Reference no: EM132413674
CPIS 605 - Software Security Project Assignment, Department of cyber security - University of Jeddah, Saudi Arabia
Objective: Understand the stack smashing buffer exploit thoroughly.
1. From the paper "Smashing the stack for fun and profit" by Alephone do the following
a. Download the article by Aleph One (see References). You will be extracting the source code of exploit3.c and exploit4.c files from it.
b. Improve the code of exploit3.c and exploit4.c so that there are no warning messages from gcc even after using the flags as in gcc -ansi -pedantic -Wall.
c. Reduce the size of their compiled binaries by at least 5% as seen by the size command when exactly the same flags are used in the compilation. Make sure no functionality is lost. Do not just remove printf's. Do not use gcc optimization flags.
d. Login as a non-root user. Verify that the exploit still works on the vulnerable program. (It may not!)
e. Turn in a report but also with answers to the questions below, and thoroughly describing your changes, and how you verified that there was no loss of functionality. Include properly indented versions of your exploit[34].c files. Use indent -kr.
f. Answer the question: What is the "environment"?
g. Answer the question: Why does exploit3.c run system("/bin/bash") at the end of main()?
2. Search the web and report on at least four recent (within last five years) buffer overflow attacks or SQL injection. Explain the attacks in two to three pages using your own words.
Note - Assignment in C language, question two is research from 2 to 3 pages as mention in the paper and in question one there are two code expoit3.c and exploite4.c, each one will be different.
Attachment:- Software Security Project Assignment Files.rar