Complete this Question 1) There is a stack-based overflow in the program

Subject:Computer SciencePrice:2.87 Bought7

Share With

Complete this

Question 1) There is a stack-based overflow in the program. What is the name of the stack-allocated variable that contains the overflowed buffer?

Preview

Question 2

Consider the buffer you just identified: Running what line of code will overflow the buffer? (We want the line number, not the code itself.)

Question 3

There is another vulnerability, not dependent at all on the first, involving a non-stack-allocated buffer that can be indexed outside its bounds (which, broadly construed, is a kind of buffer overflow). What variable contains this buffer?

 

Question 4

Consider the buffer you just identified: Running what line of code overflows the buffer? (We want the number here, not the code itself.)

 

Question 5

What is the address of color{red}{verb|buf|}

buf (the local variable in the color{red}{verb|main|}

main function)? Enter the answer in either hexadecimal format (a 0x followed by 8 "digits" 0-9 or a-f, like color{red}{verb|0xbfff0014|}

0xbfff0014) or decimal format. Note here that we want the address of color{red}{verb|buf|}

buf, not its contents.

 

Question 6

What is the address of color{red}{verb|ptrs|}

ptrs (the global variable) ? As with the previous question, use hex or decimal format.

 

Question 7

What is the address of color{red}{verb|write_secret|}

write_secret (the function) ? Use hex or decimal.

 

Question 8

What is the address of color{red}{verb|p|}

p (the local variable in the color{red}{verb|main|}

main function) ? Use hex, or decimal format.

 

Question 9

What input do you provide to the program so that color{red}{verb|ptrs[s]|}

ptrs[s] reads (and then tries to execute) the contents of stack variable color{red}{verb|p|}

p instead of a function pointer stored in the buffer pointed to by color{red}{verb|ptrs|}

ptrs? As a hint, you can determine the answer by performing a little arithmetic on the addresses you have already gathered. If successful, you will end up executing the color{red}{verb|pat_on_back|}

pat_on_back function. Provide the smallest positive integer.

 

Question 10

What do you enter so that color{red}{verb|ptrs[s]|}

ptrs[s] reads (and then tries to execute) starting from the 65th byte in color{red}{verb|buf|}

buf, i.e., the location at color{red}{verb|buf[64]|}

buf[64]? Enter your answer as an (unsigned) integer.

 

Question 11

What do you replace color{red}{verb|xEExEExEExEE|} with in the following input to the program (which due to the overflow will be filling in the 65th-68th bytes of color{red}{verb|buf|}) so that the color{red}{verb|ptrs[s]|} operation executes the color{red}{verb|write_secret|} function, thus dumping the secret? (Hint: Be sure to take endianness into account.)

color{red}{verb|771675175x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxEExEExEExEE|}