Reference no: EM133684088
Assignment - Memory Attacks
For this assignment:
Connect to the HacklabVM
Get the secret message for each of q1 ~ q6
Go to /home/q1/. Exploit the program to get the secret.
Go to/ home/q2/. Exploit the program to get the secret.
Go to/ home/q3/. Exploit the program to get the secret.
Go to /home/q4/. Exploit the program to get the secret.
Go to /home/q5/. Exploit the program to get the secret.
Go to /home/q6/. Exploit the program to get the secret.
Firewalls have the capability to block both ingress (inbound) and egress (outbound) traffic. Many organisations (and also true for my home NBN router) block ingress, but is pretty open when it comes to egress rules.
Why should organisations care about setting egress (outbound) firewall rules?
Lookup "C2 server" on the internet and explain why they can be successful even on firewalls that tightly restrict egress traffic to sanctioned ports like 53, 80 and 443.
(Bonuse 2 points) Go to /home/q7/. Exploit the program to get the secret.(You may not get the secret because of server problem, you can just provide process and description for this question and you will get the full mark.)
(Bonuse 3 points) Go to /home/q8/. Exploit the program to get the secret.
Part II
Return to Libc
Go to /home/q9, and exploit the pre-compiled program q9 to get the secret. Source code is provided.
You might need to read the source code to understand what's happening.
Hints:
The program expects a filename for argv[1], so the payload needs to be. in a <redacted>.
In performing Step 8 of the workshop, replace
with
to look for your environmental variable (SH) as it's usually further up
If your exploit succeeds in gdb (it should) but fails outside of gdb (as per workshop) you need to adjust the last 4 bytes of the payload carefully... I have installed hexedit on the server (F1
for help).
Make sure to run with full path /home/q9/q9 /<full path to payload> outside of gdb to be consistent.
The findenv.c program would not work in this case, as the argv[0] length will be different.