-
Notifications
You must be signed in to change notification settings - Fork 1
aidaroff/Computer-Security---Buffer-Overflows
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Software Vulnerability Analysis CSE 127 Intro to Computer Security Project 2 Special thanks to UCSD grad Stephen Checkoway, Assistant Professor University of Illinois, Chicago, for creating this assignment. ---==[ GDB tips ]==--- Notice the "disassemble" and "stepi" commands. You may find the "x" command useful to examine memory (and the different ways you can print the contents such as "/a" "/i" after "x"). The "info register" command is helpful in printing out the contents of registers such as ebp and esp. A useful way to run gdb is to use the -e and -s command line flags; for example, the command "gdb -e sploit3 -s /tmp/target3" in the VM tells gdb to execute sploit3 and use the symbol file in target3. These flags let you trace the execution of the target3 after the sploit's memory image has been replaced with the target's through the execve system call. When running gdb using these command line flags, you should follow the following procedure for setting breakpoints and debugging memory: 1. tell gdb to notify you on exec(), by issuing the command "catch exec" 2. run the program. gdb will execute the sploit until the execve syscall, then return control to you 3. set any breakpoints you want in the target 4. resume execution by telling gdb "continue" (or just "c"). If you try to set breakpoints before the exec boundary, you will get a segfault. If you wish, you can instrument the target code with arbitrary assembly using the __asm__ () pseudofunction, to help with debugging. Be sure, however, that your final exploits work against the unmodified targets, since these we will use these in grading. ---==[ Suggested reading in Phrack, www.phrack.org ]==--- Aleph One, "Smashing the Stack for Fun and Profit," Phrack 49 #14. klog, "The Frame Pointer Overwrite," Phrack 55 #08. Bulba and Kil3r, "Bypassing StackGuard and StackShield, Phrack 56 #0x05. Silvio Cesare, "Shared Library Call Redirection via ELF PLT Infection," Phrack 56 #0x07. Michel Kaempf, "Vudo - An Object Superstitiously Believed to Embody Magical Powers," Phrack 57 #0x08. Anonymous, "Once Upon a free()...," Phrack 57 #0x09. Nergal, "The Advanced Return-into-lib(c) Exploits: PaX Case Study," Phrack 58 #0x04. Gera and Riq, "Advances in Format String Exploiting," Phrack 59 #0x04. Anonymous, "Bypassing PaX ASLR Protection," Phrack 59 #0x09. blexim, "Basic Integer Overflows," Phrack 60 #0x10. ---==[ Other Books ]==--- W. Richard Stevens, /Advanced Programming in the Unix Environment./ Addison-Wesley, 1993. AEleen Frisch, /Essential System Administration,/ second edition. O'Reilly, 1995. /IA-32 Software Developer's Manual, Vol. 1: Basic Architecture./ Intel, 2001. /IA-32 Software Developer's Manual, Vol. 2: Instruction Set Reference./ Intel, 2001. /IA-32 Software Developer's Manual, Vol. 3: System Programming Guide./ Intel, 2001. (The latest versions of these manuals are online at http://developer.intel.com/products/processor/manuals/ .) Dean Elsner, Jay Fenlason, et al., /Using AS./ FSF, 1994. Richard Stallman et al., /Using the GNU Compiler Collection/ FSF, 2002. Richard Stallman, Roland Pesch, Stan Shebs, et al. /Debugging with GDB./ FSF, 2001. (These are online at http://www.gnu.org/manual/manual.html .)
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published