Question: Suppose that you are a software developer. Your software has a very simple task that 1) takes a customer's name as the input and 2)
Suppose that you are a software developer. Your software has a very simple task that 1) takes a customer's name as the input and 2) prints a giveaway for the customer. The simple program is designed to allow each customer to run the program once; therefore, the customer can get only one giveaway.
Meanwhile, there is an attacker who targets your simple program. The attacker's goal is to repeatedly print giveaways by passing some argument to your program because the attacker want to get an infinite number of giveaways. In other words, the argument will make the program repeatedly execute the function of giveaway.
1. Describe the attacker's attack strategy. In other words, please describe the memory addresses (e.g., stack memory) involved in the attack, and explain how the attack can make the program print an infinite number of giveaways.
2. Write a C program that passes the adversarial string to the target program and conducts the attack.
/* NOTE: Do not change this code giveaway.c */
#include
void giveaway(char* name){ char name2[16]; char* stuff[4] = {"Tesla S", "iPhone 12", "MacBook Pro 16", "Samsung Galaxy 21"};
strcpy(name2, name); //hint: smash this printf("Customer name: %s: ", name2); printf("Giveaway: %s! ", stuff[rand()%4]); printf("Rand number: %d ", rand()); }
int main(int argc, char ** argv){ if (argc < 2) { printf("usage: %s customer name ", argv[0]); return 0; }
srand(time(0)); giveaway(argv[1]);
return 0; }
------------------------------------------------------------------------------------------------
/* This code, called exploit.c, exploits the vulnerablity you've found * in the giveaway.c code. * NOTE: You may want to fill out your code in the below asterisk box. */
#include
int main(int _argc, char *_argv[]){ const char *giveaway = "./giveaway"; char buf[128]; char *argv[3]; //************************************** //NOTE: write C code here to populate buf //in order to pass the buf to the giveaway program, //and to perform the attack. //You don't need to change other code outside of this box. //**************************************
argv[0] = (char *)giveaway; argv[1] = buf; argv[2] = 0;
if (execve(giveaway, argv, NULL) < 0){ perror("execve"); return 1; }
return 0; }
Make sure to use: sudo sysctl -w kernel.randomize_va_space=0
Compile with Makefile.
CC := gcc CFLAGS := -ggdb -Wall -fno-stack-protector -m32 RM := rm -f
sources := giveaway.c exploit.c targets := giveaway exploit
all: $(targets)
clean: $(RM) $(targets) $(source:.c=.o)
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help