Question: 6. To write a shellcode, we need to know the address of the string /bin/sh. If we have to hardcode the address in the code,

6. To write a shellcode, we need to know the address

6. To write a shellcode, we need to know the address of the string "/bin/sh". If we have to hardcode the address in the code, it will become difficult if ASLR is turned on. Shellcode solved that problem without hardcoding the address of the string in the code. Please explain how the shellcode in exploit.c achieved that. /* exploit.c */ /* A program that creates a file containing code for launching shell* #include #include #include char shellcode[]- /* xor1 /* pushl / pushl /*pushl /* mov! /* pushl /* pushl /* mov! /s cdq %eax , %eax %eax "x50" "\x68""/sh" "\x68""/bin" "x89\xe3" "x50" "x53" "\x89\xel" "\x99" $0x68732f2f $0x6e69622f %esp,%ebx %eax %ebx %esp,%ecx "xcd\x80" /* int $0x80 void main(int argc, char **argv) char buffer[517]; FILE *badfile; /*Initialize buffer with 0x90 (NOP instruction) */ memset (&buffer, 0x90, 517; * You need to fill the buffer with appropriate contents here * Save the contents to the file "badfile" */ badfile-fopen(./badfile", "w"); fwrite(buffer, 517, 1, badfile); fclose(badfile); 6. To write a shellcode, we need to know the address of the string "/bin/sh". If we have to hardcode the address in the code, it will become difficult if ASLR is turned on. Shellcode solved that problem without hardcoding the address of the string in the code. Please explain how the shellcode in exploit.c achieved that. /* exploit.c */ /* A program that creates a file containing code for launching shell* #include #include #include char shellcode[]- /* xor1 /* pushl / pushl /*pushl /* mov! /* pushl /* pushl /* mov! /s cdq %eax , %eax %eax "x50" "\x68""/sh" "\x68""/bin" "x89\xe3" "x50" "x53" "\x89\xel" "\x99" $0x68732f2f $0x6e69622f %esp,%ebx %eax %ebx %esp,%ecx "xcd\x80" /* int $0x80 void main(int argc, char **argv) char buffer[517]; FILE *badfile; /*Initialize buffer with 0x90 (NOP instruction) */ memset (&buffer, 0x90, 517; * You need to fill the buffer with appropriate contents here * Save the contents to the file "badfile" */ badfile-fopen(./badfile", "w"); fwrite(buffer, 517, 1, badfile); fclose(badfile)

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

4.12. Why does ASLR make buffer-overflow attack more difficult? 4.13. To write a shellcode, we need to know the address of the string "/bin/sh". If we have to hardcode the address in the code, it...

computer security course, please I need help it due 3 hours. 1 Lab Overview The learning objective of this lab is for students to gain the first-hand experience on buffer-overflow vulner- ability by...

please answer 4,5&6 as they are interconnected to task 1&2 . the first page is instructions and then task 2 . at the end i have uploaded task 1 . dont know the answer? task 4,5&6 based on 1&2 SEED...

4. Question. Consider the following C code fragment and assume the pro- gram name is fixed to vuln, it is invoked as ./vuln (i.e., argv[0]) and cannot be changed by an attacker. 1 int 2 main(int...

mysh.s code section.text global_start _start: ;Store the argument string on stack xor eax, eax push eax ;Use 0 to terminate the string push "//sh" ; push "/bin" mov ebx, esp ;Get the string address...

2. Exploiting Buffer Overflow (50 points) The attached C code (sort.c) contains a stack buffer overflow vulnerability. Please write an exploit (by modifying data.txt) to open a shell on Linux. The...

3. Consider the following C code fragment and assume the program name is fixed to vuln, it is invoked as ./vuln (i.e., argv[0]) and cannot be changed by an attacker. 1 int 2 main (int argc, char...

What am I doing wrong here? See my screenshot below. this is the question: 1) Import the OVA file to VirtualBox. (Username: ubuntu, Password: 123456) 2) Immediately CLONE the original OVA for use in...

Return to Libc Attack vuln.c #include #include #include long x = 0, y = 0, z = 0; FILE *fp = NULL; void bubbleSort() { long swap = 0; long array[39]; // loading data to array printf("Source list: ");...

vuln.c #include #include #include long x = 0, y = 0, z = 0; FILE *fp = NULL; void bubbleSort() { long swap = 0; long array[39]; // loading data to array printf("Source list: "); char...

Write a class marks with three data members to store three marks.Write three member functions, set_marks() to input marks, sum() to calculate and return the sum and avg() to calculate and return...

Llamas de Fama has a weighted average cost of capital of 9.2 percent. The company's cost of capital is 12.8 percent and the cost of debt is 7.4 percent. The tax rate is 22 percent. What is the...

QUESTION 1 1 Securities should be sold when, Cash received is slightly below the value of securities sold. The cost of debt is low. Cash received is equal to or exceeds the value of securities sold....

CT Corp Comprehensive Question Canadian Tire Corporation, Limited (Canadian Tire) is a family of companies that includes a retail segment and a financial services division, among others. The retail...

Technology. Your instructor has asked you to speak to the faculty club at your school. Your speech is to be about the benefits of membership in student organizations. You are unable to make the...

Seafood Specialties Restaurant offers a shrimp and lobster tail special each Friday evening.You are manager of the restaurant. On Tuesday, you received a request from a customer, Shipley Masters, who...

You are the customer service representative for Fly High Airline. The airline awards frequent flyer miles but charges a $50 fee per ticket unless the free flight is booked more than 14 days in...