Proj 13x: 64-Bit Remote Buffer Overflow with ASLR (25 pts.)

What You Need

A 64-bit Linux machine, real or virtual.

Challenge: Remote Server with ASLR (25 pts.)

To connect to the server, in a Terminal window, execute this command:

nc attack.samsclass.info 13010
If you'd like a local copy of the server program to analyze, use these commands:

curl https://samsclass.info/127/proj/p13x.c > p13x.c

curl https://samsclass.info/127/proj/p13x > p13x
Exploit this process and get a shell on the server. Then put your name in this file:

/home/p13x/winners
Create this file:

/home/p13x/updatenow
After one minute, your name will appear on the WINNERS page here:

http://attack.samsclass.info/p13x-winners.htm

Troubleshooting

If your exploit fails, it might be that the port is in use. You can check the local network connections at this page:

http://attack.samsclass.info/netstat.htm

That page is updated every 5 seconds.

Hints

  • There are ten identical listening processes, on ports 13010 through 13019. Each process is automatically killed and restarted each minute.
  • ASLR is enabled--you must write a script that reads the pointer, calculates the correct attack code, and sends it immediately.
  • There is no firewall, so a simple port binding attack will work.

Saving a Screen Image

Make sure YOUR NAME (or an alias) is visible on the WINNERS page.

Capture a full-screen image.

YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT!

Save the image with the filename "YOUR NAME Proj 13x", replacing "YOUR NAME" with your real name.


Turning in your Project

Email the images to cnit.127sam@gmail.com with the subject line: Proj 13x from YOUR NAME
Posted 10-17-15 by Sam Bowne
Revised 11-4-15