Assignment #4: Buffer Overflow Attack
For level 1, we encountered some difficulty getting started because there weren’t any instructions to guide us (image 1). For example, we attempted to use the command, ./level01 as described within the instructions, but it then asked us to input a password. Initially, we had trouble getting started because the initial command just asked us for a three-digit password.
We attempted to think of different commands to use in order to manipulate the directory to give out a password. At first we just tried to change directories and list whatever it would give us but that seemed too basic nor did it work. So, we were stuck for a while trying to figure out how to read whatever information we could get to obtain …show more content…
So, we used the hexadecimal converter and ended up with an integer of 271. It was a three digit number so upon entering it as the password, we had gained access to level 2 which was 3ywr07ZFw5IsdKzU.
(image 1)
The first thing we noticed for level 2 was that when we attempted to run level02 using the command, ./level02, we would get a message that says, “source code is available in level02.c” (image 2). We then decided to run the level02.c file to see how far we could get, but we ended up getting an error message saying that our permission was denied (image 3).
(image 2)
(image 3)
Fortunately, we were able to view the source code by using the ‘cat’ command (image 4). We then noticed that after glancing at the catch statement. It was set to print the words “WIN!”, and this immediately caught our attention. After looking at it even more we noticed that it also places us into the shell that should have new permissions (i.e. system(“/bin/sh”) (image …show more content…
We ran into problems when simply putting zero into one of the parameters and trying to get the catch statement to activate that way. When we looked at the code again, we were able to see that the initial if statement in ‘main’ was actually set to return a value of ‘1’ if someone tried to put in a value of ‘0’. We then tried inputting negative integers, but that did not work either. Eventually, we were able to find a way to set off the SIGFPE in spite of this issue. We looked up the arithmetic exception for SIGFPE and we found that there were two ways to set it off. The first way would be to divide by zero. The second would be to cause overflow, and this happened when we entered any negative integer, or even the smallest possible integer (-2147483648). By running the level02.c program with these parameters, we were able to gain access to level 3, which had “OlhCmdZKbuzqngfz” as its password (image
For level 1, we encountered some difficulty getting started because there weren’t any instructions to guide us (image 1). For example, we attempted to use the command, ./level01 as described within the instructions, but it then asked us to input a password. Initially, we had trouble getting started because the initial command just asked us for a three-digit password.
We attempted to think of different commands to use in order to manipulate the directory to give out a password. At first we just tried to change directories and list whatever it would give us but that seemed too basic nor did it work. So, we were stuck for a while trying to figure out how to read whatever information we could get to obtain …show more content…
So, we used the hexadecimal converter and ended up with an integer of 271. It was a three digit number so upon entering it as the password, we had gained access to level 2 which was 3ywr07ZFw5IsdKzU.
(image 1)
The first thing we noticed for level 2 was that when we attempted to run level02 using the command, ./level02, we would get a message that says, “source code is available in level02.c” (image 2). We then decided to run the level02.c file to see how far we could get, but we ended up getting an error message saying that our permission was denied (image 3).
(image 2)
(image 3)
Fortunately, we were able to view the source code by using the ‘cat’ command (image 4). We then noticed that after glancing at the catch statement. It was set to print the words “WIN!”, and this immediately caught our attention. After looking at it even more we noticed that it also places us into the shell that should have new permissions (i.e. system(“/bin/sh”) (image …show more content…
We ran into problems when simply putting zero into one of the parameters and trying to get the catch statement to activate that way. When we looked at the code again, we were able to see that the initial if statement in ‘main’ was actually set to return a value of ‘1’ if someone tried to put in a value of ‘0’. We then tried inputting negative integers, but that did not work either. Eventually, we were able to find a way to set off the SIGFPE in spite of this issue. We looked up the arithmetic exception for SIGFPE and we found that there were two ways to set it off. The first way would be to divide by zero. The second would be to cause overflow, and this happened when we entered any negative integer, or even the smallest possible integer (-2147483648). By running the level02.c program with these parameters, we were able to gain access to level 3, which had “OlhCmdZKbuzqngfz” as its password (image