Question

In: Computer Science

Write a testing program (not sort.c from task 2) that contains a stack buffer overflow vulnerability....

Write a testing program (not sort.c from task 2) that contains a stack buffer overflow vulnerability. Show what the stack layout looks like and explain how to exploit it. In particular, please include in your diagram: (1) The order of parameters (if applicable), return address, saved registers (if applicable), and local variable(s), (2) their sizes in bytes, (3) size of the overflowing buffer to reach return address, and (4) the overflow direction in the stack (5) What locations within the stack are actually overwritten with your target data to exploit a stack to cause the routine you want to execute to be invoked? You are not required to write the real exploit code, but you may want to use some figures to make your description clear and concise.

Solutions

Expert Solution

Raw Copyable Code:

//header files
#include <stdlib.h>
#include <stdio.h>
#include <string.h>

//the test function
void testFunction (char *inString)
{
   char buffer[12];

   /*the below statement will results in a buffer overflow
   problem*/
   strcpy (buffer, inString);
}

//The main
int main()
{
   //the character array
   char *inString = "The string input has size more than 12";

   //call the function
   testFunction (inString);

   //return 0
   return 0;
}


Related Solutions

Discuss how a stack buffer overflow attack is implemented.
Discuss how a stack buffer overflow attack is implemented.
Windows vulnerability that has been exploited widely, such as the SQL Injection, Buffer Overflow. a) What...
Windows vulnerability that has been exploited widely, such as the SQL Injection, Buffer Overflow. a) What windows vulnerability in SQL Injection is and explain with references? b) What windows vulnerability in Buffer Overflow is and explain with references? c) What the weakness windows was and how it was exploited? d) What was the impact to society and economy?
Your organization’s app has been found to have stack overflow vulnerability. Search in NVD to make...
Your organization’s app has been found to have stack overflow vulnerability. Search in NVD to make a list of actions you will take immediately and overtime to mitigate and prevent such occurrences in future? Describe at least three design and project management measures.
Task 3      Write a program that pushes the first 10 natural numbers to the stack,...
Task 3      Write a program that pushes the first 10 natural numbers to the stack, then pops those numbers. Use the debugger to view how the stack changes after each instruction. Once all the data has been pushed to the stack, take a screenshot of the stack in memory. Task 4     Write a subroutine called “Area” that calculates the area of a rectangle. Use accumulator A and B to pass the length and the width to the function....
TASK: Using stack functions, write a program in C++ language that acts as a simple calculator,...
TASK: Using stack functions, write a program in C++ language that acts as a simple calculator, reading an infix algebraic expression with numbers and simple operations: +, -, *, / , (, and ). The program converts an infix expression into an equivalent postfix expression, and then evaluates the postfix expression, and then prints the result if input expression is correct otherwise prints error messages. Your program must interact with the user until the user quits.    REQUIREMENTS: - Your...
What properties would make a buffer overflow condition in a program exploitable or useful to an...
What properties would make a buffer overflow condition in a program exploitable or useful to an attacker?
Implementing a Stack Write a program that implements a stack of integers, and exercises the stack...
Implementing a Stack Write a program that implements a stack of integers, and exercises the stack based on commands read from cin. To do this, write a class called Stack with exactly the following members: class Stack { public: bool isEmpty(); // returns true if stack has no elements stored int top(); // returns element from top of the stack // throws runtime_error("stack is empty") int pop(); // returns element from top of the stack and removes it // throws...
Describe what a buffer overflow attack is, especially the main purpose of the attack. During program...
Describe what a buffer overflow attack is, especially the main purpose of the attack. During program execution, an input function is called to get a user's interactive input to the program. Describe what will happen to the return address kept in memory during the function call and the consequences if the user is an attacker performing a buffer overflow attack.
The program (​ stack-ptr.c​ ) implements stack using a linked list, however, it contains a race...
The program (​ stack-ptr.c​ ) implements stack using a linked list, however, it contains a race condition and is not appropriate for a concurrent environment. Using Pthreads mutex locks, fix the race condition. For reference, see Section 7.3.1 of SGG book.(Section 7.3.1 is about mutex and semaphores it does explain how to implement I'm just having a hard time finding the race condition within the code) /* * Stack containing race conditions */ #include #include #include typedef int value_t; //...
1.write three methods to exploit buffer overflow and to archive the goal. If local variables are...
1.write three methods to exploit buffer overflow and to archive the goal. If local variables are exploited present all possible approaches. Goal: The goal is to exploit the program to let it print out “CORRECT SERIAL”. Note: A “Segmentation fault” is fine if the program prints out the desired message. C programming
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT