CPIS 605 - Software Security Assignment

Reference no: EM132413674

CPIS 605 - Software Security Project Assignment, Department of cyber security - University of Jeddah, Saudi Arabia

Objective: Understand the stack smashing buffer exploit thoroughly.

1. From the paper "Smashing the stack for fun and profit" by Alephone do the following

a. Download the article by Aleph One (see References). You will be extracting the source code of exploit3.c and exploit4.c files from it.

b. Improve the code of exploit3.c and exploit4.c so that there are no warning messages from gcc even after using the flags as in gcc -ansi -pedantic -Wall.

c. Reduce the size of their compiled binaries by at least 5% as seen by the size command when exactly the same flags are used in the compilation. Make sure no functionality is lost. Do not just remove printf's. Do not use gcc optimization flags.

d. Login as a non-root user. Verify that the exploit still works on the vulnerable program. (It may not!)

e. Turn in a report but also with answers to the questions below, and thoroughly describing your changes, and how you verified that there was no loss of functionality. Include properly indented versions of your exploit[34].c files. Use indent -kr.

f. Answer the question: What is the "environment"?

g. Answer the question: Why does exploit3.c run system("/bin/bash") at the end of main()?

2. Search the web and report on at least four recent (within last five years) buffer overflow attacks or SQL injection. Explain the attacks in two to three pages using your own words.

Note - Assignment in C language, question two is research from 2 to 3 pages as mention in the paper and in question one there are two code expoit3.c and exploite4.c, each one will be different.

Attachment:- Software Security Project Assignment Files.rar

Reference no: EM132413674

Questions Cloud

Distribution of sample mean follow the normal distribution : Explain why the sampling distribution of sample mean follow the normal distribution in this case.

Mini-case study on ERM and risk : Suppose General Motors wants to replace one of their traditional lines of vehicles with all electric models.

Confidence interval for the true proportion of wells : Construct a 90% confidence interval for the true proportion of wells contaminated with pesticide T in the country.

Strategic philanthropy-locus of control-ethical culture : Strategic philanthropy, locus of control, ethical culture, ethical awareness, or normative approach.

CPIS 605 - Software Security Assignment : CPIS 605 - Software Security Assignment Help and Solution, University of Jeddah, Saudi Arabia. Objective: Understand stack smashing buffer exploit thoroughly

Construct an E-R diagram for a car insurance company : Construct an E-R diagram for a car insurance company whose customers own one or more cars each. Each car has associated with it zero to any number of recorded

Describe fully the distribution of a and the distribution : The random variable B is defined by B=X1+X2, where X1 and X2 are independent random values ofX. Describe fully the distribution of A and the distribution of B.

Confidence interval for the true proportion of wells : Construct a 90% confidence interval for the true proportion of wells contaminated with pesticide T in the country. State the condition(s) required

Hangman game : Include as many "bells and whistles" as possible to make the game entertaining and intuitive to play.

Reviews

len2413674

12/9/2019 2:32:02 AM

Assignment in C language - On CPIS File there is two questions and the code will be in Stack. Two question 1 & 2 - question two is research from 2 to 3 pages as mention in the paper and in question one there are two code expoit3.c and exploite4.c each one will be different, also i want the codes after the develop to be include in the report.

Write a Review

Required(*) Message

User Account

All Pages