Build a Website
$30-250 USD
货到付款
Part 1: Understanding Buffer Overflow (20 Points)
Note: For this task, you may use online resources to show a program with these vulnerabilities, but please cite
these online sources. The diagrams should be your own (not copied from the online resources).
Stack buffer overflow: Write a testing program (not sort.c from task 2) that contains a stack buffer over-
flowvulnerability. Show what the stack layout looks like and explain how to exploit it. In particular, please
include in your diagram: (1) The order of parameters (if applicable), return address, saved registers (if applicable),
and local variable(s), (2) their sizes in bytes, (3) size of the overflowing buffer to reach return address,
and (4) the overflow direction in the stack. You are not required to write the real exploit code, but you may
want to use some figures to make your description clear and concise.
Deliverable: a pdf file containing your vulnerable programs (paste your code into the pdf directly) and your
explanations.
Part 2: Exploiting Buffer Overflow (60 points)
The attached C code (sort.c) contains a stack buffer overflow vulnerability. Please write an exploit (by modifying
[url removed, login to view]) to open a shell on Linux. The high level idea is to overwrite the return address with the address of
function system(), and pass the parameter “sh” to this function. Once the return instruction is executed, this
function will be called to open a shell.
We have provided you with a virtual machine image for this project. We do not recommend you use your
own VM image.
Steps:
1. Import the .OVA file to VirtualBox. Username: ubuntu Password: 123456
2. Compile the provided C code (which you will be exploiting): gcc sort.c -o sort -fno-stack-protector.
3. To run this program, put some hexadecimal integers in the file: [url removed, login to view], and execute sort by: ./sort
[url removed, login to view]
4. When you put a very long list of integers in [url removed, login to view], you will notice sort crashes with memory segfault,
this is because the return address has been overwritten by your data.
5. Now you can craft your shellcode in data.txt. Again, your goal is to overwrite the return address with
the address of function “system()” and pass it with the address of string “sh”. Do not use environment
variables to store these addresses and then access those environment variables. Use the library addresses
of “system()” and “sh” explicitly. GDB can be used to find these library addresses and test/debug your
exploit. However, it should be noted that your final exploit (i.e., the final version of your [url removed, login to view]) should
work outside of GDB. Just running “./sort [url removed, login to view]” should spawn a shell for you.
1
6. Provide a screenshot of you exploiting sort.
7. Have fun.
Deliverables: the [url removed, login to view] file you craft and a screenshot of the exploit. The screenshot should be put into
the PDF file (the same from task1).
Part 3: Open Question (20 Points)
First, if you are not familiar with code reuse attacks, please read the following papers:
1. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)
2. On the Effectiveness of Address-Space Randomization
3. Code-pointer Integrity
4. Control-Flow Bending: On the Effectiveness of Control-Flow Integrity
5. ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks
Two general detections of mitigating code reuse attacks are code diversification and control flow integrity.
Interestingly, both directions have their own limitations, and have been shown to be still vulnerable.
项目ID: #13043512
关于项目
有15名威客正在参与此工作的竞标,均价$251/小时
Hi sir, i have read your description and i am interested in your project. Spare me some time that we can speak about project. Waiting for your positive response Thank you portfolio link: [login to view URL] 更多
I'm available to discuss more on your project, I will provide 24/7 support and quick response guaranteed! So feel free to contact me at any time! If you need any further information, please feel free to contact me.
Dear Client, Hope you are having a wonderful day !! We have read your requirement carefully and we have understood all the things that you have mentioned. You will be glad to know that we have extensive experti 更多