[Question 1] (50 points) Buffer Overflow Attacks.
(1) What is Buffer Overflow attack?
(2) The lab exercise of the buffer overflow attacks. There are two options
: (a) or (b). You can choose one of them for HW 5.
(a) After Aleph One’s article “Smashing the Stack For Fun And Profit,” available at
http://insecure.org/stf/smashstack.html, or on Canvas (stack_smashing.pdf), please make
your own buffer overflow attack example. You need to submit your example code with
detail comments and explanations; the detail explanation to launch buffer overflow
attack, Please use “gdb” to investigate the addresses. Please don’t use any code from the
smashstack link or the lecture slides. You need to create your own buffer overflow
example.
(b) Or, you can conduct the buffer overflow labs (TASK 2. Exploit Buffer Overflow
Vulnerabilities) in SEED Labs
(https://seedsecuritylabs.org/Labs_16.04/Software/Buffer_Overflow/). This task asks you
to modify the exploit.c which generates an output file called “badfile”. The badfile
contains the injected the shellcode as well as the return address to execute the shellcode.
Then run stack.c to read in the badfile, which will cause the program to drop into a shell.
For out homework, we will use the default BUFF_SIZE = 24.
Refer to the example code of exploitX.c and stackX.c (included in buffover.tar.gz that you
can download from Canvas) to learn how to create a “bad” file for attacks.
You can modify stack.c to print out the memory address of buffer and use the information
to complete exploit.c to make the guessing easier. For example, you can add the following
line in bold in order to find out the address of buffer.
char buffer[BUFF_SIZE];
printf(“%p\n”, &buffer);
strcpy(buffer, str);
You can use “ghex” (Gnu hex) program in SEED Ubuntu to examine the content of the
badfile to make sure it contains the correct output.