FREE Trial
Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

I get the segmentation fault but I was unable to get the access granted ... Can anyone help? For this lab, You will find two

I get the segmentation fault but I was unable to get the access granted ... Can anyone help?

For this lab, You will find two executable files there: buffer_oflow1 and buffer_oflow2. Use the process shown in the video to overflow the buffer that is used to grab the password field in the main() function in order to overwrite the return pointer and execute the accessGranted function.

Task 3: You need to overflow the input buffer for the buffer_oflow1 and buffer_oflow2 programs and get the Access Granted! message without entering the correct password.

Task 4: What is the last name of the author quoted in the accessGranted function of the buffer_oflow2 program?

Task 5: Assuming that you have successfully overflowed the return pointer and executed the accessGranted function of the buffer_oflow2 program, why is there another Segmentation Fault after the massage is printed? [Hint: how would the value of the return address for the accessGranted function normally get placed in

image text in transcribed

image text in transcribedimage text in transcribedimage text in transcribed

For this lab, You will find two executable files there: buffer oflowl and buffer oflow2. Use the process shown in the video to overflow the buffer that is used to grab the password field in the main() function in order to overwrite the return pointer and execute the access Granted' function. Terminal - studentamuneebahmed: -/lab1/buffer_oflow File Edit View Terminal Tabs Help student@muneebahmed:-/lab1/buffer_oflow$ ./buffer_oflowl Enter password: password Access Denied. Studentamuneebahmed:-/lab/buffer of low$ studentenuneebahmed:-/1ab1/buffer of low$ ./buffer_oflowl Enter password: $3cr3t Access Granted! "Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something." Robert Heinlein student muneebahmed:-/labi/buffer of low$I Task 1: In the buffer_oflowl and buffer_oflow2 programs, what is the address of the accessGranted function? (Hint: use the Linux obidume utility here The address for buffer oflowl is "080484ac" as shown in the screenshot below: 80484a2: e9 79 ff ff 80484a7: e9 74 ff ff 080484ac : 80484ac: 55 8049Aad 90A5 The address for is 080484c5 for buffer_oflow2 programs as shown below in the screenshot. 080484c5 : 8048405: 55 Task 2: How many bytes (how may 'A's) are required to overflow the input buffer for the buffer_oflowl and buffer_oflow2 programs? After trying out many A's I found out that 90 A's are required to overflow the input buffer for the buffer_oflowl. As shown and highlighted in the screenshot below studentmuneebahmed:-/lab1/buffer_oflow$ python -c 'print "A"*70' | ./buffer_oflowl Enter password: Access Denied student@muneebahmed:-/lab1/buffer_oflow$ python -c 'print "A"*40 | .buffer_oflow1 .buffer_oflowl: command not found student@muneebahmed:-/lab1/buffer_oflow$ python -c 'print "A"*40 | /.buffer_oflowl bash: /.buffer_oflowl: No such file or directory close failed in file object destructor: sys.excepthook is missing lost sys.stderr student@muneebahmed:-/lab1/buffer_oflow$ python -C 'print "A"*40 1 ./buffer_oflowl Enter password: Access Denied ... student@muneebahmed:-/labl/buffer_oflow$ python -c 'print "A"*90 1./buffer_oflowl Enter password: Access Denied Segmentation fault (core dumped) studentamuneahahmede-/labi/huffer nflow Task 3: You need to overflow the input buffer for the buffer_oflowl and buffer_oflow2 programs and get the "Access Granted!" message without entering the correct password. Task 4: What is the last name of the author quoted in the accessGranted function of the buffer_oflow2 program? Task 5: Assuming that you have successfully overflowed the return pointer and executed the accessGranted function of the buffer_oflow2 program, why is there another Segmentation Eault after the massage is printed into how would the value of the return 08048521
: 8048521: 55 8048522: 89 e5 8048524: 83 e4 fo 8048527: 83 ec 60 804852a: c7 04 24 97 86 04 08 8048531: e8 3a fe ff ff 8048536: 8d 44 24 la 804853a: 89 04 24 8048530: e8 3e fe ff ff 8048542: 8d 44 24 la 8048546: 89 04 24 8048549: e8 a8 ff ff ff 804854e: b8 00 00 00 00 8048553: c9 8048554: c3 8048555: 90 8048556: 90 8048557: 90 8048558: 90 8048559: 90 804855a: 90 804855b: 90 804855c: 90 804855d: 90 804855e: 90 804855f: 90 %ebp %esp, Sebp $0xfffffff0,%esp $0x60,%esp $0x8048697, (esp) 8048370 Oxla (esp), %eax Seax, (%esp) 8048380 Oxla(esp), %eax Seax, (fesp) 80484f6 $0x0, %eax push mov and sub movl call lea mov call lea mov call mov leave ret nop nop nop nop nop nop nop nop nop nop nop 080484ac : 80484ac: 55 80484ad: 89 e5 80484af: 83 ec 18 80484b2: c7 04 24 fo 85 04 08 80484b9: e8 d2 fe ff ff 80484be: c7 04 24 00 86 04 08 80484c5: e8 c6 fe ff ff 80484ca: c7 04 24 69 86 04 08 80484d1: e8 ba fe ff ff 80484d6: b8 00 00 00 00 80484db: c9 80484dc: c3 push mov sub movl call movl call movl call mov leave ret %ebp %esp, %ebp $0x18, %esp $0x80485f0, (%esp) 8048390 $0x8048600, (esp) 8048390 $0x8048669, (%esp) 8048390 $0x0, %eax 080484dd : 80484dd: 55 80484de: 89 e5 8048400: 83 ec 18 80484e3: c7 04 24 7b 86 04 08 80484ea: e8 al fe ff ff 80484ef: b8 00 00 00 00 80484f4; c9 80484f5: C3 push mov sub movl call mov leave ret %ebp %esp, Sebp $0x18, %esp $0x804867b, (fesp) 8048390 $0x0,%eax push mov sub movl %ebp %esp, %ebp $0x18,%esp $0x8048690, 0x4(%esp) 080484f6 : 80484f6: 55 80484f7: 89 e5 80484f9: 83 ec 18 80484fc: c7 44 24 04 90 86 04 8048503: 08 8048504: 8b 45 08 8048507: 89 04 24 804850a: e8 51 fe ff ff 804850f: 85 c0 8048511: 75 07 8048513: e8 94 ff ff ff 8048518: eb 05 804851a: e8 be ffffff 804851f: c9 8048520: C3 mov mov call test jne call jmp call leave ret 0x8(%ebp),%eax %eax, (%esp) 8048360 %eax, %eax 804851a 80484ac 804851f 80484dd | ./buffer_oflowl Enter password: Access Denied student@ip-10-1-147-81:-/lab1/buffer_oflow$ student@ip-10-1-147-81:-/lab1/buffer_oflow$ python -C 'print "A"*40 Enter password: Access Denied student@ip-10-1-147-81:-/lab1/buffer_oflows student@ip-10-1-147-81:-/lab1/buffer_oflow$ python -c 'print "A"*90 Enter password: Access Denied Segmentation fault (core dumped) | ./buffer_oflow1 + student@ip-10-1-147-81:-/lab1/buffer_oflow$ student@ip-10-1-147-81:-/lab1/buffer_oflow$ python -C 'print "A" | ./buffer_oflowl Enter password: Access Denied ... Access Granted! "Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something.' - Robert Heinlein Segmentation fault (core dumped) student@ip-10-1-147-81:-/lab1/buffer oflow$ For this lab, You will find two executable files there: buffer oflowl and buffer oflow2. Use the process shown in the video to overflow the buffer that is used to grab the password field in the main() function in order to overwrite the return pointer and execute the access Granted' function. Terminal - studentamuneebahmed: -/lab1/buffer_oflow File Edit View Terminal Tabs Help student@muneebahmed:-/lab1/buffer_oflow$ ./buffer_oflowl Enter password: password Access Denied. Studentamuneebahmed:-/lab/buffer of low$ studentenuneebahmed:-/1ab1/buffer of low$ ./buffer_oflowl Enter password: $3cr3t Access Granted! "Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something." Robert Heinlein student muneebahmed:-/labi/buffer of low$I Task 1: In the buffer_oflowl and buffer_oflow2 programs, what is the address of the accessGranted function? (Hint: use the Linux obidume utility here The address for buffer oflowl is "080484ac" as shown in the screenshot below: 80484a2: e9 79 ff ff 80484a7: e9 74 ff ff 080484ac : 80484ac: 55 8049Aad 90A5 The address for is 080484c5 for buffer_oflow2 programs as shown below in the screenshot. 080484c5 : 8048405: 55 Task 2: How many bytes (how may 'A's) are required to overflow the input buffer for the buffer_oflowl and buffer_oflow2 programs? After trying out many A's I found out that 90 A's are required to overflow the input buffer for the buffer_oflowl. As shown and highlighted in the screenshot below studentmuneebahmed:-/lab1/buffer_oflow$ python -c 'print "A"*70' | ./buffer_oflowl Enter password: Access Denied student@muneebahmed:-/lab1/buffer_oflow$ python -c 'print "A"*40 | .buffer_oflow1 .buffer_oflowl: command not found student@muneebahmed:-/lab1/buffer_oflow$ python -c 'print "A"*40 | /.buffer_oflowl bash: /.buffer_oflowl: No such file or directory close failed in file object destructor: sys.excepthook is missing lost sys.stderr student@muneebahmed:-/lab1/buffer_oflow$ python -C 'print "A"*40 1 ./buffer_oflowl Enter password: Access Denied ... student@muneebahmed:-/labl/buffer_oflow$ python -c 'print "A"*90 1./buffer_oflowl Enter password: Access Denied Segmentation fault (core dumped) studentamuneahahmede-/labi/huffer nflow Task 3: You need to overflow the input buffer for the buffer_oflowl and buffer_oflow2 programs and get the "Access Granted!" message without entering the correct password. Task 4: What is the last name of the author quoted in the accessGranted function of the buffer_oflow2 program? Task 5: Assuming that you have successfully overflowed the return pointer and executed the accessGranted function of the buffer_oflow2 program, why is there another Segmentation Eault after the massage is printed into how would the value of the return 08048521
: 8048521: 55 8048522: 89 e5 8048524: 83 e4 fo 8048527: 83 ec 60 804852a: c7 04 24 97 86 04 08 8048531: e8 3a fe ff ff 8048536: 8d 44 24 la 804853a: 89 04 24 8048530: e8 3e fe ff ff 8048542: 8d 44 24 la 8048546: 89 04 24 8048549: e8 a8 ff ff ff 804854e: b8 00 00 00 00 8048553: c9 8048554: c3 8048555: 90 8048556: 90 8048557: 90 8048558: 90 8048559: 90 804855a: 90 804855b: 90 804855c: 90 804855d: 90 804855e: 90 804855f: 90 %ebp %esp, Sebp $0xfffffff0,%esp $0x60,%esp $0x8048697, (esp) 8048370 Oxla (esp), %eax Seax, (%esp) 8048380 Oxla(esp), %eax Seax, (fesp) 80484f6 $0x0, %eax push mov and sub movl call lea mov call lea mov call mov leave ret nop nop nop nop nop nop nop nop nop nop nop 080484ac : 80484ac: 55 80484ad: 89 e5 80484af: 83 ec 18 80484b2: c7 04 24 fo 85 04 08 80484b9: e8 d2 fe ff ff 80484be: c7 04 24 00 86 04 08 80484c5: e8 c6 fe ff ff 80484ca: c7 04 24 69 86 04 08 80484d1: e8 ba fe ff ff 80484d6: b8 00 00 00 00 80484db: c9 80484dc: c3 push mov sub movl call movl call movl call mov leave ret %ebp %esp, %ebp $0x18, %esp $0x80485f0, (%esp) 8048390 $0x8048600, (esp) 8048390 $0x8048669, (%esp) 8048390 $0x0, %eax 080484dd : 80484dd: 55 80484de: 89 e5 8048400: 83 ec 18 80484e3: c7 04 24 7b 86 04 08 80484ea: e8 al fe ff ff 80484ef: b8 00 00 00 00 80484f4; c9 80484f5: C3 push mov sub movl call mov leave ret %ebp %esp, Sebp $0x18, %esp $0x804867b, (fesp) 8048390 $0x0,%eax push mov sub movl %ebp %esp, %ebp $0x18,%esp $0x8048690, 0x4(%esp) 080484f6 : 80484f6: 55 80484f7: 89 e5 80484f9: 83 ec 18 80484fc: c7 44 24 04 90 86 04 8048503: 08 8048504: 8b 45 08 8048507: 89 04 24 804850a: e8 51 fe ff ff 804850f: 85 c0 8048511: 75 07 8048513: e8 94 ff ff ff 8048518: eb 05 804851a: e8 be ffffff 804851f: c9 8048520: C3 mov mov call test jne call jmp call leave ret 0x8(%ebp),%eax %eax, (%esp) 8048360 %eax, %eax 804851a 80484ac 804851f 80484dd | ./buffer_oflowl Enter password: Access Denied student@ip-10-1-147-81:-/lab1/buffer_oflow$ student@ip-10-1-147-81:-/lab1/buffer_oflow$ python -C 'print "A"*40 Enter password: Access Denied student@ip-10-1-147-81:-/lab1/buffer_oflows student@ip-10-1-147-81:-/lab1/buffer_oflow$ python -c 'print "A"*90 Enter password: Access Denied Segmentation fault (core dumped) | ./buffer_oflow1 + student@ip-10-1-147-81:-/lab1/buffer_oflow$ student@ip-10-1-147-81:-/lab1/buffer_oflow$ python -C 'print "A" | ./buffer_oflowl Enter password: Access Denied ... Access Granted! "Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something.' - Robert Heinlein Segmentation fault (core dumped) student@ip-10-1-147-81:-/lab1/buffer oflow$

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Building A Cloud Data Solutions An End To End Guide For Designing Implementing And Managing Robust Data Solutions In The Cloud

Building A Cloud Data Solutions An End To End Guide For Designing Implementing And Managing Robust Data Solutions In The Cloud

Authors: Anouar Ben Zahra

1st Edition

B0CKY5Z96M, 979-8863958149

More Books

Students also viewed these Databases questions

Question

Lavern Company experienced the following during 2009: a. Sold preferred stock for $392,000. b. Declared dividends of $100,000 payable on March 1, 2010. c. Borrowed $480,000 from bank on a two-year...

Answered: 1 week ago

Question

Self-test This book shows you how accounts are prepared. It also shows how the information provided is used. List the six reasons for preparing accounts.

Answered: 1 week ago

Question

Are there cases other than the two instances noted in the chapter when companies should be allowed to use polygraph tests on employees? When and why?

Answered: 1 week ago

Question

The Pension Trust Fund maintained by the City of Linden had the following transactions during 2012. Record each transaction in the Pension Trust Fund. Ignore any other funds that may be involved in a...

Answered: 1 week ago

Question

At the beginning of each instruction cycle, the processor fetches an instruction from memory. T or F

Answered: 1 week ago

Question

1pts higher in the future and your client has half the portfolio invested in preferred stock. Which of the following statements are you most likely to make? The value of your Preferreds will likely...

Answered: 1 week ago

Question

When is it not acceptable to apply the auditing standards of another country or the International Standards on Auditing (ISAs)? The auditor is a licensed expert of those standards. The auditor uses...

Answered: 1 week ago

Question

Resistance is a deleterious force in therapy and must be confronted in the first session true or false

Answered: 1 week ago

Question

A company is giving a hiring exam for an entry level position. 80% of the candidates passed with an average score of 83%, while remaining candidates failed the exam with an average score of 54%. If...

Answered: 1 week ago

Question

The cost of new machine is $220,000. The cost of shipping is $10,000 and of installation is $20,000. The required working capital is $25,000. Using the 3-year MACRS schedule, determine the...

Answered: 1 week ago

Question

According to Fisher and Frey, what type of "robust" question is provided below? If you could give Romeo and Juliet advice, what would you tell them? Group of answer choices inventive question...

Answered: 1 week ago

Question

Give an example of a skip-and-jump survey question. Why should this type of question be avoided? (Objective 3)

Answered: 1 week ago

Question

How can a writer determine whether to use a formal, third-person style or an informal, firstperson style when writing a formal report? (Objective 1)

Answered: 1 week ago

Question

You are a new employee for Chapel Hill Gas Company.Your supervisor has asked you to use your creative talents in developing a simple message that could be used to remind customers to pay their bill...

Answered: 1 week ago

Previous Question Next Question