Question
By using the vul_program below please do the following tasks. This is a SEEDLab C language assignment that I am having trouble with. Complete this
By using the vul_program below please do the following tasks. This is a SEEDLab C language assignment that I am having trouble with.
Complete this in a SEED VM environment.
The vulnerable program you are going to exploit is here: vul_prog.c (below)
You can compile this program for the lab as 32-bit, without stack protections and randomization to make things a bit easier.s
/* vul_prog.c */
#include
#define SECRET1 0x44 #define SECRET2 0x55
int main(int argc, char *argv[]) { char user_input[50]; int *secret; int int_input; int a, b; /* other variables, not used here.*/ /* The secret value is stored on the heap */ secret = (int *) malloc(2*sizeof(int)); /* getting the secret */ secret[0] = SECRET1; secret[1] = SECRET2; printf("The variable secret's address is 0x%8x (on stack) ", (unsigned int)&secret); printf("The variable secret's value is 0x%8x (on heap) ", (unsigned int)secret); printf("secret[0]'s address is 0x%8x (on heap) ", (unsigned int)&secret[0]); printf("secret[1]'s address is 0x%8x (on heap) ", (unsigned int)&secret[1]); printf("Please enter a decimal integer "); scanf("%d", &int_input); /* getting an input from user */ printf("Please enter a string "); scanf("%s", user_input); /* getting a string from user */ /* Vulnerable place */ printf(user_input); printf(" "); /* Verify whether your attack is successful */ printf("The original secrets: 0x%x -- 0x%x ", SECRET1, SECRET2); printf("The new secrets: 0x%x -- 0x%x ", secret[0], secret[1]); return 0; }
Tasks:
1. Crash the program. You should find the format string vulnerability in the program and develop an input string to crash the program.
What exploit string did you use?
Include a screenshot of your successful crash.
2. Print out the secret[1] value. You should develop a format string exploit that prints out this value.
What exploit string did you use?
Include a screenshot of your successful crash.
3. Modify the secret[1] value. Now change your exploit from above to modify this value. You can modify it to any value you select.
What exploit string did you use?
Include a screenshot of your successful crash.
4. Modify the secret[1] value to a pre-determined value. Now modify your exploit to change the value of secret[1] to 0x500
What exploit string did you use?
Include a screenshot of your successful crash.
Thank you kindly for your assistance.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started