User Account

All Pages

Common Vulnerabilities, Python Programming

Assignment Help:
1 Low Level Exploits
1.1 Savegames
Jimmy is becoming increasingly frustrated at the computer game hes playing.
He has a save right before the levels boss but he needs either more health
or more gold in order to win. The game is loaded from a normal file on disk
but the health and gold are encrypted in some complicated fashion. The
1
characters name is not, however.
1. Set the characters gold or health to a number greater than 9000 by
utilising a buffer overflow. How did you achieve this? Explain using
reference to bytes and ASCII as to what the exact value was that you
achieved. [4 marks]
2. How could this exploit be prevented? [2 marks]
3. Could this exploit be useful for more than just the game? Could it be
used to gain access to a system? If not, why not? If so, where might it
be used? [4 marks]
1.2 General Questions [11 marks]
1. Why is it necessary for us to provide the flag -fno-stack-protector to
GCC? What is a canary in terms of a buffer overflow and how can a
canary prevent a buffer overflow exploit? [4 marks]
2. If the game above was written in Java instead of C, would the savegame
still be exploitable? [2 marks]
3. Imagine you were exploiting a program that was running with escalated
privileges (i.e. could read sensitive files, modify other users settings and
so on) is it possible to obtain a BASH shell using buffer overflows? Be
sure to explain what shellcode is and how the shellcode is executed1
.
[5 marks]
2 SQL Exploits (10 marks)
1. Show how it is possible to log in as any user by performing an SQL
injection attack on the username/password login page. [2 marks]
2. The website has been clued in on their major security problem and prevented
the previous attack. Is it possible to use the status query to work
out the password of one of the administrators Bobby2
? [4 marks]
1The traditional introduction to this topic is Smashing The Stack For Fun And Profit:
https://www.phrack.com/issues.html?issue=49&id=14
2SQLite (the database in use here) doesnt allow multiple SQL statements to be executed
in a single execute query consider using substr and subqueries
2
3. How can these attacks be prevented? Is it a difficult security problem
to fix? Why is it so common? [4 marks]

Related Discussions:- Common Vulnerabilities

Program that shows the use of all 6 math functions, Write an algorithm for ...

Write an algorithm for a program that shows the use of all 6 math functions. Write, test, and debug the program using Python. SAMPLE OUTPUT (not including author/program infor

Modules, Modules As you start to write larger programs, you will want ...

Modules As you start to write larger programs, you will want  to save the function de?nitions in multiple ?les, collected together according to what  they  do.  So, for exampl

Python programming, Suppose the cover price of a book is $24.95, but bookst...

Suppose the cover price of a book is $24.95, but bookstores get a 40% discount. Shipping costs $3 for the first copy and 75 cents for each additional copy. What is the total whol

While loop, You should use for whenever you can, because  it creates  the s...

You should use for whenever you can, because  it creates  the structure of your  loops clear. Sometimes, however, you require to do an operation various times, but you don't want t

File handling , A program to count how many files are on the file system wh...

A program to count how many files are on the file system which displays summary information regarding the total number of bytes used by all files and a breakdown of the number of b

Procedure calls, Procedure calls When you compute an expression of the...

Procedure calls When you compute an expression of the form ( ,  ..., )   the Python interpreter treats  this as a procedure call. It will be simpler to talk about

Bank transfer, Bank transfer What  if we  have  two  values,  represen...

Bank transfer What  if we  have  two  values,  representing bank  accounts, and  need  to transfer an  amount of money  amt between them?  Consider that a bank account is show

Internal models, Internal models As we want to create  more and more c...

Internal models As we want to create  more and more complex  machine with  software programs as controllers, we search  that  it is often needful  to create  additional types

Lost, Import the sample code below into the Python IDLE and enhance it, run...

Import the sample code below into the Python IDLE and enhance it, run it and debug it. Add features to make this a more realistic database tool by providing for easy data entry an

assignment 10, #question.Program 10 Assignment (Banking Objects – Savings/...

#question.Program 10 Assignment (Banking Objects – Savings/Checking Accounts) Create a program named 10.py that performs the following: Create a class named ChkAcct, and a class n

Write Your Message!

Captcha
Order Assignment

Featured Services

Order Now

Popular Subjects

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd