If you'd like a local copy of the server program to analyze, use these commands:nc attack32direct.samsclass.info 8010
Exploit this process and get a shell on the server. Then put your name in this file:curl https://samsclass.info/127/proj/p8x.c > p8x.c curl https://samsclass.info/127/proj/p8x > p8x
Create this file:/home/p8x/winners
After one minute, your name will appear on the WINNERS page here:/home/p8x/updatenow
http://attack32.samsclass.info/winners8.html
NOTES:
Troubleshooting
If your exploit fails, it might be that the port is in use. You can check the local network connections at this page:http://attack32.samsclass.info/netstat.htm
That page is updated every 5 seconds.
Hints
- Don't use a local 32-bit Kali system as a target--use Ubuntu 14.04 32-bit. The heap layout is slightly different.
- Although the stack on my server is at a different address than on a local Linux system, the heap is at the same address.
- To find the location of the heap, run the program in gdb, send an exploit that crashes it, and then execute this command:
info proc map
If you kill the server, it will restart after one minute
There are two other identical servers running on ports 8011 and 8012
Every 15 minutes, all three servers are restarted
There's another whole server to attack, running the same softare, at attack3214direct.samsclass.info
Capture a full-screen image.
YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT!
Save the image with the filename "YOUR NAME Proj 8x", replacing "YOUR NAME" with your real name.