{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}


buflab-cs3214-fall11 - CS 3214 Fall 2011 Project 2 The...

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 3214, Fall 2011 Project 2: The Buffer Bomb Due: Wednesday, September 21, 11:59PM This project was developed by Randy Bryant; it was adapted for Virginia Tech by Godmar Back ( [email protected] ). Minimum requirement: To obtain a passing grade in CS 3214, we expect that by the end of the semester your group was successful in igniting at least Level 2, which is the ”Firecracker” phase of the bomb. Introduction This assignment will help you develop a detailed understanding of IA-32 calling conventions and stack organization. It involves applying a series of buffer overflow attacks on an executable file bufbomb provided to you. Note: In this project, you will gain firsthand experience with one of the methods commonly used to exploit security weaknesses in operating systems and network servers. Our purpose is to help you learn about the runtime operation of programs and to understand the nature of this form of security weakness so that you can avoid it when you write system or application code. We do not condone the use of this or any other form of attack to gain unauthorized access to any system resources. There are criminal statutes governing such activities. Logistics You may work in a group of up to two people in solving the problems for this project. The only “hand-in” will be an automated logging of your successful attacks. Any clarifications and revi- sions to the project will be posted on the course web page. We generated the buffer bomb executable using gcc ’s -m32 flag, so all code produced by the compiler follows IA-32 rules, even if the host is an x86-64 system. 1
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Hand Out Instructions You can obtain your buffer bomb by pointing your Web browser at: http://courses.cs.vt.edu/ cs3214/fall2011/buflab/buflab-handout.tar The server will return a tar file called buflab-handout.tar to your browser. Start by copying buflab-handout.tar to a (protected) directory in which you plan to do your work. It is okay for each group member to maintain a copy in their own respective directory. Then give the com- mand “ tar xvf buflab-handout.tar ”. This will create a directory called buflab-handout containing the following three executable files: bufbomb : The buffer bomb program you will attack. makecookie : A utility that generates a “cookie” based on your teamid. hex2raw : A utility to help convert between string formats. In the following instructions, we will assume that you have copied the three programs to a pro- tected local directory, and that you are executing them in that local directory. Team IDs and Cookies Phases of this project will require a slightly different solution from each group. The correct so- lution will be based on your teamid. The teamid is the concatenation of your SLO IDs using a + in between. If you’re in a group by yourselves, simply use your SLO ID. While the order of the two SLO IDs in a teamid does not matter, you must always choose the same ordering for the IDs.
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}