Project
- Score:
- Description:
- Write a program with a return-into-libc vulnerability.
- Launch a local return-into-libc attack against the above program to create a shell program.
- Bonus:
- Instead of creating a shell, if your shell code injected through a stack smashing attack can automatically connect to an
external host, download an executable file from the host, and execute the file on your local host, you can
get extra 20 points for this project.
- Tips:
- You can use any platform to implement your project; however, a Linux platform is highly recommended.
- Check the
Referenced Material Section of the course web site to see how to write your shell code.
- If you use a Linux platform, to simplify your work, don't forget to turn off the Non-executable Stack and
ASLR mechanism of your system.
- Check the instructions in
this file
to see how to turn off the Non-executable Stack and ASLR mechanism of your system.
- You can use debugging tools, like gdb,
to help you find the addresses of related items in an attacked process.
- Submission:
- Due day: 11:59PM 18th May.
- You must submit your source code (only electronic version, not hard copy), attack strings, and a description of your attack scenario
to the TA.
- Submit your project to the TA before the due day.
- Late Submission will not be accepted.
- The demo will be held from 18:30 PM to 21:30 PM 21st May at the classroom.