Buffer Overflow Attack Homework for ECS 153 Computer Security Course, Winter Quarter 2008, Assignments of Computer Science

Information about a homework assignment for the ecs 153 computer security course, given during the winter quarter of 2008. The assignment involves exploiting a buffer overflow vulnerability in a program named 'bad.c'. Students are required to determine the address of the 'trap()' function, the address on the stack that needs to be overwritten, and the minimum length of the 'sled' input. Extra credit involves executing custom code on the stack.

Typology: Assignments

Pre 2010

Uploaded on 09/17/2009

koofers-user-idf
koofers-user-idf 🇺🇸

10 documents

1 / 1

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Homework 2
Due Date: February 7, 2008!Total Points: 100
Problems
1. (12 points) text, §4.11, exercise 7.
2. (20 points) text, §18.6, exercise 1.
3. (20 points) text, §23.9, exercise 6.
4. (10 points) text, §5.8, exercise 2.
5. (38 points) This problem asks you to implement a buffer overflow attack on a program. In the Resources area of
SmartSite (or the Handout area of the nob.cs.ucdavis.edu class web site) is a program bad.c. This program
contains a buffer overflow vulnerability; see the call to gets() at line 13. Your job is to exploit the overflow by
providing input to the running process that will cause the program to invoke the function trap (which, you may
notice, is not called anywhere else). You will know you’ve succeeded when you run the program, give it your
input, and it prints “Gotcha!”
The following questions will help guide you. Please turn in your answers to them, a hex dump of the input you
use to call trap, and a typescript of you running the program bad, giving it your input, and showing its output.
a. What is the address of the function trap()? How did you determine this?
b. What is the address on the stack that your input must overwrite (please give both the address of the memory
location(s), and their contents)? How did you locate this address?
c. What is the address of buf?
d. What is the minimum length your sled must be? Remember, the sled is the input you give to alter the return
address stored on the stack.
Extra Credit Problems
6. (20 points) Augment your solution to problem 5 to execute code you place on the stack. Have the code do
something interesting, like create a shell. You will need to check that the loader will allow code on the stack to
be executed (the linker/loader switch –allow_stack_execute does this).
ECS 153, Computer Security!Winter Quarter 2008
Version of January 25, 2008 9:43 AM!Page 1 of 1

Partial preview of the text

Download Buffer Overflow Attack Homework for ECS 153 Computer Security Course, Winter Quarter 2008 and more Assignments Computer Science in PDF only on Docsity!

Homework 2

Due Date: February 7, 2008 Total Points: 100

Problems

  1. ( 12 points ) text, §4.11, exercise 7.
  2. ( 20 points ) text, §18.6, exercise 1.
  3. ( 20 points) text, §23.9, exercise 6.
  4. ( 10 points ) text, §5.8, exercise 2.
  5. ( 38 points ) This problem asks you to implement a buffer overflow attack on a program. In the Resources area of SmartSite (or the Handout area of the nob.cs.ucdavis.edu class web site) is a program bad.c. This program contains a buffer overflow vulnerability; see the call to gets () at line 13. Your job is to exploit the overflow by providing input to the running process that will cause the program to invoke the function trap (which, you may notice, is not called anywhere else). You will know you’ve succeeded when you run the program, give it your input, and it prints “Gotcha!” The following questions will help guide you. Please turn in your answers to them, a hex dump of the input you use to call trap , and a typescript of you running the program bad , giving it your input, and showing its output. a. What is the address of the function trap ()? How did you determine this? b. What is the address on the stack that your input must overwrite (please give both the address of the memory location(s), and their contents)? How did you locate this address? c. What is the address of buf? d. What is the minimum length your sled must be? Remember, the sled is the input you give to alter the return address stored on the stack.

Extra Credit Problems

  1. ( 20 points ) Augment your solution to problem 5 to execute code you place on the stack. Have the code do something interesting, like create a shell. You will need to check that the loader will allow code on the stack to be executed (the linker/loader switch –allow_stack_execute does this). ECS 153, Computer Security Winter Quarter 2008 Version of January 25, 2008 9:43 AM Page 1 of 1