SFL Prof. Dr. C. Rossow / S. Hausotte TU Dortmund WS 2021/2022 Exercise 5 (Software Security)
5.1 Signed Integers
In this exercise, we are going to take a look at a practical example of integer boundaries. For this, use the given C code (integers.c) and compile it. The program will ask for two positive numbers and then adds them up. You pass the test if you can enter two integers such that the result becomes negative.
5.2 Decompiling
Copyright By PowCoder代写 加微信 powcoder
You are provided with an (UNIX-) executable file crackme. When executed, the program asks for a password (¡°Enter the password¡±). If you enter the correct password, the output is ¡°Access granted!¡±, otherwise it is ¡°Access denied!¡±.
Can you find out the password by examining the compiled file? You may use any tools you want to decompile the binary file but you can also do it without any further assistance.
5.3 Buffer overflow
(a) What two types of buffer overflow exploits do you know?
(b) How can you guard against buffer overflows?
(c) Use the given script (overflow.c) to pass the check WITHOUT using the password. To compile the script, use the following command:
gcc -o overflow-unsafe -fno-stack-protector overflow.c
5.4 Stack canaries
(a) How can stack canaries be used to detect buffer overflows?
(b) Compile the given script from the previous task again, but this time with stack canaries enabled:
gcc -o overflow-safe overflow.c -fstack-protector-all
What happens if you try to exploit the same buffer overflow now? Pay close attention to the output of the program. Also try password strings of vastly different lengths.
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com