What am I doing wrong here? See my screenshot below. this is the question: 1) Import the OVA file to VirtualBox. (Username: ubuntu, Password: 123456) 2) Immediately CLONE the original OVA for use in the video portion of this project. The cloned OVA is not to be used for anything other than video proof of yourexploit. 3) Compile the provided C code (which you will be exploiting): gcc sort.c -o sort -fno-stack- protector. (DO NOT use other options) 4) To run this program, put some hexadecimal integers inthe file: data.txt, and execute sort by: ./sort data.txt 5) When you put a very long list of integers in data.txt, you will notice sort crashes with memory segfault, this is because the return address has been overwritten by your data. If you first answer step 1, part 1 above, you should understand the goal of this exploit and why a seg fault occurs. Pay attention to the non-binary allocated buffer and what it does to the stack structure (and you can see this in GDB). 6) Now you can craft your shellcode in data.txt. Again, your goal is to overwrite the return address with the address of function system() and pass it with the address of string bin/sh. Do not use environment variables to store these addresses and then access those environment variables. Use the library addresses of system() and bin/sh explicitly. GDB (if youre using GDB for the first time, we recommend checking out GdbInit) can be used to find these library addresses and test/debug your exploit. However, it should benoted that your final exploit (i.e., the final version of your data.txt) should work outside of GDB. Just running ./sort data.txt should spawn a shell for you. This needs to be a clean shell, with NO segfaults. 7) You can verify the exploit has occurred because you will get a new, clean command prompt. But, how do we know it is not the same bash shell that invoked the sort program? To verify you have successfully caused a buffer overflow, issuing echo $$ will give the process ID of the current process. Issuing: echo $$ (shows PID of current bash shell), then run ./sort data.txt, (then after sort completes to a clean shell) issue echo $$ to show the PID of the current exploited shell. (noted echo $0 instead of or in addition to echo $$ will return the name of the current shell) 8) Provide a screenshot of you exploiting sort.

ubuntu@ubuntu-VirtualBox: /Desktop ubuntu@ubuntu-VirtualBox: /Desktop$ gcc -z execstack -o data data.txt /usr/bin/ld:data.txt: file format not recognized; treating as linker script /usr/bin/ld:data.txt:1: syntax error collect2: error: ld returned 1 exit status ubuntu@ubuntu-VirtualBox:~/Desktops /sortdata.txt bash: ./sortdata.txt: No such file or directory ubuntu@ubuntu-VirtualBox:~/Desktop$ ./sort data.txt Current local time and date: Mon Jan 28 21:59:20 2019 Source list: 0x5 0x7 0x80 oxa oxdo Sorted list in ascending order: 7 80 do ubuntu@ubuntu-VirtualBox: -/Desktops