Reference no: EM133032963
Lab 8
Setup
You will need to install some of the utilities included in radare2 (namely rasm2). Since we don't need the most 'up-to-date' version of Radare2 we can easily install with apt. Run the command: sudo apt-get install radare2
To check that you have the tools required run: rasm2
If everything is setup properly, you should see output like:
Usage: rasm2 [-ACdDehLBvw] [-a arch] [-b bits] [-o addr] [-s syntax]
[-f file] [-F fil:ter] [-i skip] [-l len] 'code'|hex|-
Helper C Code
int main(int argc, char **argv)
{
char shellcode[] = "";
int (*func)();
func = (int (*)()) shellcode;
(int)(*func)();
}
//rasm2 -a x86 -b 32 -f hello.asm -C
//gcc -m32 -z execstack example_runner.c -o shellcode
Part 1: Hello World!
[lab8-1.asm] Write an assembly listing of shellcode that will write the string "System Calls are Cool!" to the file "/tmp/syscall.txt" using whatever means you deem necessary. (Good system call resource: System Calls Table w/ Arguments (Links to an external site.)
Assemble your shellcode and test it in C to validate it works.
Part 2: No Nulls Allowed.
[lab8-2.asm] Write an assembly listing of shellcode that will spawn a shell (/bin/sh).
Modify your assembly listing to ensure that it would be injected properly if injected via the strcpy function.
Recall which bytes are not allowed for strcpy.
Questions
Which bytes are not acceptable.
Deliverables
Code files: lab8-1.asm, lab8-2.asm