Understand the stack smashing buffer exploit thoroughly

Assignment Help Software Engineering

Reference no: EM132721488

CPIS 605 Software Security - University of Jeddah

Objective: Understand the stack smashing buffer exploit thoroughly.

1. From the paper "Smashing the stack for fun and profit" by Alephone do the following
a. Download the article by Aleph One (see References). You will be extracting the source code of exploit3.c and exploit4.c files from it.
b. Improve the code of exploit3.c and exploit4.c so that there are no warning messages from gcc even after using the flags as in gcc -ansi -pedantic -Wall.
c. Reduce the size of their compiled binaries by at least 5% as seen by the size command when exactly the same flags are used in the compilation. Make sure no functionality is lost. Do not just remove printf's. Do not use gcc optimization flags.
d. Login as a non-root user. Verify that the exploit still works on the vulnerable program. (It may not!)
e. Turn in a report but also with answers to the questions below, and thoroughly describing your changes, and how you verified that there was no loss of functionality. Include properly indented versions of your exploit[34].c files. Use indent -kr.
f. Answer the question: What is the "environment"?
g. Answer the question: Why does exploit3.c run system("/bin/bash") at the end of main()?

2. Search the web and report on at least four recent (within last five years) buffer overflow attacks or SQL injection. Explain the attacks in two to three pages using your own words.

Attachment:- Software Security.rar

Reference no: EM132721488

Questions Cloud

Compute what is the target unit cost : Target Costing, If company management desires a return equal to 10 percent of the final selling price, what is the target unit cost?

What was lower case cash flow from operations : What was Lower Case's cash flow from operations for 2018? In 2018, Lower Case Productions had cash flows from investing activities of +$50,000

What is a project and what are its main attributes : What is a project, and what are its main attributes? How is a project different from what most people do in their day-to-day jobs? Discuss the importance.

What is the amount of Maren bargain element : Eighteen months later she sold all of the shares for $22 per share. What is the amount of Maren's bargain element

Understand the stack smashing buffer exploit thoroughly : Understand the stack smashing buffer exploit thoroughly - Reduce the size of their compiled binaries by at least 5% as seen by the size command

What does the market expect the two-year treasury rate : According to the unbiased expectations hypothesis, what does the market expect the two-year Treasury rate to be three years from today, E( 4r2)?

Describe prioritizing systems and functions for recovery : Write a 3-4 page APA formatted paper comparing your organization's disaster recovery and business continuity plans with the best practices outlined in your.

What is the net income for the year ended : Ortiz Co.had income from continuing operations of $1,600,000 in 2018. What is the net income for the year ended 31, 12, 2018

Which part of the federal reserve buys and sells securities : Which part of the Federal Reserve buys and sells securities as part of its monetary policy? The US Department of the Treasury. / Board of Governors

User Account

All Pages