cs35Llab7

cs35Llab7 - 14. debug using gdb gdb ./thttpd 5942 15....

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
1. Untar source file tar -xvf thttpd-2.25b.tar.gz 2. (make lab7.patch) 3. apply patch patch -b -p0 < lab7.patch 4. (error received) 5. configure file ./configure --prefix=/home/knoppix/Desktop/thttpd 6. (modify Makefile) 7. (modify CCOPT to -00 -g 8. clear and compile make clean make 9. launch server ./thttpd -p 8080 10. check status of webserver wget http://127.0.0.1:8080 11. obtain thttpd PID ps -e | grep thttpd 12. crash the server by providing web patch longer than the input buffer wget http://127.0.0.1:8080/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 13. check server status ps -e | thttpd
Background image of page 1
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 14. debug using gdb gdb ./thttpd 5942 15. repeat step 12 to crash the server again 16. backtrace backtrace ======================================================================== To exploit a system by using stack overflows, the hacker could simply insert a large amount of NOP instructinos into the system's stack. Since a function's return address is stored at one end of the stack, when the stack has been filled to a point where the stack pointer is now pointing at the end of the allocated stack frame (aka stack overflow), the hacker could then change the return address of the program to a different address (where his own code is at). When the function returns, the system will excecute the malicious code that the hacker has put onto the machine, and thus grants the hacker system control....
View Full Document

This note was uploaded on 06/02/2009 for the course CS 35L taught by Professor Eggert during the Spring '09 term at UCLA.

Ask a homework question - tutors are online