Section # |
Description |
Points |
Part I |
||
I1 |
start a shellcode via c code (proper system call) |
2 |
I2 |
explain the steps going into finding the relevant address for badfile |
2 |
I3 |
create a meaningful badfile and explain
its structure |
10 |
I4 |
gain a shell through BOF -
run the attack (35) -
the shell is root (10) |
45 |
I5 |
gain a dash rootshell |
4 |
I6 |
have fun with randomness |
3 |
I7 |
repeat main attack with stackguard on |
2 |
I8 |
repeat main attack with non-executable stack |
2 |
Part II |
||
II1 |
find the addresses of system() and
exit() |
3 |
II2 |
find the address of MYSHELL |
1 |
II3 |
create a meaningful badfile and explain
its structure |
10 |
II4 |
gain a rootshell through BOF |
10 |
II5 |
repeat the attack without invoking exit()
and explain |
2 |
II6 |
repeat the attack after lengthening the name of retlib and explain |
2 |
II7 |
repeat the attack with randomization on and explain |
2 |
II8 |
try to get around dash countermeasure |
+10 |