Implement a buffer overflow attack on the program below, isThisGood.c, by exploiting the input, see gets(). You do NOT modify the program below, instead craft a malicious input that causes a successful exploit. (It is OK to add comments @ the top of the program.)

Successful exploit invokes the function, oopsIGotToTheBadFunction, though this function is NOT explicitly called in the code! The input may have to be given through a file or piped in, since the input may have some non-pintable characters.

Do the work on a Unix box that you have root access - your home computer or DeterLab It is NOT easy. You have toplay with gdb - gnu debugger to get a handle on various registers and the relation between source and compiled output. You may have to turn off some system flags that prevent exploit attempts from getting through.(PLEASE INCLUDE COMPREHENSIVE DIRECTIONS ON HOW TO DO THIS)

Needed: A script/photo that includes program listing, compile/link/run. Script/photo should both have successful, and an unsuccessful exploit. Prior to the runs, give these commands in sequence (4 differentcommands - each spits out some info): hostname, pwd, arch, uname -a

The Script/photo also includes: any vulnerabilities this program has, how you designed the exploit, and responses to thequestions below; all of these items may be added as comment @ the top of the program so program listing will have it.

Questions: A)What is the address of the function oopsIGotToTheBadFunction()? Show also the actual command you used to find this. B)What is the address on the stack that your input must overwrite (address and content please)? How did youlocate this address? C) What is the address of buf? D)What is your input - show it in hexa characters (since some of the input is not likely to be printable).

Please assume that I have no idea how to do anything listed when answering.

#include #include int oopsIGotToTheBadFunction(void) { printf("Gotcha! "); exit(0); } int goodFunctionUserInput(void) { char buf[12]; gets(buf); return(1); } int main(void) { goodFunctionUserInput(); printf("Overflow failed "); return(1); }