Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

The C programs ( given below ) should be compiled and executed in a Linux environment. In addition, 3 2 - bit binaries can be

The C programs (given below) should be compiled and executed in a Linux environment. In addition, 32-bit binaries can be used and turn off the stack protections. Note that, although you can use gdb to help analyse the memory and instructions, your exploitation must work under the normal shell (not inside gdb).
The C program bo.c (below) takes a password from users, but never lets any user log in.
Task 1 : Pointing out the statement in the program that has a buffer overflow vulnerability and Have to explain why it may cause a buffer overflow attack.
Task 2 : Figuring out a password to make the program output "You are logged in!", without modifying the return address. Have to explain in detail how the password works.
Task 3 : Figuring out a password to make the program output "You are logged in!", by modifying the return address. Have to explain in detail how the password works.
Task 4 : Have to explain how you can fix the buffer overflow vulnerability in the program.
Task 5 : Figure out a way to defeat ASLR (Address Space Layout Randomisation) and still complete Task 3. Have to explain the answer. To turn on ASLR, you must run the following command and compile the program without the option 'no-pie'.
"echo 2| sudo tee /proc/sys/kernel/randomize_va_space
gcc -w -m32-g -fno-stack-protector -z execstack -o bo bo.c"
Figuring out a way to defeat ASLR and still complete Task 3. Have to explain your answer.
The bo.c C program
#include
char getPasswd()
{
int trigger ='F';
char passwd[100];
gets(passwd);
return (char)trigger;
}
void login()
{
printf("You are logged in!
");
exit(0);
}
void main()
{
printf("Please enter password: ");
if (getPasswd()=='T')
{
login();
}
else
{
printf("The password is incorrect.
");
exit(1);
}
}
--------------------------------------------------------------------------------------------------------------------------------------------------------------
The C program fs.c (given below) is a slightly modified version of the previous program, which also never lets any user log in.
Task 6 : Pointing out the statement in the program that has a format string vulnerability and have to explain why it may cause a format string attack.
Task 7 : Figuring out a password to reveal the contents on the current stack frame in hexadecimal format with width 8(for example, 804c014 should be displayed as 0804c014. Have to explain in detail how the password works.
Task 8 : Figure out a password to launch a simple DoS (Denial of Service) attack. Have to explain in detail how the password works.
Task 9 : Figure out a password to make the program output "You are logged in!". Have to explain in detail how the password works.
Task 10 : Have to explain how you can fix the format string vulnerability in the program.
The fs.c C program
#include
char passwd[100];
char getPasswd()
{
int trigger ='F';
int *t = &trigger;
fgets(passwd, sizeof(passwd), stdin);
printf("Password is ");
printf(passwd);
return (char)(*t);
}
void main()
{
printf("Please enter password: ");
if (getPasswd()=='T')
{
printf("You are logged in!
");
exit(0);
}
else
{
printf("The password is incorrect.
");
exit(1);
}
}

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Concepts of Database Management

Authors: Philip J. Pratt, Joseph J. Adamski

7th edition

978-1111825911, 1111825912, 978-1133684374, 1133684378, 978-111182591

More Books

Students also viewed these Databases questions

Question

What forces are driving the added-value movement in HRM?

Answered: 1 week ago