{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

cs35Llab7 - 14 debug using gdb gdb/thttpd 5942 15 repeat...

Info icon This preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
1. Untar source file tar -xvf thttpd-2.25b.tar.gz 2. (make lab7.patch) 3. apply patch patch -b -p0 < lab7.patch 4. (error received) 5. configure file ./configure --prefix=/home/knoppix/Desktop/thttpd 6. (modify Makefile) 7. (modify CCOPT to -00 -g 8. clear and compile make clean make 9. launch server ./thttpd -p 8080 10. check status of webserver wget http://127.0.0.1:8080 11. obtain thttpd PID ps -e | grep thttpd 12. crash the server by providing web patch longer than the input buffer wget http://127.0.0.1:8080/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 13. check server status ps -e | thttpd
Image of page 1
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 14. debug using gdb gdb ./thttpd 5942 15. repeat step 12 to crash the server again 16. backtrace backtrace ======================================================================== To exploit a system by using stack overflows, the hacker could simply insert a large amount of NOP instructinos into the system's stack. Since a function's return address is stored at one end of the stack, when the stack has been filled to a point where the stack pointer is now pointing at the end of the allocated stack frame (aka stack overflow), the hacker could then change the return address of the program to a different address (where his own code is at). When the function returns, the system will excecute the malicious code that the hacker has put onto the machine, and thus grants the hacker system control....
View Full Document

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern