18-631 Homework 3: Buffer Overflow and Binary Exploitation

Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit


18-631 Homework 3: Buffer Overflow and Binary Exploitation

2022

Reverse Engineering Each of these programs has a vulnerability similar to that described in the AlephOne paper assigned in class. Please use the AlephOne paper as a guideline, and go through following the steps:

1. Use objdump to dump the assembly of this program. You only need to focus on two functions (main and vuln) in the dump result.

2. Analyze the program using gdb and identify the assembly code that is/are vulnerable.

3. Draw a map of the stack with addresses and contents (such as return address, variables, ...) stored in the stack.

4. The stack address when the program is executed without gdb is 0x30 or 0x40 higher than the stack address when the program is executed with gdb because of environment variables used by gdb

5. Use Python to compose the non-ASCII input of your program.

Hint: If you are running locally, create a file called flag.txt (with placeholder data), in the directory you are running, so that you can see when you have successfully read the flag. Otherwise it may crash when trying to read flag.

My first buffer overflow (15 points)

Overflow the stack and replace the return address with the address of the win method. Solve the Buffer Overflow problem on the 18-631 CTF Server. Submit a writeup explaining your solution, following the format given in the guidelines. Make sure to provide the payload you used, and any code you wrote (if applicable).

Buffer Overflow 2 (15 points)

Now you will need to get shellcode to run. However, the stack is randomized! We will teach you a neat trick to jump straight to your buffer.

 

Solve the Buffer Overflow 2 problem on the 18-631 CTF Server. Submit a writeup explaining your solution, following the format given in the guidelines. Make sure to provide the payload you used, and any code you wrote (if applicable). Pay careful attention to the hint about ”cat” or else you might get a shell but not be able to do anything because stdin is closed.

Buffer Overflow 3 (20 points)

We’ve added something like a stack canary. Can you figure out what the stack canary is? Hint: you will probably need to write code to interact with the program.

 

Solve the Buffer Overflow 3 problem on the 18-631 CTF Server. Submit a writeup explaining your solution, following the format given in the guidelines. Make sure to provide the payload you used, and any code you wrote (if applicable).

Buffer Overflow 4 (25 points)

The stack is no longer executable! You need to do a return-to-libc attack.

 

Submit a writeup explaining your solution, following the format given in the guidelines. Make sure to provide the payload you used, and any code you wrote (if applicable).

Buffer Overflow 5 (25 points)

The stack has been randomized again! This time, the author removed that one neat trick. But on a 32 bit machine, there aren’t a lot of bits of randomness. Do not use the jmp esp gadget from buffer overflow 2 or any variation of a ROP gadget.

 

Submit a writeup explaining your solution, following the format given in the guidelines. Make sure to provide the payload you used, and any code you wrote (if applicable).






2022-10-13