Software Security Week 1 VM BOF Quiz Answer
Software Security Week 1
VM BOF Quiz Answer
In this article i am gone to share Coursera Course Software Security Week 1 VM BOF Quiz Answer with you..
VM BOF Quiz
There is a stack-based overflow in the program.
What is the name of the stack-allocated variable that contains the overflowed buffer?
- Answer: wis
Consider the buffer you just identified:
Running what line of code will overflow the buffer?
- Answer: 62
There is another vulnerability, not dependent at all on the first, involving a non-stack allocated buffer that can be indexed outside its bounds. What variable contains this buffer?
- Answer: ptrs
Consider the buffer you just identified: Running what line of code overflows the buffer?
- Answer: 101
What is the address of buf?
- Answer: 0xbfff f130
What is the address of ptrs?
- Answer: 0x0804 a0d4
What is the address of write_secret?
- Answer: 0x0804 8534
what is the address of p local to main?
- Answer: 0xbfff f534
What input do you provide so that ptrs[s] reads/executes the contents of variable p instead of function in ptrs buffer? If ok, you will execute pat_on_back function. Enter your answer as an unsigned integer.
print /x (0xbffff534 – 0x804a0d4)/4
0x2dfed518 or 771675416
What do you enter so that ptrs[s] reads (and then tries to execute) starting from the 65th byte in buf, ie. the location at buf?
Enter your answer as an unsiged integer.
(gdb) print /x &buf
$6 = 0xbffff170
(gdb) print /d (int*)&buf-(int *)&ptrs
$14 = 771675175
What do you replace xEExEExEExEE with to call write_secret?
(gdb) print &write_secret
$7 = (void (*)(void)) 0x8048534 <write_secret>
Suppose you wanted to overflow the wis variable to perform a stack smashing attack. You could do this by entering 2 to call put_wisdom, and then enter enough bytes to overwrite the return address of that function, replacing it with the address of write_secret. How many bytes do you need to enter prior to the address of write_secret?