日本欧洲视频一区_国模极品一区二区三区_国产熟女一区二区三区五月婷_亚洲AV成人精品日韩一区18p

代做CMPSC 443、代寫(xiě)Project 2: Buffer Overflows

時(shí)間:2024-03-27  來(lái)源:  作者: 我要糾錯(cuò)



CMPSC 443: Introduction to Computer Security
Spring 2024
Project 2: Buffer Overflows
Due: 11:59 pm (eastern time), March 15, 2022
February 21, 2024
1 Introduction
In this assignment, you will produce Buffer overflow attacks. First, you learn some attacks that invoke
shared functions with arguments obtained from different places in memory (injected by you, or from
environment variables, or from the hard coded strings in the code etc). Successful completion of
this project heavily relies on correct understanding of stacks, heaps, program memory layout and a
function’s stack frame.
2 Prerequisite
Before attempting this project, it is advisable to brush on the basics of stack frame, memory layout
of program, use of GDB Debugger and big-endian vs little-endian. To quickly brush through basics
of GDB debugging, I’d recommend watching this GDB Debugger Tutorial - https://www.youtube.
com/watch?v=J7L2x1ATOgk&t=319s.
3 Project Platforms
For this project, we will use the Linux virtual machine (VM), provided as follows.
For Windows and Apple Intel chip platforms, use this VM:
https://drive.google.com/file/d/1mRiSVBgp-pwDRsD-8yF62jCmd7nMCD2I/view?usp=drive_link.
For this VM, you will have to install the Oracle VirtualBox software and then use the .vbox file to run
the VM.
For Apple M1, M1 Pro, M2 platforms, use this VM:
https://drive.google.com/file/d/13-MY3Zikrx0JlWlSxTRICiurpG9YM4h5/view?usp=sharing
For this VM, you will have to install the UTM Mac software and then use the .utm file to run the VM.
The exploits in this project have been tested on the same VMs, therefore you must use the same
environment for solving your tasks. Running the task binaries in a different VM or environment might
not work.
Note: The password for the VM is posted on CANVAS.
1
4 Background
In the Virtual machine set-up, we have installed few tools and configurations that are essential for the
completion of this project.
Address space layout randomization (ASLR) is set to Zero (Turned off) in the 32-bit Linux
machine.
gdb-peda is a wrapper around the GDB debugger that has many features that help better visualize
operational stack frames, variables, registers etc. when debugging C programs. This is already installed and set-up in the VM provided to you.
GDB command to show 100 lines of the stack starting from the $esp register is -
x/100xw $esp
GDB peda command provides a better visualization of the stack for the same purpose -
context stack 100
The exhaustive list of commands in gdb-peda is shown in this cheat sheet -
https://github.com/kibercthulhu/gdb-peda-cheatsheet/blob/master/gdb-peda%20cheatsheet.
pdf
You are free to use any of these commands for help during your attacks.
GDB is a very popular and important GNU debugger that is used primarily to debug C programs.
It is an essential tool used by computer science engineers. I highly recommend you to spend a couple
of days to get hands-on with the tool if you haven’t used it anytime in the past. Some of the most
important commands that can come handy in this project are as follows -
print var OR p var
Prints the value of the local/global variable
p &var
Prints the address at which var is stored
p sample_function
Prints the pointer address to the method "sample_function"
p exit, p printf, p scanf etc.
Prints the pointer address to the standard C methods like printf, scanf, exit etc.
b 171
Adds a breakpoint at line no 171
run args
Starts a program within GDB with arguments
c
Continues the program until the next breakpoint
2
info locals
Gives information about all the local variables at the moment in the current frame.
info frame
Gives information about the current frame.
5 Code and Compiling
The initial code for the project is available with the Canvas Assignment. You need to download them
into the virtual machines. You can copy the download link and use curl to do that.
The first group of files contains the victim-binary file which is compiled using its source code cse443-
victim-program.c. Other files in this group contain utility functions, Makefile and README.txt to
help you guide through the tasks. You should NOT edit any of these files.
victim-binary
cse443-victim-program.c
cse443-util-program.c
cse443-util-program.h
Makefile
README.txt
The second group of files correspond to each of the five tasks to be executed. They have some initial
code written for your help. You should edit these files appropriately to successfully finish all the
tasks.
cse443-task1-attack.c
cse443-task2-attack.c
cse443-task3-attack.c
cse443-task4-attack.c
cse443-task5-attack.c
The third group of files correspond to other intermediate files and payloads that are generated using
the above two groups of files. For Example, the command ”make task1-binary” will produce two intermediate files ”task1-binary” and ”cse443-task1-attack.o” from the source code ”cse443-task1-attack.c”.
"make task1-binary" produces task1-binary
"make task2-binary" produces task2-binary
"make task3-binary" produces task3-binary
"make task4-binary" produces task4-binary
"make task5-binary" produces task5-binary
"make victim-binary" produces victim-binary (This is not required as you wont make
any changes to cse443-victim-program.c)
Similarly, running the task binaries should produce their corresponding payload files as follows.
"./task1-binary" produces task1-payload
"./task2-binary" produces task2-payload
"./task3-binary" produces task3-payload
"./task4-binary" produces task4-payload
"./task5-binary" produces task5-payload
3
NOTE: Remember! You are only supposed to edit the contents of files mentioned in Group2 to create
corresponding attack binaries and payloads. Editing any file mentioned in Group1 might help you
temporarily in your VM but we will evaluate your code with the original victim binary in a different
setup. Then your code may not be creating successful attacks and this will lead to a 0 score in all
tasks.
6 Exercise Tasks
The project consists of five tasks in total. Every task/attack follows similar execution flow at your
end. Primarily, the victim-binary has at-least 5 buffer overflow vulnerabilities which you will take
advantage of in each attack to generate unexpected and interesting results. To analyse these vulnerabilities, we have provided you the victim’s source code i.e. cse443-victim-program.c!
The tasks are as follows.
1. In Task 1, you will build your very first light-saber by invoking the method make lightsaber.
Observe that the method first lightsaber is invoked through the main function. It has many
local variables including the variable key that is set to the value of another argument argc.
You need to find the buffer overflow vulnerability in first lightsaber and create a payload by
packing enough A’s at the beginning of your string. Find the location of the local variable key
and set it to 0 using this overflow.
Observe that with no attack, the value of key is 2 (because argc is 2) and thus the function
make lightsaber can be never legally called. But with the right overflow attack, you need to
invoke the function make lightsaber with the right value of key=0.
Complete the program cse443-task1-attack.c to build a payload task1-payload using which
the victim-binary prints the message - Congratulations! You have successfully built
your lightsaber. A successful attack will look like the following.
cse443student@cse443student-VirtualBox:~/Desktop/lab2-handout$ ./victim-binary
task1-payload
Welcome to not a Jedi Academy for CMPSC443
TASK1: Try to make your first lightsaber!
Congratulations! You have successfully built your lightsaber.
This is your lightsaber ID := 12937
2. In Task 2, you will use the Force to get access to the Shell! Observe that the method force shell
is invoked through the main function. It has many local variables including the function pointer
variable denoted by functionPtr that is set to point to a method called get this. You need to
find the vulnerability in force shell and create a payload by packing enough A’s at the beginning
of your string. Find the location of the local variable functionPtr and set it to the method called
and get that using this overflow.
Observe that with no attack, the value of functionPtr is set to the address of the function
get this and thus the function and get that can be never legally called. But with the right
overflow attack again, you need to invoke the function and get that.
Complete the program cse443-task2-attack.c to build a payload task2-payload using which
the victim-binary prints the message - Young Jedi! You got the shell - and give access
to a new shell. A successful attack will look like the following.
cse443student@cse443student-VirtualBox:~/Desktop/lab2-handout$ ./victim-binary
task2-payload
4
Welcome to not a Jedi Academy for CMPSC443
TASK1: Try to make your first lightsaber!
TASK2: Try to get to the Shell. May the force be with you!
This is your lightsaber ID := 11254
Young Jedi! You got the shell.
$
3. In Task 3, you will need to complete your Jedi Combat Training by successfully invoking the
method complete training. Observe that the method combat training is invoked through
the main function. You need to find the vulnerability in combat training and create a payload
by packing enough A’s at the beginning of your string. In this attack, you need to spot the return
address of this method and successfully change it to the method complete training using the
overflow.
Observe that with no attack, the method combat training will simply return back to the main
method from where it was initially invoked. But with the right overflow attack again, you need
to return to the function complete training.
Complete the program cse443-task3-attack.c to build a payload task3-payload using which
the victim-binary prints the message - Well Done. Been recognized, your hard-working
has! A successful attack will look like below.
cse443student@cse443student-VirtualBox:~/Desktop/lab2-handout$ ./victim-binary
task3-payload
Welcome to not a Jedi Academy for CMPSC443
TASK1: Try to make your first lightsaber!
TASK2: Try to get to the Shell. May the force be with you!
Try with greater force!
TASK3: Not prepared, you are!
This is your lightsaber ID := 16380
TASK3 has been successfully completed!
Well Done. Been recognized, your hard-working has!
Segmentation fault (core dumped)
4. In Task 4, you will need to collect 5 lightsabers to successfully finish the attack. Observe that
the method collect lightsabers is invoked through the main function. You need to find the
vulnerability in collect lightsabers and create a payload by packing enough A’s at the beginning
of your string. In this attack, you need to spot the return address of this method and successfully
craft a chain of calls to the functions get blue lightsaber and get green lightsaber using the
overflow.
Observe that with no attack, the method collect lightsabers will simply return back to the
main method from where it was initially invoked. But with the right overflow attack again, you
need to carefully craft a sequence of 5 calls to collect 3 BLUE lightsabers and 2 GREEN
lightsabers.
Complete the program cse443-task4-attack.c to build a payload task4-payload. A successful
attack will look like the following.
cse443student@cse443student-VirtualBox:~/Desktop/lab2-handout$ ./victim-binary
task4-payload
Welcome to not a Jedi Academy for CMPSC443
TASK1: Try to make your first lightsaber!
TASK2: Try to get to the Shell. May the force be with you!
5
Try with greater force!
TASK3: Not prepared, you are!
TASK4: Collect five lightsabers to complete this task!
This is your lightsaber ID := 10310
You got a blue lightsaber!
This is your lightsaber ID := 6192
You got a blue lightsaber!
This is your lightsaber ID := 10109
You got a blue lightsaber!
This is your lightsaber ID := 17883
You got a green lightsaber!
This is your lightsaber ID := 17596
You got a green lightsaber!
Segmentation fault (core dumped)
5. In Task 5, you will need to follow the light side and use your skills to print your name to
successfully finish the attack. Observe that the method follow the light is invoked through the
main function. You need to find the vulnerability in follow the light and create a payload by
packing enough A’s at the beginning of your string. In this attack, you need to print your name
at the end of the last print statement in this method using the overflow.
Observe that with no attack, the method follow the light will simply return back to the main
method from where it was initially invoked. So it will only print - Your Jedi Name is :- . But
with the right overflow attack, you need to invoke the C library function printf with a custom
argument string i.e. your name and then invoke the system function exit.
Complete the program cse443-task5-attack.c to build a payload task5-payload using which
the victim-binary invokes the native printf function using your NAME as an argument at the
right place in the code. A successful attack will look like below.
cse443student@cse443student-VirtualBox:~/Desktop/lab2-handout$ gdb -q victimbinary
Reading symbols from victim-binary...done.
gdb-peda$ run task5-payload
Starting program: /home/cse443student/Desktop/lab2-handout/victim-binary task5-
payload
Welcome to not a Jedi Academy for CMPSC443
TASK1: Try to make your first lightsaber!
TASK2: Try to get to the Shell. May the force be with you!
Try with greater force!
TASK3: Not prepared, you are!
TASK4: Collect five lightsabers to complete this task!
TASK5: Print your name !
Your Jedi Name is :- LUKE
[Inferior 1 (process 3072) exited with code 0107]
Warning: not running
gdb-peda$
6
NOTE : Task 5 is very different from other tasks where we need to send a custom argument like
LUKE to the printf function. In Tasks 1-4 we only change return addresses and values of local
variables to achieve our goal. Your attack will be successful within GDB debugger, however,
the same payload may not help in performing a successful attack outside the GDB debugger.
Explain this in your report (refer to Questions section).
7 Questions
1. Draw the function’s stack frame in Task 2 to demonstrate the overflow. Use tools like Paint,
Excel or any other online tool to show the stack frame. Refrain from providing diagrams drawn
using hand.
2. Why does Task 5 fail to run from the command line, but succeed when run in GDB debugger?
3. Why do Tasks 1-4 run both from the command line and GDB debugger the same ?
4. Briefly identify and explain a viable defense mechanism to prevent the attack in Task 3. Precisely
explain how this would prevent the attack you have crafted.
8 Deliverables
Please submit a tar ball containing the following:
1. cse443-task*-attack.c files (4 or 5 files), respective binaries task*-binary (4 or 5 files), payload
files task*-payload (4 or 5 files).
2. A report in PDF containing: (1) Trace of output printed (e.g., shell invocation) from your
execution of each case (2) Screenshot of each completed task and (3) Answers to project questions
9 Grading
The assignment is worth 200 points total broken down as follows.
1. Answers to four questions (40 pts, 10 points each).
2. Packaging of your attack programs, binaries, payloads and the report in the ”tar” file you submit.
Your attack programs build without incident. (20 pts).
3. Completeness of report (20 pts).
4. Task 1 (20 pts), Task 2 (20 pts), Task 3 (20 pts), Task 4 (30 pts) and Task 5 (30 pts).
請(qǐng)加QQ:99515681  郵箱:99515681@qq.com   WX:codehelp 













 

標(biāo)簽:

掃一掃在手機(jī)打開(kāi)當(dāng)前頁(yè)
  • 上一篇:代寫(xiě)EECS 183 Project 4 代做python
  • 下一篇:代寫(xiě)COMP9021、代做Python程序語(yǔ)言
  • 無(wú)相關(guān)信息
    昆明生活資訊

    昆明圖文信息
    蝴蝶泉(4A)-大理旅游
    蝴蝶泉(4A)-大理旅游
    油炸竹蟲(chóng)
    油炸竹蟲(chóng)
    酸筍煮魚(yú)(雞)
    酸筍煮魚(yú)(雞)
    竹筒飯
    竹筒飯
    香茅草烤魚(yú)
    香茅草烤魚(yú)
    檸檬烤魚(yú)
    檸檬烤魚(yú)
    昆明西山國(guó)家級(jí)風(fēng)景名勝區(qū)
    昆明西山國(guó)家級(jí)風(fēng)景名勝區(qū)
    昆明旅游索道攻略
    昆明旅游索道攻略
  • NBA直播 短信驗(yàn)證碼平臺(tái) 幣安官網(wǎng)下載 歐冠直播 WPS下載

    關(guān)于我們 | 打賞支持 | 廣告服務(wù) | 聯(lián)系我們 | 網(wǎng)站地圖 | 免責(zé)聲明 | 幫助中心 | 友情鏈接 |

    Copyright © 2025 kmw.cc Inc. All Rights Reserved. 昆明網(wǎng) 版權(quán)所有
    ICP備06013414號(hào)-3 公安備 42010502001045

    日本欧洲视频一区_国模极品一区二区三区_国产熟女一区二区三区五月婷_亚洲AV成人精品日韩一区18p

              久久久精品日韩欧美| 精品1区2区| 另类天堂av| 一区二区三区欧美| 亚洲福利电影| 国产日韩欧美另类| 欧美午夜欧美| 欧美激情一区二区| 久久精品国产一区二区三区| 亚洲天堂偷拍| 亚洲精品乱码久久久久久按摩观| 国产日韩欧美视频在线| 欧美色中文字幕| 欧美日韩国产在线观看| 老司机免费视频久久| 久久国产精品99精品国产| 亚洲性夜色噜噜噜7777| 亚洲精品视频在线播放| 亚洲高清一二三区| 一区在线免费| 伊人婷婷久久| 国内揄拍国内精品久久| 国产综合色一区二区三区| 国产精品国产三级国产aⅴ浪潮| 欧美国产日韩精品| 欧美成人a视频| 欧美精品免费在线观看| 欧美激情一级片一区二区| 欧美激情久久久久久| 女女同性精品视频| 欧美日本高清| 欧美网站在线| 国产农村妇女毛片精品久久莱园子| 国产精品白丝jk黑袜喷水| 国产精品丝袜91| 国产视频一区在线观看一区免费| 国产精品入口福利| 国产一区二区三区成人欧美日韩在线观看| 国产精品私人影院| 狠狠干成人综合网| 亚洲欧洲日产国产网站| 99视频一区| 亚洲无玛一区| 久久精品二区| 欧美sm视频| 欧美日韩国产一中文字不卡| 国产精品毛片a∨一区二区三区|国| 国产精品久久久久99| 国产自产高清不卡| 亚洲精品视频一区| 午夜精品免费视频| 麻豆精品在线观看| 国产精品成人一区二区三区夜夜夜| 国产伦精品一区二区三区在线观看 | 亚洲精品一区二区在线观看| 一级日韩一区在线观看| 久久精品道一区二区三区| 你懂的国产精品永久在线| 国产日韩欧美一区二区| 欧美高清hd18日本| 欧美乱人伦中文字幕在线| 欧美午夜激情视频| 国内久久视频| 亚洲一区二区三区中文字幕在线| 久久久久久久综合| 欧美色精品天天在线观看视频| 国产欧美大片| 一本色道久久99精品综合| 久久婷婷综合激情| 国产精品美女视频网站| 91久久黄色| 久久国产精品久久精品国产| 欧美日韩国产一区精品一区| 加勒比av一区二区| 亚欧美中日韩视频| 国产精品第三页| 亚洲国产专区校园欧美| 久久久精品免费视频| 国产精品免费一区豆花| 亚洲免费av片| 欧美激情1区| 韩日成人在线| 一二三区精品| 国产伦精品一区二区三区高清版| 一区在线免费| 国产日韩欧美在线观看| 亚洲高清免费在线| 久久精品一区二区国产| 国产目拍亚洲精品99久久精品| 99视频日韩| 欧美日韩视频第一区| 亚洲精品久久久久| 欧美大胆人体视频| 亚洲第一精品久久忘忧草社区| 久久经典综合| 精品动漫3d一区二区三区免费| 欧美一级在线视频| 国产亚洲精品一区二555| 小处雏高清一区二区三区| 国产精品入口日韩视频大尺度| 在线一区亚洲| 国产精品婷婷| 久久精品中文| 亚洲电影免费观看高清| 亚洲欧洲一区| 亚洲欧洲日本mm| 亚洲激情在线观看| 欧美国产在线观看| 亚洲欧洲综合另类| 欧美日韩999| 亚洲一区久久久| 国产精品免费看| 欧美在线视频免费观看| 韩国三级在线一区| 欧美激情中文字幕乱码免费| 一本色道久久综合狠狠躁篇怎么玩 | 一区二区三区四区五区精品视频 | 亚洲日本电影| 国产精品草草| 久久久久久色| 亚洲理伦电影| 国产午夜精品全部视频在线播放 | 麻豆国产va免费精品高清在线| 亚洲肉体裸体xxxx137| 国产精品日韩一区二区三区| 久久久久久伊人| 一区二区高清视频| 国产综合色在线| 欧美日韩国产综合网 | 国产网站欧美日韩免费精品在线观看 | 在线欧美视频| 国产精品福利网站| 久久婷婷国产麻豆91天堂| 99在线精品视频在线观看| 国产深夜精品| 欧美色网在线| 欧美电影资源| 99视频日韩| 小黄鸭精品密入口导航| 欧美成人一区二区三区| 亚洲主播在线播放| 亚洲激情综合| 韩国免费一区| 国产精品综合久久久| 欧美另类视频| 老牛国产精品一区的观看方式| 亚洲午夜精品网| 亚洲激情在线观看视频免费| 国产性做久久久久久| 国产精品www| 欧美日本不卡高清| 欧美成人免费全部观看天天性色| 欧美一区二区成人6969| 亚洲午夜在线观看视频在线| 亚洲精选91| 亚洲日韩第九十九页| 好看的日韩视频| 国产揄拍国内精品对白| 国产精品综合色区在线观看| 欧美色大人视频| 欧美日韩国产一区二区三区| 欧美国产精品va在线观看| 欧美日韩午夜视频在线观看| 亚洲天堂网在线观看| 亚洲激情另类| 韩国一区二区在线观看| 国产欧美视频一区二区三区| 国产精品成人国产乱一区| 欧美三级视频在线播放| 欧美日韩色一区| 欧美体内she精视频在线观看| 欧美日本簧片| 国产精品jvid在线观看蜜臀| 国产精品超碰97尤物18| 国产精品电影观看| 国产精品无码专区在线观看 | 久久久久久久高潮| 久久久www免费人成黑人精品| 久久精品导航| 免费中文字幕日韩欧美| 欧美承认网站| 国产精品99一区二区| 国产精品系列在线| 激情综合网址| 亚洲人体偷拍| 亚洲一级免费视频| 久久精品国产第一区二区三区| 这里只有精品视频在线| 国产亚洲精久久久久久| 精品99视频| 激情av一区二区| 亚洲精品欧美在线| 亚洲天堂偷拍| 久久精品视频在线| 欧美国产日韩精品| 国产精品区一区二区三| 亚洲国产清纯| 亚洲综合不卡| 久久综合九色99| 国产精品二区在线观看|