Given the C program ret2libc :

int vuln(char* input) {

char buff[100];

strcpy(buff, input);

return 0;

}

int main(int argc, char *argv[])

{

if(argc < 2)

{

printf("Syntax: %s ", argv[0]);

exit (0);

}

vuln(argv[1]);

return 0;

}

We want to exploit the program ret2libc that is vulnerable to a stack-based buffer overflow.

For each of the two tasks, write and submit a commented script that writes your exploit to stdout, such that the output can be used as the argument for the target program.

i) Spawn a shell via a return-to-libc attack: Exploit the vulnerability in the binary to call the function system() in libc with parameter /bin/sh.

ii) With system() we can not only execute /bin/sh but arbitrary commands. To demonstrate this, write an exploit that creates the file owned in the folder s3cr3t. To do so, run the command touch s3cr3t/owned. Remember that you can inject strings into the process by setting environment variables prior to the execution.

Ensure that your exploit terminates without causing a segmentation fault by calling exit() after system().

suppose the address of :

function system() : 0xf7e18360

function exit(): 0xf7e0aec0

/bin/sh : 0xf7f62363

Please write a well commented script that is tested very well .