CS 361S - Network Security and Privacy Spring Project #2

Similar documents
CS Programming Languages Fall Homework #2

CS 361S - Network Security and Privacy Spring Project #2

CS155: Computer Security Spring Project #1. Due: Part 1: Thursday, April pm, Part 2: Monday, April pm.

Homework 1 CS 642: Information Security

CS 361S - Network Security and Privacy Spring Project #1

CS155: Computer Security Spring Project #1

Introduction. Overview and Getting Started. CS 161 Computer Security Lab 1 Buffer Overflows v.01 Due Date: September 17, 2012 by 11:59pm

Project 1 Notes and Demo

Homework 4 CS161 Computer Security, Spring 2008 Assigned 4/14/08 Due 4/21/08

CS 642 Homework #4. Due Date: 11:59 p.m. on Tuesday, May 1, Warning!

Project 4: Application Security

CS 344/444 Spring 2008 Project 2 A simple P2P file sharing system April 3, 2008 V0.2

Exercise Session 6 Computer Architecture and Systems Programming

Project 4: Application Security

Problem Set 1: Unix Commands 1

Lab 2: Buffer Overflows

Programming Assignment IV Due Thursday, June 1, 2017 at 11:59pm

CS 361S - Network Security and Privacy Spring Homework #3

CNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux

ISA 564, Laboratory I: Buffer Overflows

CMSC 201 Spring 2017 Lab 01 Hello World

Exercise 6: Buffer Overflow and return-into-libc Attacks

CS354 gdb Tutorial Written by Chris Feilbach

CS 361S - Network Security and Privacy Spring Homework #2

Jackson State University Department of Computer Science CSC / Advanced Information Security Spring 2013 Lab Project # 5

Section 1: Tools. Contents CS162. January 19, Make More details about Make Git Commands to know... 3

Project #1: Tracing, System Calls, and Processes

Memory Corruption. Modern Binary Exploitation CSCI Spring 2015 Austin Ralls

Programming Assignment #4 Arrays and Pointers

Project #2: FishNet Distance Vector Routing

Project 4: ATM Design and Implementation

Lecture 9: Buffer Overflow* CS 392/6813: Computer Security Fall Nitesh Saxena

CS 429H, Spring 2012 Optimizing the Performance of a Pipelined Processor Assigned: March 26, Due: April 19, 11:59PM

Network Administration/System Administration (NTU CSIE, Spring 2018) Homework #1. Homework #1

It is academic misconduct to share your work with others in any form including posting it on publicly accessible web sites, such as GitHub.

CMSC 201 Spring 2018 Lab 01 Hello World

143a, Spring 2018 Discussion Week 4 Programming Assignment. Jia Chen 27 Apr 2018

Assignment 5. CS/ECE 354 Spring 2016 DUE: April 22nd (Friday) at 9 am

Assignment 1: Communicating with Programs

EE516: Embedded Software Project 1. Setting Up Environment for Projects

Contents. Note: pay attention to where you are. Note: Plaintext version. Note: pay attention to where you are... 1 Note: Plaintext version...

Table Of Contents. 1. Zoo Information a. Logging in b. Transferring files 2. Unix Basics 3. Homework Commands

Programming Standards: You must conform to good programming/documentation standards. Some specifics:

Jackson State University Department of Computer Science CSC / Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan

COMP 3500 Introduction to Operating Systems Project 5 Virtual Memory Manager

Saint Louis University. Intro to Linux and C. CSCI 2400/ ECE 3217: Computer Architecture. Instructors: David Ferry

Lab 6: OS Security for the Internet of Things

CS 241 Data Organization. August 21, 2018

1 Lab Overview. 2 Resources Required. CSC 666 Lab #11 Buffer Overflow November 29, 2012

Project 2 - Kernel Memory Allocation

Programming Project 4: COOL Code Generation

1 Recommended Readings

Shellbased Wargaming

TNM093 Practical Data Visualization and Virtual Reality Laboratory Platform

CS 261 Recitation 1 Compiling C on UNIX

CNIT 127: Exploit Development. Ch 3: Shellcode. Updated

CS 161 Computer Security. Week of January 22, 2018: GDB and x86 assembly

Lab 03 - x86-64: atoi

CS 375 UNIX System Programming Spring 2014 Syllabus

CS 392/681 Lab 6 Experiencing Buffer Overflows and Format String Vulnerabilities

Project 4: ATM Design and Implementation

CSC 4992 Cyber Security Practice

Project 0: Linux & Virtual Machine Dabbling

Reviewing gcc, make, gdb, and Linux Editors 1

Everything about Linux User- and Filemanagement

Projects and Environment Introduction

Programming Tips for CS758/858

Lecture 6: Buffer Overflow. CS 436/636/736 Spring Nitesh Saxena

buffer overflow exploitation

Lab #1 Installing a System Due Friday, September 6, 2002

1 Project Summary (Part B)

Development Environment Embedded Linux Primer Ch 1&2

CS 645: Lecture 3 Software Vulnerabilities. Rachel Greenstadt July 3, 2013

The print queue was too long. The print queue is always too long shortly before assignments are due. Print your documentation

CS 241 Data Organization using C

143a, Spring 2018 Discussion Week 4 Programming Assignment. Jia Chen 27 Apr 2018

CSCi 4061: Intro to Operating Systems Spring 2017 Instructor: Jon Weissman Assignment 1: Simple Make Due: Feb. 15, 11:55 pm

Setting up my Dev Environment ECS 030

The Geometry of Innocent Flesh on the Bone

CSC374, Spring 2010 Lab Assignment 1: Writing Your Own Unix Shell

COMPUTER NETWORKS. CPSC 441, Winter 2016 Prof. Mea Wang Department of Computer Science University of Calgary

CS 0449 Project 4: /dev/rps Due: Friday, December 8, 2017, at 11:59pm

Dalhousie University CSCI 2132 Software Development Winter 2018 Lab 8, March 22

Lab 6: OS Security for the Internet of Things

Laboratory Assignment #4 Debugging in Eclipse CDT 1

University of Colorado at Colorado Springs CS4500/ Fall 2018 Operating Systems Project 1 - System Calls and Processes

Development Environment & Linux Guide

DAY 4. CS3600, Northeastern University. Alan Mislove

Assignment 4 Buffer Overflows

Assignment 1: Build Environment

Debug for GDB Users. Action Description Debug GDB $debug <program> <args> >create <program> <args>

Programming Project # 2. cs155 Due 5/5/05, 11:59 pm Elizabeth Stinson (Some material from Priyank Patel)

Laboratory 1 Semester 1 11/12

CMPSC 497 Buffer Overflow Vulnerabilities

HW/Lab 3: SSL/TLS. CS 336/536: Computer Network Security DUE 11am on Nov 10 (Monday)

CSE 361 Fall 2017 Lab Assignment L2: Defusing a Binary Bomb Assigned: Wednesday Sept. 20 Due: Wednesday Oct. 04 at 11:59 pm

1 The Var Shell (vsh)

Overview of Project V Buffer Manager. Steps of Phase II

CS 215 Fundamentals of Programming II Spring 2019 Very Basic UNIX

Programming Assignment #3 Event Driven Simulation

Transcription:

CS 361S - Network Security and Privacy Spring 2014 Project #2 Part 1 due: 11am CDT, March 25, 2014 Part 2 due: 11am CDT, April 3, 2014 Submission instructions Follow the submission instructions in the Deliverables section. If you are submitting late, please indicate how many late days you are using. Collaboration policy This assignment can be done individually or in two-person teams. Any cheating (e.g., submitting another person s work as your own, or permitting your work to be copied) will automatically result in a failing grade. The Computer Science department code of conduct can be found at http://www.cs.utexas.edu/undergraduate-program/code-conduct. Late submission policy The first part of this project is due at the beginning of class on March 25. The second part is due at the beginning of class on April 3. All late submissions will be subject to the following policy. You start the semester with a credit of 3 late days. For the purpose of counting late days, a day is 24 hours starting at 11am on the assignment s due date. Partial days are rounded up to the next full day. You are free to divide your late days among the take-home assignments (3 homeworks and 2 projects) any way you want: submit three assignments 1 day late, submit one assignment 3 days late, etc. After your 3 days are used up, no late submissions will be accepted and you will automatically receive 0 points for each late assignment. 1

Buffer Overflow Project (75 points + 25 bonus points) Objective The objective of this project is to give you hands-on experience with implementing buffer overflow exploits. You are given source code for five exploitable programs (target1.c,..., target5.c). These programs are all installed as setuid root in the the VMware virtual machine. Your goal is to write five exploit programs (sploit1,..., sploit5). The sploit[i] program will execute target[i], giving it a certain input that should result in a root shell on the VMware virtual machine. See below (Your Assignment) for more details. Files You will need: The VMware Player: http://www.vmware.com/products/player/ The virtual machine image: http://www.cs.utexas.edu/~shmat/courses/cs361s/ cs361s-proj2vm.tar.bz2 The project files: http://www.cs.utexas.edu/~shmat/courses/cs361s/cs361s-proj2. tar.bz2 VMware environment You will test your exploit programs in a VMware virtual machine. To do this, you will need to download the virtual machine image as well as the VMware Player from VMware s website (see above). VMware Player can run on Linux, Windows, and Mac OS X (VMware Fusion). The virtual machine we provide is configured with Debian Etch. Should you need any other packages to do your work (e.g., emacs), you can install it with the command apt-get (e.g., apt-get install emacs). You may need to edit the /etc/apt/sources.list file and replace http://mirrors.kernel.org/debian with http://archive.debian.org/debian everywhere. The virtual machine is configured to use NAT for networking. From the virtual machine, you can type ifconfig as root to see the IP address of the virtual machine. It should be listed under the field inet addr: under eth0. The virtual machine also has an SSH server. You can SSH into the virtual machine from your machine, using the IP address produced by ifconfig (see above) as the destination. You can also use this to transfer files onto the virtual machine using scp. Alternatively, you can fetch files directly from the web on the VM using wget. Targets The project files (cs361s-proj2.tar.bz2) contain the source code for the targets, along with a Makefile specifying how they are to be built. 2

Your exploits should assume that the compiled target programs are installed setuid-root in /tmp /tmp/target1, /tmp/target2, etc. Exploits The project files (cs361s-proj2.tar.bz2) also contain skeleton source code for the exploits which you are to write, along with a Makefile for building them. Also included is shellcode.h, which gives Aleph One s shellcode. Exploit programs are very short, so there is no need to write a lot of code. Your assignment You are to write one exploit per target. Each exploit, when run in the virtual machine with its target installed setuid-root in /tmp, should yield a root shell (/bin/sh). You can use whoami to tell if you are root or not. Grading There are five targets. Each successful exploit will give you a certain amount of points. Part 1 (due March 27) Target 1: 10 points Target 2: 15 points Part 2 (due April 5) Target 3: 25 points Target 4: 25 points Target 5 is the bonus target. It is worth 25 extra points on top of the regular points for this assignment. Hints gdb is your best friend in this assignment. It will help you inspect the contents of memory as your target is executing and generally understand what s going on. In particular, notice the disassemble and stepi commands. You may find the x command useful to examine memory (and the different ways you can print the contents such as /a /i after x). The info register command is helpful in printing out the contents of registers such as ebp and esp. Another very useful command is info frame. It prints a detailed description of the selected frame. 3

When you run gdb, you will find the -e and -s command-line flags useful. For example, the command gdb -e sploit1 -s /tmp/target1 in the VM tells gdb to execute sploit1 and use the symbol file in target1. These flags let you trace the execution of target1 after the sploit has forked off the execve process. When running gdb using these command-line flags, be sure to first issue catch exec, then run the program before you set any breakpoints; the command run naturally breaks the execution at the first execve call before the target is actually exec-ed, so you can set your breakpoints when gdb catches the execve. Note that if you try to set break points before entering the command run, you ll get a segmentation fault. If you wish, you can instrument your code with arbitrary assembly using the asm () pseudofunction. IMPORTANT: Your code must run within the provided virtual machine environment. Warnings Aleph One gives code that calculates addresses on the target s stack based on addresses on the exploit s stack. Addresses on the exploit s stack can change based on how the exploit is executed (working directory, arguments, environment, etc.). In our testing, we do not guarantee to execute your exploits as bash does. You must therefore hard-code target stack locations in your exploits. You should not use a function such as get_sp() in the exploits you hand in. Your exploit programs should not take any command-line arguments. Deliverables You will submit a single tarball that contains the source code for all your exploits, along with any files (Makefile, shellcode.h) necessary for building them. All the exploits should build if the make command is issued. There should be no directory structure: all files in the tarball should be in its root directory. (Run tar from inside the sploits/ directory). You will submit your files using the turnin command on the UTCS system. The grader is ojensen and the homework name is buffer1 and buffer2 for part 1 and part 2, respectively. The tarball should also include a file SUBMISSION. The first line should state how many late days were used (if any). Then give the following on a single line, one for each student: your UTEID your UTCS username your real name You may want to include a README file with comments about your experiences or suggestions for improvement. 4

Getting Started Make sure you start early. This ensures you can set up the proper VM environment in which to write your exploits. 1. Download and install VMware Player (Windows and Linux) or VMware Fusion (Mac OS X: http://www.vmware.com/download/fusion/). 2. Download the VMware virtual machine tarball (cs361s-proj2vm.tar.bz2). 3. Decompress the virtual machine tarball, then open the file box.vmx using VMware Player. If VMware Player asks you if you moved or copied the virtual machine, say that you copied it. 4. Login to the virtual machine. There are two accounts: root/root and user/user. 5. Ensure that networking is working by typing ifconfig and checking that the inet addr: field of eth0 has a valid IP address. Make sure you can reach the machine by attempting to ssh into it. 6. Download the project files (cs361s-proj2.tar.bz2) onto the virtual machine. You can do this by downloading the tarball first, and then using scp to transfer the files onto the VM. Alternatively, you can log in as root to the VM and use wget. 7. Copy the sploits directory to the user s home directory (and make sure to set the ownership so that user can access them chown -R user:user sploits ), and the target directory to the root s home directory. Make the targets and copy the targets to /tmp together with the corresponding.c files. Set up the permissions so that the targets are owned by root, are setuid root, and the.c files are publicly readable: chown root:root target? ; chmod 4755 target?; chmod a+r target?.c 8. Every time you restart the VM, you ll have to set up the targets in the VM s /tmp because it ll be wiped clean. 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback