Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

What am I doing wrong here? See my screenshot below. this is the question: 1) Import the OVA file to VirtualBox. (Username: ubuntu, Password: 123456)

What am I doing wrong here? See my screenshot below. this is the question: 1) Import the OVA file to VirtualBox. (Username: ubuntu, Password: 123456) 2) Immediately CLONE the original OVA for use in the video portion of this project. The cloned OVA is not to be used for anything other than video proof of yourexploit. 3) Compile the provided C code (which you will be exploiting): gcc sort.c -o sort -fno-stack- protector. (DO NOT use other options) 4) To run this program, put some hexadecimal integers inthe file: data.txt, and execute sort by: ./sort data.txt 5) When you put a very long list of integers in data.txt, you will notice sort crashes with memory segfault, this is because the return address has been overwritten by your data. If you first answer step 1, part 1 above, you should understand the goal of this exploit and why a seg fault occurs. Pay attention to the non-binary allocated buffer and what it does to the stack structure (and you can see this in GDB). 6) Now you can craft your shellcode in data.txt. Again, your goal is to overwrite the return address with the address of function system() and pass it with the address of string bin/sh. Do not use environment variables to store these addresses and then access those environment variables. Use the library addresses of system() and bin/sh explicitly. GDB (if youre using GDB for the first time, we recommend checking out GdbInit) can be used to find these library addresses and test/debug your exploit. However, it should benoted that your final exploit (i.e., the final version of your data.txt) should work outside of GDB. Just running ./sort data.txt should spawn a shell for you. This needs to be a clean shell, with NO segfaults. 7) You can verify the exploit has occurred because you will get a new, clean command prompt. But, how do we know it is not the same bash shell that invoked the sort program? To verify you have successfully caused a buffer overflow, issuing echo $$ will give the process ID of the current process. Issuing: echo $$ (shows PID of current bash shell), then run ./sort data.txt, (then after sort completes to a clean shell) issue echo $$ to show the PID of the current exploited shell. (noted echo $0 instead of or in addition to echo $$ will return the name of the current shell) 8) Provide a screenshot of you exploiting sort.

image text in transcribed

ubuntu@ubuntu-VirtualBox: /Desktop ubuntu@ubuntu-VirtualBox: /Desktop$ gcc -z execstack -o data data.txt /usr/bin/ld:data.txt: file format not recognized; treating as linker script /usr/bin/ld:data.txt:1: syntax error collect2: error: ld returned 1 exit status ubuntu@ubuntu-VirtualBox:~/Desktops /sortdata.txt bash: ./sortdata.txt: No such file or directory ubuntu@ubuntu-VirtualBox:~/Desktop$ ./sort data.txt Current local time and date: Mon Jan 28 21:59:20 2019 Source list: 0x5 0x7 0x80 oxa oxdo Sorted list in ascending order: 7 80 do ubuntu@ubuntu-VirtualBox: -/Desktops

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Spomenik Monument Database

Authors: Donald Niebyl, FUEL, Damon Murray, Stephen Sorrell

1st Edition

0995745536, 978-0995745537

More Books

Students also viewed these Databases questions