|
Section # |
Description |
Points |
|
Part I |
||
|
I1 |
start a shellcode via c code (proper system call) |
2 |
|
I2 |
explain the steps going into finding the relevant address for badfile |
2 |
|
I3 |
create a meaningful badfile and explain
its structure |
10 |
|
I4 |
gain a shell through BOF -
run the attack (35) -
the shell is root (10) |
45 |
|
I5 |
gain a dash rootshell |
4 |
|
I6 |
have fun with randomness |
3 |
|
I7 |
repeat main attack with stackguard on |
2 |
|
I8 |
repeat main attack with non-executable stack |
2 |
|
Part II |
||
|
II1 |
find the addresses of system() and
exit() |
3 |
|
II2 |
find the address of MYSHELL |
1 |
|
II3 |
create a meaningful badfile and explain
its structure |
10 |
|
II4 |
gain a rootshell through BOF |
10 |
|
II5 |
repeat the attack without invoking exit()
and explain |
2 |
|
II6 |
repeat the attack after lengthening the name of retlib and explain |
2 |
|
II7 |
repeat the attack with randomization on and explain |
2 |
|
II8 |
try to get around dash countermeasure |
+10 |