Project
- Score:
- Description:
- Write a program with a buffer overflow vulnerability.
- Launch a local buffer overflow attack against the above program to create a shell program.
- Bonus:
- Instead of creating a shell, if your shell code injected through a stack smashing attack can automatically connect to an
external host, download an executable file from the host, and execute the file on your local host, you can
get extra 20 points for this project.
- Tips:
- You can use any platform to implement your project; however, a Linux platform is highly recommended.
- Check the
Referenced Material Section of the course web site to see how to write your shell code.
- If you use a Linux platform, to simplify your work, don't forget to turn off the Non-executable Stack and
ASLR mechanism of your system.
- Check the instructions in
this file
to see how to turn off the Non-executable Stack and ASLR mechanism of your system.
- You can use debugging tools, like gdb,
to help you find the addresses of related items in an attacked process.
- Submission:
- Due day: 11:59 PM, 23rd May.
- You must submit both a hard copy and an electronic version of both your
source code and attack string to the TAs through new-eeclass.
- Late Submission will not be accepted.
- Demo will proceed at the classroom after 23rd May.
-
Please fill out your demo time before 23rd May in this
demo form.
(updated: 16th May)