Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
cs-465:project-8-buffer-overflow [2016/02/29 08:49]
sruoti [Objectives]
cs-465:project-8-buffer-overflow [2017/11/11 17:03]
seamons
Line 3: Line 3:
 == Objectives == == Objectives ==
  
-Spend 3 hours average ​to increase your understanding of buffer overflow attacks +Use a debugger ​to examine assembly code and stack memory 
-* You select the project you want to work on +* Conduct simple ​buffer overflow attacks ​against ​vulnerable program from the command line
-* Submit ​report on what you learned along with supporting evidence +
-* Choose the project that will give you the best learning experience based on your background on this topic.+
  
 +== Resources ==
  
-<​del>​The Unix machines in the Pizza Lab (1057 TMCB) in the basement have ASLR turned off for the next few weeks, so you can complete your projects on those machines. Other machines could have protections turned on that will prevent your experiments from working. +The CS department has prepared a VM for each of you to be able to use on the lab machines or your own machine. You need to be connected to the CS network to download the actual VM. [[https://docs.google.com/​a/​cs.byu.edu/document/d/14MlNZmbqkx8jzibNOcpAGWZ3bk36qw1XcLIRjCoqG08/​edit?​usp=sharing|Instructions]]
-</​del>​ +
- +
-The CS department has prepared a VM for each of you to be able to use. You need to be connected to the CS network to download the actual VM. [[http://wiki.cs.byu.edu/​_media/cs-465/tousestudentvmlab8.pdf|Instructions]]+
  
 For tips on how to use GDB, [https://​gist.github.com/​ThaWeatherman/​6912322 here] is a document detailing some of the more useful and important commands. Ignore the comments on the Bomb lab: it may become a lab later in the semester but you don't have to worry about it now. For tips on how to use GDB, [https://​gist.github.com/​ThaWeatherman/​6912322 here] is a document detailing some of the more useful and important commands. Ignore the comments on the Bomb lab: it may become a lab later in the semester but you don't have to worry about it now.
  
-== Option ​1 ==+== Part 1 ==
  
-This option ​is intended ​for students with little or no experience using the debugger, ​understanding ​how to examine and update memory locations using a debugger, and have no experience with how the runtime stack is organized. A helpful way to start is to watch an [http://​youtu.be/​RF7DF4kfs1E introductory video] on buffer overflow attacks.+This part is intended ​to introduce you to the debugger, ​understand ​how to examine and update memory locations using a debugger, and gain experience with how the runtime stack is organized. A helpful way to start is to watch an [http://​youtu.be/​RF7DF4kfs1E introductory video] on buffer overflow attacks.
 The following file makes a series of function calls main -> freshman -> sophomore -> junior -> senior. The following file makes a series of function calls main -> freshman -> sophomore -> junior -> senior.
 Compile the program and run it in the debugger, breaking somewhere in function senior. Compile the program and run it in the debugger, breaking somewhere in function senior.
-Print out all the stack activation frames, and label as many memory locations as you can. You should be able to identify 1) return addresses, 2) saved frame pointers (ebp), 3) local variables, 4) function arguments. +Print out all of the stack activation frames, and label as many memory locations as you can.  
-You may print out a hard copy, write on it to label all the items, and turn in the hard copy. You may also submit ​your result electronically.+ 
 +Not all the stack locations will be labeled. Extra space may be allocated on the stack that is set to uninitialized values that already existing in memory. Be sure to label the following elements for all four functions. 
 +You should be able to identify 1) return addresses, 2) saved frame pointers (ebp), 3) local variables, 4) function arguments
 +Use the "info frame" gdb command to compare the information you labeled with what the debugger reports is in each stack frame
 +You may print out a hard copy, write on it to label all the items, and turn in a scan of the hard copy. You may also create ​your result electronically. Make it easy for the TAs to grade.
 * Link to [http://​faculty.cs.byu.edu/​~seamons/​examine_stack.c examine_stack.c] * Link to [http://​faculty.cs.byu.edu/​~seamons/​examine_stack.c examine_stack.c]
-Due to -m32 not working on the lab machines, here is a [http://​students.cs.byu.edu/​~cs465ta/​fall2014/​examine_stack precompiled version]+Compile the program with the -m32 compiler optionWe will use a 32-bit program for simplicity.
  
  
-== Option ​2 ==+== Part 2 ==
  
-The most recent CS 360 course now includes ​project on buffer overflow attacks. This is based on a lab developed at SyracuseYou may complete that lab and submit ​the result ​for Project 8+I used collection of files based on materials found in Jon Erickson'​s The Art of ExploitationVisit the following page for hints on using gdb and perl, and then try a range of options to change to flow control for a program
-Link to [http://ilab.cs.byu.edu/cs360/​2012s/​assignments/​lab5.html CS360 Buffer Overflow ​Lab+* [http://tinyurl.com/9uh458s ​Buffer Overflow ​Resources
-As in option 1you'll need [http://​students.cs.byu.edu/​~cs465ta/​fall2014/​bufferOverflow/​option2.tgz precompiled version]+Complete Sections A, B, C in the Resources File 
 +** Section C - From the command linegain access to the program without providing ​legitimate password. 
 +** Take a screen shot of your result for Section C and submit that to Learning Suite.
  
 +
 +=Extra Credit Options=
  
 == Option 3 == == Option 3 ==
  
-I used collection of files based on materials found in Jon Erickson'​s The Art of ExploitationVisit the following page for hints on using gdb and perl, and then try a range of options to change to flow control for a program. Your deliverable is a writeup to describe what you learned+The most recent CS 360 course now includes ​project on buffer overflow attacks. This is based on a lab developed at SyracuseYou may complete that lab and submit ​the result ​for Project 8
-* [http://tinyurl.com/9uh458s ​Buffer Overflow ​Resources+Link to [http://ilab.cs.byu.edu/cs360/​2012s/​assignments/​lab5.html CS360 Buffer Overflow ​Lab
-Inject shell code on the stack +As in option 1, you'll need a [http://​students.cs.byu.edu/​~cs465ta/​fall2014/​bufferOverflow/​option2.tgz precompiled version]
-* First inject your shellcode as an environment variableThen smash the stack and cause that shellcode to execute.+
  
  
Line 46: Line 49:
 For this option you can practice your buffer overflow skills against the Carnegie Mellon buflab. This lab is a part of EE 324 as well. Currently we do not have a project description posted. However the one for EE 324 is [http://​ece324web.groups.et.byu.net/​Labs/​buflab/​buflab.pdf here] and it is the same as what you will be doing here. However please note that you cannot work in teams, despite what that spec says. For your cookie provide your NetID. This lab can only be done on CS lab machines (not SPICE machines like the spec says). You can SSH into them if you don't want to go into the labs.  For this option you can practice your buffer overflow skills against the Carnegie Mellon buflab. This lab is a part of EE 324 as well. Currently we do not have a project description posted. However the one for EE 324 is [http://​ece324web.groups.et.byu.net/​Labs/​buflab/​buflab.pdf here] and it is the same as what you will be doing here. However please note that you cannot work in teams, despite what that spec says. For your cookie provide your NetID. This lab can only be done on CS lab machines (not SPICE machines like the spec says). You can SSH into them if you don't want to go into the labs. 
  
-Get your bomb [http://padme.cs.byu.edu:​18213 ​here]. See the results board [http://padme.cs.byu.edu:18213/scoreboard here].+Get your bomb [http://bombs.sebulba.cs.byu.edu/​bombs ​here]. See the results board [http://bombs.sebulba.cs.byu.edu/​scoreboard here].
  
  
cs-465/project-8-buffer-overflow.txt · Last modified: 2017/11/11 17:10 by seamons
Back to top
CC Attribution-Share Alike 4.0 International
chimeric.de = chi`s home Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0