Question
Given the C program ret2libc : int vuln(char* input) { char buff[100]; strcpy(buff, input); return 0; } int main(int argc, char *argv[]) { if(argc <
Given the C program ret2libc :
int vuln(char* input) {
char buff[100];
strcpy(buff, input);
return 0;
}
int main(int argc, char *argv[])
{
if(argc < 2)
{
printf("Syntax: %s ", argv[0]);
exit (0);
}
vuln(argv[1]);
return 0;
}
We want to exploit the program ret2libc that is vulnerable to a stack-based buffer overflow.
For each of the two tasks, write and submit a commented script that writes your exploit to stdout, such that the output can be used as the argument for the target program.
i) Spawn a shell via a return-to-libc attack: Exploit the vulnerability in the binary to call the function system() in libc with parameter /bin/sh.
ii) With system() we can not only execute /bin/sh but arbitrary commands. To demonstrate this, write an exploit that creates the file owned in the folder s3cr3t. To do so, run the command touch s3cr3t/owned. Remember that you can inject strings into the process by setting environment variables prior to the execution.
Ensure that your exploit terminates without causing a segmentation fault by calling exit() after system().
suppose the address of :
function system() : 0xf7e18360
function exit(): 0xf7e0aec0
/bin/sh : 0xf7f62363
Please write a well commented script that is tested very well .
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started