Arnacorn. All rights reserved. Selfmanagement happens...

Q:

In Exercises 1-3, use a rotation of axes to put the conic in standard position. Identify the graph, give its equation in the rotated coordinate system, and sketch the curve. 1. x2 + xy + y2 = 6 2....

Q:

Use Theorem 1 to determine where each function in Problem is continuous. Express the answer in interval notation. 7 x

Q:

Direct Computation of Nonoperating Returna. Compute net nonoperating expense (NNE) and net operating profit after tax (NOPAT). Assume a tax rate of 22%

Q:

[ LO 6 ] Spam filter, advertisement placement, and Machine learning recommendation systems on YouTube are all examples of Manual programming Data analytics

Q:

4. What is your proficiency level with Microsoft Office tools and with Microsoft Project and SharePoint?

Q:

Proficiency with Microsoft Word, Excel, PowerPoint

Q:

Experience with SharePoint and/or Microsoft Project desirable