Answered step by step
Verified Expert Solution
Question
1 Approved Answer
Task 2 . Address Randomization Now, we turn on the Ubuntu s address randomization. We run the same attack developed in Task 1 . Can
Task Address Randomization
Now, we turn on the Ubuntus address randomization. We run the same attack developed in Task Can you get a shell? If not, what is the problem? How does address randomization make your attacks difficult?
sudo sysctl w kernel.randomizevaspace
If running the vulnerable code once does not get you the root shell, how about running it for many times? You can run stack in the following loop and see what will happen. If your exploit program is designed properly, you should be able to get the root shell after a while. You can modify your exploit program to increase the probability of success ie reduce the time that you have to wait
seed@ubuntu:~Desktop$ sh c "while ; do stack; done;"
# whoami
Root
Task Stack Guard
Before working on this task, remember to turn off the address randomization first, or you will not know which protection helps achieve the protection.
In our previous tasks, we disabled the Stack Guard protection mechanism in gcc when compiling the programs. In this task, you may consider repeating task in the presence of Stack Guard. To do that, you should compile the program without the fnostackprotector option. For this task, you will recompile the vulnerable program, stack.c to use GCCs Stack Guard, execute task again.
root@ubuntu:homeseedDesktop# sysctl w kernel.randomizevaspace
kernel.randomizevaspace
root@ubuntu:homeseedDesktop# gcc o stack stack.c
root@ubuntu:homeseedDesktop# chmod us stack
root@ubuntu:homeseedDesktop# exit
exit
seed@ubuntu:~Desktop$ stack
stack smashing detected : stack terminated
Segmentation fault core dumped
Task Nonexecutable Stack
Before working on this task, remember to turn off the address randomization first, or you will not know which protection helps achieve the protection.
In our previous tasks, we intentionally make stacks executable. In this task, we recompile our vulnerable program using the noexecstack option, and repeat the attack in Task Can you get a shell? If not, what is the problem? How does this protection scheme make your attacks difficult. You can use the following instructions to turn on the nonexecutable stack protection.
gcc o stack fnostackprotector z noexecstack stack.c
It should be noted that nonexecutable stack only makes it impossible to run shellcode on the stack, but it does not prevent bufferoverflow attacks, because there are other ways to run malicious code after exploiting a bufferoverflow vulnerability. The returntolibc attack is an example.
root@ubuntu:homeseedDesktop# sysctl w kernel.randomizevaspace
kernel.randomizevaspace
root@ubuntu:homeseedDesktop# gcc o stack z noexecstack fnostackprotector stack.c
root@ubuntu:homeseedDesktop# chmod us stack
root@ubuntu:homeseedDesktop# exit
exit
seed@ubuntu:~Desktop$ stack
Segmentation fault core dumped pleas provide screenshot from powershellfor each task so important i want the answer in screenshots please
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started