Lab 5 - Race Condition Attack Lab

pdf

School

George Mason University *

*We aren’t endorsed by this school

Course

211

Subject

Information Systems

Date

Apr 3, 2024

Type

pdf

Pages

3

Uploaded by ChiefFreedom5469

Report
Step 1 (setup) - Purpose: This code is to disable the symlinks protection. I then ran the race-condition vulnerability c file. After I compiled the code, I turned the binary into a Set-Uid program that is owned by the root. Step 2 (Target choose) - Purpose: In this code I chose to target the password file. In that file, I added this line “test:U6aMy0wojraho:0:0:test:/root:/bin/bash”. This allows me to verify if the password works or not.
Step 3 (Attack Launched) - Purpose: The image above shows that after running the command ./target_process.sh, it does not work. ./attack_process has the same result. Step 4 (Applying the Principle of Least Privilege) - Purpose: Here I created the vulp_euid.c file. It is the same as the vulp c file but in this I used the set_euid() function to change its privilege level. After that I ran it and did something similar to step 3 but after running ./target and ./attack both came back as failures.
Step 5 (Countermeasure) - Purpose: In this step I have enabled Ubuntu’s built in protection by using symlinks equal to 1. I also repeated step 3 but got the same result.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Milestone 1 jeff Westmoreland HIM 500 Dr, Jenkins.docx
Quiz_ Test 2B.pdf
Quiz_ Test 2Bb.pdf
Milestone 2 Moving toward compliance.docx
Cory Frazier Annotated Bibliography.rtf
Eric Adom ISSC641 W7 Assignment.docx
USER W6.docx
Eric Adom ITMG641 W5 Case Study.docx
Eric Adom ITMG624 W6 Case Study .docx
Topic 5-581.docx
Eric Adom ISSC641 W7 Discussions.docx
IDS 105 Project Template Module 5 Submission .docx