Proj 4x: Linux Buffer Overflow With Shellcode Challenges (30 pts.)

What You Need

A 32-bit x86 Kali Linux 2.0 machine, real or virtual.

Challenge 1: Local Server with Symbols (10 pts.)

In a Terminal window, execute these commands:

curl https://samsclass.info/127/proj/p4x-server1.c > p4x-server1.c

curl https://samsclass.info/127/proj/p4x-server1 > p4x-server1

chmod a+x p4x-server1

./p4x-server1
In a new Terminal window, execute this command:

nc 127.0.0.1 4010
You see a prompt. Enter HELLO. It's echoed back to you, as shown below.

Exploit this server so that you get a remote shell, as shown below.

Saving a Screen Image

Make sure these items are visible: Capture a full-screen image.

YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT!

Save the image with the filename "YOUR NAME Proj 4xa", replacing "YOUR NAME" with your real name.


Challenge 2: Local Server without Symbols (10 pts.)

In a Terminal window, execute these commands:

curl https://samsclass.info/127/proj/p4x-server2 > p4x-server2

chmod a+x p4x-server2

./p4x-server2
In a new Terminal window, execute this command:

nc 127.0.0.1 4020
You see a prompt. Enter HELLO. It's echoed back to you.

Exploit this server so that you get a remote shell, as shown below.

Hint: You'll need to add 100 bytes of padding AFTER the exploit and BEFORE the injected $eip, as demonstrated in this video.

Saving a Screen Image

Make sure these items are visible: Capture a full-screen image.

YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT!

Save the image with the filename "YOUR NAME Proj 4xb", replacing "YOUR NAME" with your real name.


Challenge 3: Remote Server without Symbols (10 pts.)

To connect to the server, in a Terminal window, execute this command:

nc attack32direct.samsclass.info 4030
If you'd like a local copy of the server binary to analyze, use this command.

curl https://samsclass.info/127/proj/p4x-server3-500 > p4x-server3-500
Exploit this process and get a shell on the server. Then put your name in this file:

/home/p4x/winners
Create this file:

/home/p4x/updatenow
After one minute, your name will appear on the WINNERS page here:

http://attack32direct.samsclass.info/winners.html

Troubleshooting

If your exploit fails, it might be that the port is in use. You can check the local network connections at this page:

http://attack32direct.samsclass.info/netstat.htm

That page is updated every 5 seconds.

NOTES:

If you kill the server, it will restart after one minute

There are two other identical servers running on ports 4040 and 4050

Every 15 minutes, all three servers are restarted

Saving a Screen Image

Make sure YOUR NAME (or an alias) is visible on the WINNERS page.

Capture a full-screen image.

YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT!

Save the image with the filename "YOUR NAME Proj 4xc", replacing "YOUR NAME" with your real name.


Turning in your Project

Email the images to cnit.127sam@gmail.com with the subject line: Proj 4x from YOUR NAME
Posted 8-29-15
Last modified 9-30-15
URL changed to "direct" 1-19-17