For this assignment you are given a binary, which you can download from here. Check that you have downloaded the correct
binary by checking the MD5 hash of the file; it should be:
922ecceb4b229992df391b9c32d60a4d. Additionally, use
chmod(1) to make the binary executable (
The binary is produced using a C++ compiler for IA32 (Intel, 32-bit). You
should run and explore the binary in the Unix workstations (i.e., 103ws1). For
running the binary, use the
setarch(8) command to emulate the
environment (IA32, 1GB-3GB split, no ASLR):
setarch i686 -R -3
./lls. In case you need to run the binary using
gdb use the
set exec-wrapper command for wrapping the execution of the binary
setarch(8). Assuming the binary is loaded in
(gdb) set exec-wrapper setarch i686 -R -3
Do not try to run the binary differently; you will most likely experience crashes and you will not be able to complete the tasks.
Q1 (10 pts): Write down all C/C++ functions provided by the
binary, and their addresses.
Q2 (10 pts): How long is the stack frame used by the function
Q3 (20 pts): The program checks for a magic folder name. Can you find which name is this?
Q4 (40 pts): Try to inject your shellcode for spawning a shell, while the program executes. The stack of the process is executable. Provide your payload as an answer.
Q5 (20 pts): Try to inject your shellcode that runs
ssh(1) (with no arguments). Provide your payload as an answer.
Important Notice. The stack of the binary is randomized per different user, which means that each student has to find and submit as a solution a unique payload that exploits the binary when running in her/his environment. This also means that submitting a copied payload can be trivially checked by us. We are not only able to detect cheating, but also to detect which students are involved, since the stack is randomized based on your user id. In such cheating cases all students that are involved in copying the payload will be zeroed in all five questions. Also, do not attempt to bypass this stack randomization, you will be again disqualified. The submitted payloads will be checked as running with a randomized stack based on your user id.
What to submit? Use blackboard and submit your answers before the deadlne by filling in (using a text editor) the answer sheet.
Assignment deadline (firm): 11th of November, 2017, 23:59 (Local time).