Project 2: Exploitation of Buffer Overflow Vulnerabilities
Due date
Apr 26, 2017, 11:59pm (Please submit via Blackboard; you need to demo to me on Apr 27).
Goals
The goals of this project are to (1) learn the details of buffer overflow exploitation; and (2) understand how modern OSes and compilers protect against buffer overflow attacks.
Details
Buffer overflow is defined as the condition in which a program attempts to read or write data beyond the boundaries of buffers. This vulnerability can be utilized by a malicious user to alter the control flow of the program execution, even to execute arbitrary pieces of code.
In this lab, students will be given a program with a buffer-overflow vulnerability; their task is to develop a scheme to exploit the vulnerability and finally gain the root privilege. In addition to the attacks, students will be guided to walk through several protection schemes that have been implemented in the operating system to counter against the buffer-overflow attacks. Students need to evaluate whether the schemes work or not and explain why.
Project Tasks
Please finish all the four tasks.
Submission
Your submission should include the code, and a lab report that describes your observations and interpretations of the observations, a readme file that records the contribution of each team member.
References
- Buffer Overflow Vulnerability Lab. SEED Labs, 2014. link
- Smashing The Stack For Fun And Profit. Aleph One. link