This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: CS3214 Fall 2011 Exercise 4 Due: Friday, Sep 30, 2011. 11:59pm (no extensions). What to submit: A tar file that should contain the file answers.txt , which must be an ASCII file with answers for questions 1 and 2. For question 3, which asks for code, include a file named dpipe.c in your tar file. Use the submit.pl script in ˜ cs3214/bin/submit.pl to submit your tar file from the com- mand line, or use the submit website. Use the identifier ’ex4.’ The assignment will be graded on the rlogin cluster, so your answers must match this environment. Understanding Processes and Pipes In my in-class demo of how to construct a buffer overflow exploit that could be used to obtain a shell from a vulnerable network server, I used a program ’dpipe,’ which, in connection with the netcat utility program, could be used to turn any ordinary program into a network server. In this exercise, you’re asked to observe, reverse-engineer, and then reimplement the dpipe program. The dpipe binary is provided in ˜ cs3214/bin/dpipe on our machines. For netcat, use the ˜ cs3214/bin/gnetcat binary. To allow you to invoke those commands directly, make sure that ˜ cs3214/bin is in your PATH environment variable. Here’s an example session of how to use it. Say you’re logged on to the machine ’locust’ and run the command dpipe wc gnetcat -l 15999 1 . This will produce output as follows: [[email protected] sys1]$ dpipe wc gnetcat -l 15999 Starting: gnetcat Starting: wc Note that the shell is still waiting for dpipe to complete. The questions listed in part 1 must be answered at this point, after you have started dpipe, but before the next step. You may wish to continue reading and then return to this point, after opening a second terminal on the same machine. 2 Next, on a different (or the same) machine, run [[email protected] ˜]$ gnetcat locust 15999 < /etc/passwd 37 63 1754 [[email protected] ˜]$ 1 When you try this out, please replace 15999 with a number that with high likelihood is unique so you do not conflict with other students using this machine, let’s agree to using 10000 + last 4 digits of your VT...
View Full Document
This note was uploaded on 12/31/2011 for the course CS 3214 taught by Professor Staff during the Fall '11 term at Virginia Tech.
- Fall '11