Reference no: EM13943224
Write an exploit / attack for the scanf function. Explain how the given buffer overflow attack works. Hint: write second program that spits out input.
Deliverables: - discussion of the buffer overflow attack.
- stack diagram of the given code execution.
-- valid input.
--invalid input (input that causes function bar to be called.
- exploit of scanf.
- brief discussion on how to prevent buffer overflows.
#include <stdio.h>
#include <string.h>
void foo (const char * input)
{
char buf [50];
printf ("My stack looks like: \n%p\n%p\n%p\n%p\n%p\n%p\n%p\n\n");
strcpy (buf,"I am Bender. Please Insert Girder");
strcat (buf,input);
printf ("%s\n",buf);
printf ("My stack looks like: \n%p\n%p\n%p\n%p\n%p\n%p\n%p\n\n");
return;
}
void bar ()
{
printf ("Auug! I've been hacked!\n");
return;
}
int main (int argc, char*argv[])
{
scanf("%s",buf);
printf ("address of foo: %p\n",foo);
printf ("address of bar: %p\n", bar);
foo (buf);
return 0;
}
Example Stack Diagram:
Stack diagram for the strcat function at the beginning of function foo.
|
Hexadecimal Stack
|
Value Interpretation
|
|
0x1
|
|
|
0xfeea8380
|
|
|
0x212ab6
|
|
|
(nil)
|
The 50-character buffer
|
|
(nil)
|
"
|
|
(nil)
|
"
|
|
(nil)
|
"
|
|
(nil)
|
"
|
|
(nil)
|
"
|
|
(nil)
|
"
|
|
(nil)
|
"
|
|
(nil)
|
"
|
|
(nil)
|
"
|
|
(nil)
|
"
|
|
(nil)
|
"
|
|
0xfeea000
|
|
|
0x262690
|
|
|
0x34235c0
|
|
|
0x8048704
|
|
|
0xfeea83a8
|
|
|
0xfeea8430
|
|
|
Oxfeea8418
|
|
|
0x80484eb
|
Return address from foo to main
|
|
Determine maximum load that helicopter can lift
: The helicopter can produce a maximum downward air speed ( v = 24 m/s ) in a slipstream of a diameter ( D = 9 m). Knowing that the weight of the helicopter and the crew is ( 15 kN ) and assuming air density rho = 1.21 kg/m^3 ), determine the maximu..
|
|
The radiative heat transfer coefficient
: A black body of finite dimension at 1000K is inserted into an infinite medium at 300 K. Given Stefan Boltzman constant as 1.8*10-5 W/m2K4, the radiative heat transfer coefficient is ------
|
|
Write paper on american with disabilities act and employment
: Write research paper on Americans with Disabilities Act & Employment. Investigating the Relationship between the Americans with Disabilities Act and the declining rate of employment for people with disabilities since 1990.
|
|
Analyzing the business decision or problem
: In this section you should in write in your own words a brief description of the business and the decision or problem that needs to be addressed.
|
|
Write an exploit / attack for the scanf function.
: Write an exploit / attack for the scanf function. Explain how the given buffer overflow attack works. Hint: write second program that spits out input.
|
|
Pseudocode to represent the logic of a program
: Draw a flowchart or write pseudocode to represent the logic of a program that allows the user to enter two values. The program outputs the product of the two values. In order to complete this assignment.
|
|
Volume necessary to reduce the exiting concentration
: Question -3 -the first order reaction A-(B is carried out in tubular reactor in which volumetric flow rate is constant . derive an equation relating to the reactor volume to the entering and exiting concentration of A .
|
|
What is the present value of the tax shield
: Assume a world with corporate tax rate of 50% and no personal taxes. Company U has no debt, an operating income of $48m, a return on equity %20, and 3m shares outstanding. Company U decides to borrow $60m at and interest rate of 10% and use the proce..
|
|
Implied by the two outstanding debt issues
: Vedder, Inc., has 7.9 million shares of common stock outstanding. The current share price is $62.90, and the book value per share is $5.90. Vedder also has two bond issues outstanding. Assume that the overall cost of debt is the weighted average of ..
|