attachment_1 (5)

pdf

School

Kenyatta University *

*We aren’t endorsed by this school

Course

310

Subject

Computer Science

Date

Nov 24, 2024

Type

pdf

Pages

2

Uploaded by MegaSnail1946

Report
CS-166 Information Security Homework #5 Due: 11/16/2023, Thursday, 11:59pm Please upload your soft copy (reports, codes) on the CANVAS by the due date. You may consult with others to solve homework assignments. However, you must write your report yourself independently without any assistance. If you turn in the exact same report and same code as your friend, both of you will receive 0 points and is considered violating academic integrity. This homework covers buffer overflow attacks. Total points 50 [Question 1] (50 points) Buffer Overflow Attacks. (1) What is Buffer Overflow attack? (2) The lab exercise of the buffer overflow attacks. There are two options : (a) or (b). You can choose one of them for HW 5. (a) After Aleph One's article " Smashing the Stack For Fun And Profit ," available at http://insecure.org/stf/smashstack.html , or on Canvas (stack_smashing.pdf), please make your own buffer overflow attack example. You need to submit your example code with detail comments and explanations; the detail explanation to launch buffer overflow attack, Please use “gdb” to investigate the addresses. Please don’t use any code from the smashstack link or the lecture slides. You need to create your own buffer overflow example. (b) Or, you can conduct the buffer overflow labs (TASK 2. Exploit Buffer Overflow Vulnerabilities) in SEED Labs ( https://seedsecuritylabs.org/Labs_16.04/Software/Buffer_Overflow/ ). This task asks you to modify the exploit.c which generates an output file called “badfile”. The badfile contains the injected the shellcode as well as the return address to execute the shellcode. Then run stack.c to read in the badfile, which will cause the program to drop into a shell. For out homework, we will use the default BUFF_SIZE = 24. Refer to the example code of exploitX.c and stackX.c (included in buffover.tar.gz that you can download from Canvas) to learn how to create a “bad” file for attacks. You can modify stack.c to print out the memory address of buffer and use the information to complete exploit.c to make the guessing easier. For example, you can add the following line in bold in order to find out the address of buffer. char buffer[BUFF_SIZE]; printf("%p\n", &buffer); strcpy(buffer, str);
You can use “ghex” (Gnu hex) program in SEED Ubuntu to examine the content of the badfile to make sure it contains the correct output.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

10-02_task.docx
DHS covid.docx
HW 08.pdf
IMG_2749.jpeg
IMG_2189.jpeg
Screen Shot 2023-03-15 at 7.03.41 AM.png
Thomas, J. Assignment 6-2.docx
2023-07-31 (1).png
B4B56375-784B-430A-9730-7469F44278FC
CS 4402 DF 8.edited.docx
Lab 7 status report .docx
EE5731_Questions_updated_7-7.pdf
Recommended textbooks for you
Text book image
A Guide to SQL
Computer Science
ISBN:9781111527273
Author:Philip J. Pratt
Publisher:Course Technology Ptr
Text book image
Programming Logic & Design Comprehensive
Computer Science
ISBN:9781337669405
Author:FARRELL
Publisher:Cengage
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781305627482
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781285196145
Author:Steven, Steven Morris, Carlos Coronel, Carlos, Coronel, Carlos; Morris, Carlos Coronel and Steven Morris, Carlos Coronel; Steven Morris, Steven Morris; Carlos Coronel
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
A Guide to SQL
Computer Science
ISBN:9781111527273
Author:Philip J. Pratt
Publisher:Course Technology Ptr
Text book image
Programming Logic & Design Comprehensive
Computer Science
ISBN:9781337669405
Author:FARRELL
Publisher:Cengage
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781305627482
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781285196145
Author:Steven, Steven Morris, Carlos Coronel, Carlos, Coronel, Carlos; Morris, Carlos Coronel and Steven Morris, Carlos Coronel; Steven Morris, Steven Morris; Carlos Coronel
Publisher:Cengage Learning
SEE MORE TEXTBOOKS