Reference no: EM131724734
Question 1 The following is a program that tests a shellcode:
/* To compile, use
gcc -m32 -g -z execstack -o sc2_tiny sc2_tiny.c */
#include <string.h>
char shellcode[]=
"x31xc0x50x68x2fx2fx73x68x68x2fx62x69x6ex89xe3x50x89xe2x53x89xe1xb0x0bxcdx80";
main() {
char buff[2400];
void (*fp)(void);
strcpy(buff, shellcode);
fp = (void *)buff;
fp();
}
Encode the shellcode so that only printable ASCII characters are used. Note that the encoded version must be the same as the original one after it is decoded. You need to:
1) Modify only the shellcode string in the above program so that it will work properly as the original program (i.e., to create a shell). You need to attach your code along with the evidence that it works properly.
2) Demonstrate that the decoded version is the same as the original shellcode. You can use gdb.
Question 2 Explain how you could exploit the format string vulnerability in the program so that you can cause the program to display the following message:
I am on the way to become the King of Penetration Testing.
However, you cannot show the following the message:
I am still a novice Penetration Tester.
Then you need to implement and demonstrate your exploitation.
Question 3 Develop and implement an exploitation of the format string vulnerability in the program so that you can create a shell when function exit() is called. For this question, you can assume that the stack is executable (by compiling the program with -z execstack flag). Here you have the freedom to define additional environmental variables.
|
Write a class called book
: Write a class called Book, that contains instance data for the title, author, publisher, and copyright date. Define the Book constructor to accept
|
|
What are the rules used to read faces
: What are the rules used to read faces? Why do we control our facial expressions?Why are women better at reading facial expressions than men?
|
|
Describe ecosystems theory and provide an example
: Describe ecosystems theory and provide an example of how a hypothetical client might interact within various systems in their local community.
|
|
Compare nikola tesla and thomas edison
: Amongst science scholars, few debates get more heated than the ones that compare Nikola Tesla and Thomas Edison. So, who was the greater inventor?
|
|
Explain how could exploit the format string vulnerability
: Explain how you could exploit the format string vulnerability in the program so that you can cause the program to display
|
|
Determine the wavelength of the light
: The movable mirror is displaced 0.373 mm, causing the central spot in the interferometer pattern to change from bright to dark and back to bright 1862 times.
|
|
What does the family like to do together
: What are the names (first name only), ages, and birth order of all family members?What are the roles of each family member?
|
|
What are the expectations each of you has for the other team
: What are the expectations each of you has for the other team members?
|
|
What is the profit for year after adjusting for these errors
: Closing inventories, which had been used in calculating gross profit had been overvalued by £3,000. What is profit for the year after adjusting for these errors
|