nano hello.c
The nano editor opens. Type in the program shown below.
#include <stdio.h>
void main()
{
buf();
}
int buf(){
char name[10];
printf("What is your name? ");
scanf("%s", name);
printf("Hi, %s\n\n", name);
}
Save your file with Ctrl+X, Y, Enter.
gcc hello.c -o hello
./hello
These commands compile the hello.c program, creating an
executable machine language file named hello,
and run the hello executable.
It should ask you for your name. When you type in your name (no longer than 10 characters), you should be greeted by name, as shown below.
./hello
When you see the "What is your name?" prompt, type in this name,
which consists of forty "A" characters,
followed by the Enter key: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
You see a "Segmentation fault" error, as shown
below.
In a Terminal window, execute this command, which loads the "hello" program into the "gdb" debugger:
gdb -q hello
At the (gdb) prompt, enter this command:
run
When you see the "What is your name?" prompt, type in this name,
which consists of forty "A" characters,
followed by the Enter key: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
You see a "Segmentation fault" error, as shown
below, followed by the hexadecimal value 0x41414141,
which is the ASCII encoding of "AAAA".
info registers
The values stored in the registers, appear,
as shown in the image above. The eip
contains 0x41414141 which indicates
that a portion of the name you entered was
inserted into it, which can be exploited to gain
control of the machine.
Troubleshooting
If you see longer register values with names like rax and rip, you are using a 64-bit machine. Download a 32-bit Kali machine and start over.
Use the form below to record your score in Canvas.
If you don't have a Canvas account, see the instructions here.
#include <stdio.h>
void main()
{
buf();
}
int buf(){
char name[3];
printf("What is your name? ");
scanf("%s", name);
printf("Yo, %s\n\n", name);
}
Save the file and compile it, as you did
for the hello.c program.
Run the program for a short name. The program runs properly, as shown below.
Try longer names until the program crashes, as shown below. This process is called "fuzzing" and it's an essential part of vulnerability discovery.
Use the form below to record your score in Canvas.
If you don't have a Canvas account, see the instructions here.
Use the form below to record your score in Canvas.
If you don't have a Canvas account, see the instructions here.