Question
By using the vul_program below please do the following tasks. This is a SEEDLab C language assignment that I am having trouble with. Complete this
By using the vul_program below please do the following tasks. This is a SEEDLab C language assignment that I am having trouble with.
Complete this in a SEED VM environment.
The vulnerable program you are going to exploit is here: vul_prog.c (below)
You can compile this program for the lab as 32-bit, without stack protections and randomization to make things a bit easier.s
/* vul_prog.c */
#include
#define SECRET1 0x44 #define SECRET2 0x55
int main(int argc, char *argv[]) { char user_input[50]; int *secret; int int_input; int a, b; /* other variables, not used here.*/ /* The secret value is stored on the heap */ secret = (int *) malloc(2*sizeof(int)); /* getting the secret */ secret[0] = SECRET1; secret[1] = SECRET2; printf("The variable secret's address is 0x%8x (on stack) ", (unsigned int)&secret); printf("The variable secret's value is 0x%8x (on heap) ", (unsigned int)secret); printf("secret[0]'s address is 0x%8x (on heap) ", (unsigned int)&secret[0]); printf("secret[1]'s address is 0x%8x (on heap) ", (unsigned int)&secret[1]); printf("Please enter a decimal integer "); scanf("%d", &int_input); /* getting an input from user */ printf("Please enter a string "); scanf("%s", user_input); /* getting a string from user */ /* Vulnerable place */ printf(user_input); printf(" "); /* Verify whether your attack is successful */ printf("The original secrets: 0x%x -- 0x%x ", SECRET1, SECRET2); printf("The new secrets: 0x%x -- 0x%x ", secret[0], secret[1]); return 0; }
Tasks:
Crash the program. You should find the format string vulnerability in the program and develop an input string to crash the program.
What exploit string did you use?
Print out the secret[1] value. You should develop a format string exploit that prints out this value.
What exploit string did you use?
Modify the secret[1] value. Now change your exploit from above to modify this value. You can modify it to any value you select.
What exploit string did you use?
Modify the secret[1] value to a pre-determined value. Now modify your exploit to change the value of secret[1] to 0x500
What exploit string did you use?
.
Thank you kindly for your assistance.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access with AI-Powered Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started