sys1 - CS3214 Fall 2011 Exercise 4 Due Friday 11:59pm(no...

Info icon This preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
CS3214 Fall 2011 Exercise 4 Due: Friday, Sep 30, 2011. 11:59pm (no extensions). What to submit: A tar file that should contain the file answers.txt , which must be an ASCII file with answers for questions 1 and 2. For question 3, which asks for code, include a file named dpipe.c in your tar file. Use the submit.pl script in ˜ cs3214/bin/submit.pl to submit your tar file from the com- mand line, or use the submit website. Use the identifier ’ex4.’ The assignment will be graded on the rlogin cluster, so your answers must match this environment. Understanding Processes and Pipes In my in-class demo of how to construct a buffer overflow exploit that could be used to obtain a shell from a vulnerable network server, I used a program ’dpipe,’ which, in connection with the netcat utility program, could be used to turn any ordinary program into a network server. In this exercise, you’re asked to observe, reverse-engineer, and then reimplement the dpipe program. The dpipe binary is provided in ˜ cs3214/bin/dpipe on our machines. For netcat, use the ˜ cs3214/bin/gnetcat binary. To allow you to invoke those commands directly, make sure that ˜ cs3214/bin is in your PATH environment variable. Here’s an example session of how to use it. Say you’re logged on to the machine ’locust’ and run the command dpipe wc gnetcat -l 15999 1 . This will produce output as follows: [[email protected] sys1]$ dpipe wc gnetcat -l 15999 Starting: gnetcat Starting: wc Note that the shell is still waiting for dpipe to complete. The questions listed in part 1 must be answered at this point, after you have started dpipe, but before the next step. You may wish to continue reading and then return to this point, after opening a second terminal on the same machine. 2 Next, on a different (or the same) machine, run [[email protected] ˜]$ gnetcat locust 15999 < /etc/passwd 37 63 1754 [[email protected] ˜]$ 1 When you try this out, please replace 15999 with a number that with high likelihood is unique so you do not conflict with other students using this machine, let’s agree to using 10000 + last 4 digits of your VT PID here.
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern