5.) Consider the following pseudo-C program: static int wrong_validator(char *bu

Question

5.) Consider the following pseudo-C program:

static int wrong_validator(char *buffer)

{

return 0;

}rtrfyu

static int validator(char *buffer)

{

fputs("password validator. ", stderr);

return 1;

}

static int user_verify(charptr1)

{

char username[4];

strcpy(username, charptr);

if ( strcmp(username, “adm”) == 0 )

            return 1;

return 0;

}

Assume the user_verify function is protected with the same random canary value as in question number 3.An aggressor has been able to arrange an 'Easter Egg' attack using a URL of the following form:

http://bad.actor.com/?key=%fe%ad%be%af?username=%NN%NN%NN%NN%NN…

Where the argument to the 'key' variable is the starting value for an OTP which is used to hide the contents of the 'username' shellcode injection from an IDS appliance.

Assuming the following values:

Random stack canary value: Same as question #3.

Saved frame pointer: 0xff8d6fba

wrong_validator address: 0x080481a4

If the attacker increments the 'key' value each time additional random bytes are needed, construct the hexadecimal code which needs to be detected by an IDS if the attacker wants to inject code which causes the function to return a value of 1, preserves the frame pointer and overwrites the function return value with the address of the wrong_validator function.

Explanation / Answer

01

class DoorOBJ //Door Objects

02

{

03

    bool locked; //Can be either locked or unlocked

04

    public:

05

        DoorObj(bool _locked, int x, int y); //Object initializer

06

        bool Open(); //Function to check whether or not it's locked

07

};

08

bool DoorOBJ::Open()

09

{

10

    std::string _Action;

11

    std::cout << " This door is locked, would you like to open it?"; //Output to introduce the situation

12

    for(i(0); i < 5; i++) //Give the user 5 tries

13

    {

14

        std::cout << " >> "; //Obvious prompt for input is obvious.

15

        std::cin >> _Action; //Get user input, funnel it into "_Action"

16

        if(_Action == "Yes") //If the user input is equal to "Yes"

17

        {

18

            locked = false; //Set the door state to unlocked.

19

            return true; //Door.Open() returns true;

20

        }

21

        else if(_Action == "No") //If the user input is equal to "No"

22

        {

23

            locked = true; //Set the door state to locked.

24

            return false; //Door.Open() returns false;

25

        }

else

27

        {

28

            std::cout << " Not a valid ('Yes'/'No') answer"; //Output to the user that their answer wasn't valid and loop again.

29

        }

30

    }

31

}

32

33

//etc, you get the idea

01

class DoorOBJ //Door Objects

Related Questions

Navigate

• Browse (All)
• Browse 5
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.