Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Implement a buffer overflow attack on the program below, isThisGood.c, by exploiting the input, see gets(). You do NOT modify the program below, instead craft

Implement a buffer overflow attack on the program below, isThisGood.c, by exploiting the input, see gets(). You do NOT modify the program below, instead craft a malicious input that causes a successful exploit. (It is OK to add comments @ the top of the program.)

Successful exploit invokes the function, oopsIGotToTheBadFunction, though this function is NOT explicitly called in the code! The input may have to be given through a file or piped in, since the input may have some non-pintable characters.

Do the work on a Unix box that you have root access - your home computer or DeterLab It is NOT easy. You have toplay with gdb - gnu debugger to get a handle on various registers and the relation between source and compiled output. You may have to turn off some system flags that prevent exploit attempts from getting through.(PLEASE INCLUDE COMPREHENSIVE DIRECTIONS ON HOW TO DO THIS)

Needed: A script/photo that includes program listing, compile/link/run. Script/photo should both have successful, and an unsuccessful exploit. Prior to the runs, give these commands in sequence (4 differentcommands - each spits out some info): hostname, pwd, arch, uname -a

The Script/photo also includes: any vulnerabilities this program has, how you designed the exploit, and responses to thequestions below; all of these items may be added as comment @ the top of the program so program listing will have it.

Questions: A)What is the address of the function oopsIGotToTheBadFunction()? Show also the actual command you used to find this. B)What is the address on the stack that your input must overwrite (address and content please)? How did youlocate this address? C) What is the address of buf? D)What is your input - show it in hexa characters (since some of the input is not likely to be printable).

Please assume that I have no idea how to do anything listed when answering.

#include #include int oopsIGotToTheBadFunction(void) { printf("Gotcha! "); exit(0); } int goodFunctionUserInput(void) { char buf[12]; gets(buf); return(1); } int main(void) { goodFunctionUserInput(); printf("Overflow failed "); return(1); }

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Making Databases Work The Pragmatic Wisdom Of Michael Stonebraker

Authors: Michael L. Brodie

1st Edition

1947487167, 978-1947487161

More Books

Students also viewed these Databases questions

Question

=+ c. a company president deciding whether to open a new factory

Answered: 1 week ago