In this problem, you will smash the stack of the a$6$ program that you already downloaded. The main function of this program

simply calls the function f shown below:

void f$()\{$

char prompt$1[100]$;

char prompt$2[100]$;

char id$[15]$;

char pwd$[30]$;

strcpy$($prompt$1,$"Username: $")$;

strcpy$($prompt$2,$"Password: $")$;

printf$("\%$s$",$prompt$1)$;

scanf$("\%$s$",$id$)$;

printf$("\%$s$",$prompt$2)$;

scanf$("\%$s$",$pwd$)$;

if $(!$ strncmp$($id$,"$cs$326\_$student",$15))\{$

if $(!$ strncmp$($pwd$,$password,$15))\{$

printf$("$

You$$re in$!")$;

printf$("$

$\%$s

$",$passphrase$)$;

$\}$ else $\{$

printf$("$

Incorrect password.

$")$;

$\}$

$\}$ else $\{$

printf$("$

Unknown username.

$")$;

$\}$

printf$("$Done$")$;

$\}$

This function simulates a typical login sequence with the username equal to a student and the password stored in the variable

password $($whose declaration and value are not shown$).$ Similarly, the declaration and value of the variable called passphrase

are not shown. Your goal is to smash the stack in order to get the two consecutive printf statements $($including the one that

prints the passphrase$)$ to execute without entering the correct password.

More precisely, you must:

$($a$)$ Map the area of memory that contains the stack frame for the activation of the function f$.$

$($b$)$ Determine an input string that starts with the correct username and ends with appropriately chosen overflow bytes that

cause the behavior described above.

$($c$)$ Write a shell command that executes a perl command to generate the input string obtained

at the previous step and feeds its output to the a$6$ executable.

the program expects two input strings

$($namely the username followed by the password$).$ When forming your input string for step $($b$)$ above, simply separate these two

substrings by a newline character. Note that, even though your input MUST start with the correct username, it is expected that

the first string output by the program when you attack it will be $$Unknown username.$$ Make sure to understand why.

$$ Every character in your input string that is not specified in this handout $($and whose specific value does not matter for the

success of the stack smashing attack$)$ must be an uppercase $$A$.$

$$ Once you have successfully smashed the stack, the two strings $$You$$re in$!$ and the passphrase must be printed on two

consecutive lines $($among other outputs$),$ and the entire output may NOT contain any unprintable characters.