- Aug 20, 2000
- 20,577
- 432
- 126
To finish off my school career, among other classes I will be one entitled Computer Forensics and Security. My first assignment:
This assignment is about using remote exploits on a prescribed set of victim machines.
The goal of this assignment is to compromise several systems on a private network. In addition to fairly standard daemons running on your private victim systems, there is an instance of a server with a buffer overflow problem. You must generate an exploit for that program for each of Linux and Windows.
Pretty cool huh? Basically I require help in two areas:
1) I need to execute a successful buffer overflow in this program. Those 'in the know' recognize that C functions like gets() are inherently insecure because of the lack of bounds checking. However, this is the line I'm dealing with (edited to highlight the code to attack):
Does anyone know what the approach should be to overload the read() command successfully? It's possible that I'm misled about what code to target and attack, but I'm pretty sure the above is correct.
2) The other servers will be running IIS 5.0, older versions of Apache, etc. Is there a certain site where I can collect prewritten exploits to compromise the systems they're running upon? We are not required to write our own code to accomplish these goals - the point is to dig and break in as efficiently as possible.
This assignment is about using remote exploits on a prescribed set of victim machines.
The goal of this assignment is to compromise several systems on a private network. In addition to fairly standard daemons running on your private victim systems, there is an instance of a server with a buffer overflow problem. You must generate an exploit for that program for each of Linux and Windows.
Pretty cool huh? Basically I require help in two areas:
1) I need to execute a successful buffer overflow in this program. Those 'in the know' recognize that C functions like gets() are inherently insecure because of the lack of bounds checking. However, this is the line I'm dealing with (edited to highlight the code to attack):
char *bp;
int s;
read(s, bp, 99);
Does anyone know what the approach should be to overload the read() command successfully? It's possible that I'm misled about what code to target and attack, but I'm pretty sure the above is correct.
2) The other servers will be running IIS 5.0, older versions of Apache, etc. Is there a certain site where I can collect prewritten exploits to compromise the systems they're running upon? We are not required to write our own code to accomplish these goals - the point is to dig and break in as efficiently as possible.