This lab introduces you to buffer overflows. Please follow the instructions given below, adapted from an exercise produced by Bryant and O'Hallaron, the authors of our textbook.
Abuf = '' Bbuf = '123'
Abuf = '' Bbuf = '1234'
Abuf = 'qrst' Bbuf = 'abcdefghijklmnopqrst'
As you single-step through the instructions in gdb, you may find it useful to set up this display:
display/5i $pcThen every time gdb stops at a breakpoint or after a stepi or nexti command, it will show the next 5 assembler instructions.
As echo() is about to return to main(), you might want to look the return address, which is pointed to by $rsp, in several ways:
In the bufdemo directory is a file called oflow_echo.c. You can compile it by make GOAL=oflow_echo.
Try to find an input string that causes the oflow_echo program to call the not_called() procedure. You can verify that oflow_echo.c never calls not_called(), so you need to use a buffer-overflow attack to fool the code into jumping to not_called().
You need to create a binary exploit string to send as input to the program. To create an exploit string, you can use the hex2raw program, which is in the bufdemo directory you have already built. hex2raw takes as input a hex-formatted string: Each byte represented by two hex digits. For example, the ASCII string 012345 is represented in hex format as 30 31 32 33 34 35, because the ASCII code for decimal digit n is 0x3n.
Separate the hex characters you pass to hex2raw by whitespace (blanks or newlines). I recommend separating different parts of your exploit string with newlines while you're working on this puzzle. hex2raw also supports C-style block comments, so you can mark off sections of your exploit string. For example:
bf 66 7b 32 78 /* mov $0x78327b66,%edi */Be sure to leave space around both the starting and ending comment strings (/*, */) so they are properly ignored.
If you generate a hex-formatted exploit string in the file exploit.txt, you can apply the binary string to oflow_echo in several different ways:
unix> cat exploit.txt | ./hex2raw | ./oflow_echo
unix> ./hex2raw < exploit.txt | ./oflow_echo
unix> ./hex2raw < exploit.txt > exploit.dat
unix> ./oflow_echo < exploit.dat
When you complete the exercises, submit your typescript file to the cs portal (https://www.cs.uky.edu/csportal).