Scribd
Upload
2 views2 pages

Lab_3

The document outlines a lab setup for exploring stack overflow vulnerabilities using a Linux environment with specific tools like GCC and GDB. It includes instructions for analyzing ELF file formats, examining vulnerable C code, debugging with GDB, and exploiting vulnerabilities to trigger a shell. Additionally, it discusses advanced exploitation techniques, including enabling ASLR for further challenges.

Uploaded by

m.mouhcine1234
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2 views2 pages

Lab_3

The document outlines a lab setup for exploring stack overflow vulnerabilities using a Linux environment with specific tools like GCC and GDB. It includes instructions for analyzing ELF file formats, examining vulnerable C code, debugging with GDB, and exploiting vulnerabilities to trigger a shell. Additionally, it discusses advanced exploitation techniques, including enabling ASLR for further challenges.

Uploaded by

m.mouhcine1234
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Stack over flow vulnerability

A complete report is required by the end of the session

Lab setup
1. Environment: Use a Linux-based operating system.
2. Tools:
• GCC compiler.
• GDB (GNU Debugger).
• objdump for disassembling binaries.
• python for generating exploit payloads.

Introduction
1. Write a short description of the ELF (Executable and Linkable Format) file format (structure,
sections, etc.)
2. Write a Python script to process ELF files (extract useful data).
3. Write a short description of processor registers (EIP, EBP, ESP, etc.) and their usage.

Vulnerable programme
1. Copy and examine the following code. what do you think?
#include <stdio.h>
#include <string.h>

void vuln_func(char *input) {


char buffer[64];
strcpy(buffer, input);
printf("Your input is: %s\n", buffer);
}

int main(int argc, char *argv[]) {


if (argc < 2) {
printf("Usage: %s <input>\n", argv[0]);
return 2;
}
vuln_fun(argv[1]);
return 0;
}

2. For simplicity disable ASLR (Address Space Layout Randomisation)


3. Compile the programme above (compile it as X86, disable stack protection, and enable stack
execution)
4. Run the programme and examine it with different inputs, do you receive any crashes or
Segmentation fault exception?
5. Use objdump to disassemble the programme and examine code execution flow (use -M intel
to see output in intel format). Examine strcpy call and stack layout?

Debugging
1. Write a short tutorial on the gdb debugger
2. Start debugging the programme using gdb
3. Set a breakpoint on vuln_fun
4. Inside gdb, try to trigger segment fault exception and examine register values (eip for example)
5. Examine stack (esp register)

Exploitation
1. Use any skills you have to trigger a shell

Advanced Exploitation
1. Enable ASLR
2. Use any skills you have to trigger a shell

You might also like