Help on part C only

Problem 2 A. (2 points) What is wrong with the following code? Indicate the line(s) and why it is wrong. #include void foo () { char buf[5]; printf("%p n Please enter a command. In'', buf); gets (buf); int main() { foo (); B. (2 point) The above code is modified to use fgets (buf) instead of gets (buf). What is the effect of this modification? Hint: fgets and gets are standard C library functions. Even if you're not familiar with them, standard Googling will provide you with enough information. C. (4 points) Let's say you are an attacker wishing to exploit the code in part A. Assume that all memory protections have been disabled and the stack looks similar to figure 1. Your task is to construct a string that will overflow the buffer and crash the program. Given below are pointers to construct the string. Use them and construct the malicious input string. We will assume that the machine is a 64-bit Intel x86 machine. Note that to avoid fragmentation the buffer size will be rounded off to the nearest multiple of word size (refer to lecture notes if this point is not clear to you.) To crash the program a garbage instruction needs to be written after the return address, which will occupy 64-bit on stack. Usually, a no-operation command (NOP), which is the string "\x90, is used as a garbage instruction as it does not do anything. Your exploit string is basically appropriate number of "\x90 concatenated together. Remember that the stack gets filled from lower memory address to higher memory address in buffer overflow scenarios and don't forget that the size of \x90 is 1 byte. Lower Memory Address Higher Memory Address buf return address Stack Pointer Figure 1: Figure for Problem 20 Problem 2 A. (2 points) What is wrong with the following code? Indicate the line(s) and why it is wrong. #include void foo () { char buf[5]; printf("%p n Please enter a command. In'', buf); gets (buf); int main() { foo (); B. (2 point) The above code is modified to use fgets (buf) instead of gets (buf). What is the effect of this modification? Hint: fgets and gets are standard C library functions. Even if you're not familiar with them, standard Googling will provide you with enough information. C. (4 points) Let's say you are an attacker wishing to exploit the code in part A. Assume that all memory protections have been disabled and the stack looks similar to figure 1. Your task is to construct a string that will overflow the buffer and crash the program. Given below are pointers to construct the string. Use them and construct the malicious input string. We will assume that the machine is a 64-bit Intel x86 machine. Note that to avoid fragmentation the buffer size will be rounded off to the nearest multiple of word size (refer to lecture notes if this point is not clear to you.) To crash the program a garbage instruction needs to be written after the return address, which will occupy 64-bit on stack. Usually, a no-operation command (NOP), which is the string "\x90, is used as a garbage instruction as it does not do anything. Your exploit string is basically appropriate number of "\x90 concatenated together. Remember that the stack gets filled from lower memory address to higher memory address in buffer overflow scenarios and don't forget that the size of \x90 is 1 byte. Lower Memory Address Higher Memory Address buf return address Stack Pointer Figure 1: Figure for Problem 20