Project 8: C Programming on Linux (15 points)

What You Need for This Project

Writing the hello.c Source Code

In a Terminal window, execute this command:
nano hello.c
The nano editor opens. Type in the program shown below.
#include <stdio.h>

main()
{
   printf("Hello World!\n");
}
Save your file with Ctrl+X, Y, Enter.

Compiling hello.c to Create the hello File

In a Terminal window, execute these commands:
gcc hello.c -o hello

./hello

These commands compile the hello.c program, creating an executable machine language file named hello, and run the hello executable.

You should see "Hello World!", as shown below.

This program works, but it would be nicer if it greeted you by name, and if it put a couple of newline characters after the greeting to make it cleaner-looking. The next version, hello2, will add these features.

Writing the hello2.c Source Code

In a Terminal window, execute this command:
nano hello2.c
The nano editor opens. Type in the program shown below.
#include <stdio.h>

main()
{
   char name[10];
   printf("What is your name?");
   scanf("%s", name);
   printf("Hi, %s\n\n", name);
}

Save your file with Ctrl+X, Y, Enter.

Compiling and running hello2

In a Terminal window, execute these commands:
gcc hello2.c -o hello2

./hello2

These commands compile and run hello2.

It should ask you for your name. When you type in your name (no longer than 10 characters), you should be greeted by name, as shown below:

Crashing the hello2 Program With a Long Name--Buffer Overflow

The hello2 program is poorly written, and exposes your machine to being exploited by hackers. That's because it takes the name from typed input and puts it in the name string, but the name string has a size limit--it only has enough room for 10 characters. Names longer than 10 characters will cause user-input data to overwrite parts of memory that were not intended to store data, making the program crash. This is a Buffer Overflow. In a Terminal window, execute this command:
./hello2
When you see the "What is your name?" prompt, type in this name, followed by the Enter key:
1234567890123456789012345678901234567890
You see a "Segmentation fault" error, as shown below.

Although this just crashes the machine, which could result in a denial of service, with carefully crafted false data it is often possible to use such errors to open a shell on the host, giving you complete control over it. That's how many of the Metasploit exploits work.

Saving a Screen Image

Make sure the "Segmentation fault" error message is visible, as shown above.

Click the taskbar at the bottom of your host Windows 7 desktop, to make the host machine listen to the keyboard, instead of the virtual machine.

Press the PrintScrn key in the upper-right portion of the keyboard. That will copy the whole desktop to the clipboard.

YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT!

On the host machine, not the virtual machine, click Start.

Type mspaint into the Search box and press the Enter key.

Click in the untitled - Paint window, and press Ctrl+V on the keyboard. The desktop appears in the Paint window.

Save the document with the filename "YOUR NAME Proj 8a", replacing "YOUR NAME" with your real name.

Writing the hello3.c Source Code

We need to patch this code. So we'll make another version.

In a Terminal window, execute this command:

nano hello3.c
Enter this code:
#include <stdio.h>

void main()
{
   char name[10];
   printf("What is your name?");
   scanf("%9s", name);
   printf("Hi, %s\n\n", name);
}
Save your file with Ctrl+X, Y, Enter.

Compiling and running hello3

In a Terminal window, execute these commands:
gcc hello3.c -o hello3

./hello3

When you see the "What is your name?" prompt, type in this name, followed by the Enter key:
1234567890123456789012345678901234567890
The program now runs without an error, as shown below:

The program now just ignores any characters after the first nine. There is no error message, and no stack overflow. The program is patched. This is what many Microsoft security patches do--correct code to remove buffer overflow vulnerabilities.

By the way, this is a sloppy patch, because it leaves some keyboard characters in an input buffer which could lead to unexpected results later in the program. For a more thorough way of patching scanf, see link Ch 7i.

Saving a Screen Image

Make sure the Terminal window is visible, showing the long name accepted without an error.

Capture a whole-desktop image as before, and save it with the filename "YOUR NAME Proj 8b", replacing "YOUR NAME" with your real name.

Using Traceroute

In a Terminal window, execute this command:
traceroute google.com
The line starting with "1" shows your gateway address, as shown below. On my network, the gateway was 172.16.1.2. Yours will probably be different.

Using ping

In a Terminal window, execute this command, replacing the IP address with your gateway address:
ping 172.16.1.2
You should see a series of lines starting "64 bytes from", as shown below:

ress Ctrl+C to stop the pings. In a Terminal window, execute this command, replacing the IP address with your gateway address:

ping 172.16.1.2 -w1
Note that the last two characters are the letter w and the numeral 1.

This makes ping end faster--it stops after one second.

Writing the pingscan.c Source Code

We will make a simple ping scanner, like one of the Nmap functions. It will ping each of 100 IP addresses for one second to see if there is any response. This works, although it is a lot slower and clumsier than Nmap.

In a Terminal window, execute this command:

nano pingscan.c
The nano editor opens. Type in the program shown below, adjusting the IP address to match your network:"
#include <stdio.h>

main()
{
   int i;
   for (i=0; i<100; i++)
      printf("ping 192.168.1.%d -w1\n", i);
}

Note that the last two characters in the printf format string are the letter w and the numeral 1. (If you are on a different subnet, replace 192.168.1 with the first 3 numbers in your LAN's IP address.)

Save your file with Ctrl+X, Y, Enter.

Compiling and running pingscan

In a Terminal window, execute these commands:
gcc pingscan.c -o pingscan

./pingscan

The program prints 100 ping command lines on the terminal, as shown below. However, it doesn't execute the PINGs, it just prints out the commands.

Making a Script File with Output Redirection

To make the commands execute, we need to put them into a file and make the file executable.

In a Terminal window, execute this command:

./pingscan > ping100
You see another # prompt with no message, which is what Linux does when there is no problem. The > sign is the output redirection operator, and it took the lines of text that were going to the screen and put them into a file named ping100 instead.

In a Terminal window, execute this command:

nano ping100
The ping100 file opens in the nano editor, as shown below. It has 100 ping commands.

Press Ctrl+X to close nano.

Making ping100 Executable

In a Terminal window, execute this command:
chmod a+x ping100
This command changes the mode of the ping100 file to make it executable by all users.

In a Terminal window, execute this command:

./ping100
The ping scan should run, with results like those shown below. It will take about 100 seconds to finish.

Saving a Screen Image

Make sure the Terminal window is visible, showing some of the pings.

Capture a whole-desktop image as before, and save it with the filename "YOUR NAME Proj 8c", replacing "YOUR NAME" with your real name.

Turning in Your Project

Email the images to me as attachments to an e-mail message. Send it to: cnit.123@gmail.com with a subject line of "Proj 8 From YOUR NAME", replacing "YOUR NAME" with your real name.

Send a Cc to yourself.

Last Modified: 10-18-17