This assignment is a follow up to your last one. There are two parts to this assignment. Both parts make use of the files contained in this zip file.
In the zip file there is a C program called sittingDuck.c . Also in the zip file is an executable sittingDuck.exe and a data file called exploit2.bin . Do not compile the program. Use the executable given in the zip file. Run the executable with the data file as its input by using the following command line
C:\hw3> sittingDuck <exploit2.bin
The program will run, produce some lines of output, and then the program crashes. The data file causes a "buffer overflow" in the program and the buffer overflow causes the crash. The first part of your assignment is to give a detailed explanation of how the buffer overflow leads to the crash. In particular, figure out which line of the program causes the crash and why. Your explanation should make specific references to the assembly language listing of the program (which is also provided in the zip file) and to the way the program creates its stack frames.
The second part of your assignment is to construct your own exploit.bin input that, when read in by sittingDuck.exe , corrupts the stack of the function vulnerable() (in sittingDuck.c ) in such a way that when vulnerable() returns, it returns to the call to the printf() function in the else part in the main() function (just like in the previous assignment). Do not modify or recompile the program sittingDuck.c . Your exploit should work with the executable contained in the zip file. Test your exploit against the executable with a command line like the following:
C:\hw3> sittingDuck <exploit.bin
To create your exploit file, you may need a hex file editor. Here is a link to a fairly good free one.
Freeware Hex Editor XVI32
The best strategy for doing both parts of this assignment is to use the program's assembly language listing and the dissassembly window in the Visual Studio debugger to create a very detailed drawing of the running program's stack frames. (Such a drawing should be part of what you turn in.)
Turn in a zip file containing your explanation of the first part of this assignment and your exploit.bin file. If you want to know if your explanation is on track and sufficiently detailed, send me a copy before the due date and I'll let you know how you are doing.
This assignment is due Wednesday, February 16.
|