Use the SEED VM $($this lab is from SEED and has been slightly modified$)$

$$ gcc $-$z execstack $-$o vul$\_$prog Lab$8.$c

$$ sudo chown root vul$\_$prog

$$ sudo chmod $+$s vul$\_$prog

$$ Do the following successfully using a string format vulnerability

$$ Crash program

$$ Print secret value secret

$$ Modify secret value secret

$$ Modify secret value secret with a predetermined value $0$x$42454546$

$$ Get a root shell

$$ Even$/*$vul$\_$prog.c$*/$

#include

#include

#define SECRET $0$x$44$

void vulfunc$($char $*$user$\_$input$)\{$

int secret;

int a$,$ b$,$ c$,$ d; $/*$other variables, not used here.$*/$

$/*$getting the secret$*/$

secret $=$ SECRET;

printf$("$The variable secret$$s address is $0$x$\%8$x

$",($unsigned int$)$&secret$)$;

printf$("$The variable secret$$s value is $0$x$\%$x or $\%$d

$",($unsigned int$)$secret$,$ secret$)$;

$/*$Vulnerable place$*/$

printf$($user$\_$input$)$;

printf$("$

$")$;

$/*$Verify whether your attack is successful$*/$

printf$("$The original secret: $0$x$\%$x or $\%$d

$",$ SECRET, SECRET$)$;

printf$("$The new secret: $0$x$\%$x or $\%$d

$",$ secret, secret$)$;

return;

$\}$

int main$($int argc, char$*$argv$[])\{$

FILE $*$badfile;

char str$[200]$;

badfile $=$ fopen$("$vulfile$","$rb$")$;

fread$($str$,$ sizeof$($char$),200,$ badfile$)$;

vulfunc$($str$)$;

return $1$;

$\}$ if you can$$t get a shell, I want to see all the steps you did