Scribd
Upload
22 views2 pages

Overflow

This homework document provides instructions for students to find vulnerabilities in various binaries through techniques like buffer overflows and privilege escalation. It contains 6 questions asking students to: 1) Find a secret string in a binary using remanence-based leaks. 2) Explain two ways to bypass stack protection in a C program with a buffer overflow vulnerability. 3) Find and exploit a buffer overflow in another binary to bypass password protection. 4) Use a buffer overflow to make a binary print a secret message and turn the binary into a set-uid program. 5) Use a buffer overflow to escalate privileges and log in as root for one binary. 6) Do the same

Uploaded by

rami.fenitra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views2 pages

Overflow

This homework document provides instructions for students to find vulnerabilities in various binaries through techniques like buffer overflows and privilege escalation. It contains 6 questions asking students to: 1) Find a secret string in a binary using remanence-based leaks. 2) Explain two ways to bypass stack protection in a C program with a buffer overflow vulnerability. 3) Find and exploit a buffer overflow in another binary to bypass password protection. 4) Use a buffer overflow to make a binary print a secret message and turn the binary into a set-uid program. 5) Use a buffer overflow to escalate privileges and log in as root for one binary. 6) Do the same

Uploaded by

rami.fenitra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Secure software development and web security

Homework 2

R. Absil

Academic year 2023 - 2024

This homework requires students to develop attacks related from the third to fifth chapter
of the course, that is, in particular, remanence-based leaks and stack buffer overflow. Note that,
for academic reasons, you are not allowed to use decompilation tools.

You are expected write a PDF report to answer questions by explaining the manipulations
you use, at least with screenshots.

Question 1 (3 mks). In the binary named "project", find the secret string hidden1 .

Question 2 (4 mks). Consider the C11 code listed below. This code implement some form of
protection against buffer overflow. Explain two different ways of bypassing this protection in the
particular case of buffer overflow.

1 i n t s e c r e t ; // w i l l be i n i t i a l i s e d with a random number i n t h e main f u n c t i o n


2
3 void s t u f f ( char∗ s t r )
4 {
5 i n t guard = s e c r e t ;
6
7 char b u f f e r [ 1 2 ] ;
8 strcpy ( buffer , str ) ;
9
10 i f ( guard != s e c r e t )
11 {
12 p r i n t f ( " S t a c k ␣ smashing ␣ d e t e c t e d . ␣ T e r m i n a t i n g ␣ program . \ n" ) ;
13 exit (1);
14 }
15 }

Question 3 (3 mks). In the binary named "check-pwd", find a buffer overflow vulnerability and
and how to exploit it to bypass password protection.

For the two following questions, it is assumed you have an old-enough 32-bits linux environ-
ment, either booted directed from a drive, or through a virtual machine. We advise to use an
Ubuntu 12.04 32-bits image, that you can download from the archive2 .
1
You will know what it is when you find it.
2
[Link] - Last accessed on November 22, 2023.
Homework 2 2023 - 2024

Question 4 (10 mks). In the binary named "check-pwd-crit", find a buffer overflow vulnerability
to make it print "Critical function". This binary was produced from a file "check-passwd.c" under
the elf32 format using the command

• gcc -o check-passwd-crit -m32 -z execstack -fno-stack-protector check-passwd.c

Turn both of these binaries into set-uid programs.

Question 5 (20 mks). Given the binary named "root-me-1", turn it into a set-uid program and
find a buffer overflow vulnerability in order to log as root. This binary was produced from a file
"greeter.c" under the elf32 format using the command

• gcc -o root-me-1 -m32 -z execstack -fno-stack-protector greeter.c

Question 6 (10 mks). Given the binary named "root-me-2", turn it into a set-uid program and
find a buffer overflow vulnerability in order to log as root. This binary was produced from a file
"greeter.c" under the elf32 format using the command

• gcc -o root-me-2 -m32 -fno-stack-protector greeter.c

You might also like