Question: ii) An attacker creates a suitable injection vector to exploit the aforementioned memory error. To this end, he places the shellcode in the injection vector,
ii) An attacker creates a suitable injection vector to exploit the aforementioned memory error. To this end, he places the shellcode in the injection vector, pads it with his initials so as to create a message long enough to overflow bar; then the attacker adds the appropriate address at the right place and terminates the message with a NULL (\0). In other words, the injection vector looks as follows: An attacker creates a suitable injection vector to exploit the aforementioned memory error. To this end, he places the shellcode in the injection vector, pads it with his initials so as to create a message long enough to overflow bar; then the attacker adds the appropriate address at the right place and terminates the message with a NULL (\0). In other words, the injection vector looks as follows: see image attached Next, he runs the program giving this injection vector to it as its first argument. To his surprise, the attack fails. He asks you for help. State why the attack cannot work.
iii) Show how the shellcode can be modified to make the attack possible.
ii. An attacker creates a suitable injection vector to exploit the afore- mentioned memory error. To this end, he places the shellcode in the injection vector, pads it with his initials so as to create a message long enough to overflow bar; then the attacker adds the appropriate address at the right place and terminates the message with a NULL ('\0'). In other words, the injection vector looks as follows: | nop sled | shellcode | Oxbfff1234 | 10 | Next, he runs the program giving this injection vector to it as its first argument. To his surprise, the attack fails. He asks you for help. State why the attack cannot work. [2 marks] iii. Show how the shellcode can be modified to make the attack pos- sible. (Note: don't worry if you do not know the exact syntax of instructions, marks will be awarded for a clear explanation.) [2 marks] ii. An attacker creates a suitable injection vector to exploit the afore- mentioned memory error. To this end, he places the shellcode in the injection vector, pads it with his initials so as to create a message long enough to overflow bar; then the attacker adds the appropriate address at the right place and terminates the message with a NULL ('\0'). In other words, the injection vector looks as follows: | nop sled | shellcode | Oxbfff1234 | 10 | Next, he runs the program giving this injection vector to it as its first argument. To his surprise, the attack fails. He asks you for help. State why the attack cannot work. [2 marks] iii. Show how the shellcode can be modified to make the attack pos- sible. (Note: don't worry if you do not know the exact syntax of instructions, marks will be awarded for a clear explanation.) [2 marks]
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help