Lab 5: Attack

whole translation wip delete me!

In this lab, you'll be making code-injection (CI) attacks (on a provided ctarget executable) and return-oriented-programming (ROP) attacks (on the provided rtarget program). Different phases of the assignment will focus on attacking particular functions in the code.

Along the way, you will

Learn different ways that attackers can exploit security vulnerabilities when programs do not safeguard themselves well enough against buffer overflows.
Learn how to write programs that are more secure, as well as some of the features provided by compilers and operating systems to make programs less vulnerable.
Gain a deeper understanding of the stack and parameter-passing mechanisms of x86-64 machine code.
Gain a deeper understanding of how x86-64 instructions are encoded.
Gain more experience with debugging tools such as gdb and objdump.

Background Readings

Before you start, read the following sections of Bryant & O’Hallaron's Computer Systems (3rd edition) textbook as reference material for this lab:

Section 3.10.3: Out-of-Bounds Memory References and Buffer Overflow
Section 3.10.4: Thwarting Buffer Overflow Attacks

You may want to keep hex2raw and Generating Byte Codes open in a separate window for reference.

Direct Links to Phases

Code Injection

Return-Oriented Programming

Steps

Solving a Phase (and Grading)

When you have correctly solved one of the levels, your target program will automatically send a notification to the grading server. For example:

./hex2raw < ctarget.l2.txt | ./ctarget
Cookie: 0x1a7dd803
Type string:Touch2!: You called touch2(0x1a7dd803)
Valid solution for level 2 with target ctarget
PASSED: Sent exploit string to server to be validated.
NICE JOB!

The server will test your exploit string to make sure it really works, and it will update the Attacklab scoreboard page (on wilkes.cs.hmc.edu; port 15513) indicating that your user id (listed by your target number for anonymity) has completed this phase.

Unlike the Bomb Lab, there is no penalty for making mistakes in this lab. Feel free to fire away at ctarget and rtarget with any strings you like.

Due Date and Submission

Due: Friday, April 10 at 11:59 PM

There is no explicit hand-in because your targets will upload information about your progress to the server on wilkes, but we recommend that you create and maintain a text file where you record your solutions for each phase in case it's needed.

Warning

In this lab, you will gain firsthand experience with methods used to exploit security weaknesses in operating systems and network servers.

Our purpose is to help you learn about the runtime operation of programs and to understand the nature of these security weaknesses so that you can avoid them when you write system code.

We do not condone the use of any other form of attack to gain unauthorized access to any system resources. Attacking computer systems belonging to other people, and gaining unauthorized access, is a serious criminal offense that can lead to long prison terms.

(When logged in, completion status appears here.)

Go to Parent Page Next Page

CS 105

Warning: Missing Prerequisites