Overview

The learning objective of this lab is for students to gain the first-hand experience on buffer-overflow vulnerability by putting what they have learned about the vulnerability from class into actions. Buffer overflow is defined as the condition in which a program attempts to write data beyond the boundaries of pre-allocated fixed length buffers. This vulnerability can be utilized by a malicious user to alter the flow control of the program, even execute arbitrary pieces of code. This vulnerability arises due to the mixing of the storage for data (e.g. buffers) and the storage for controls (e.g. return addresses): an overflow in the data part can affect the control flow of the program, because an overflow can change the return address.

Activities: Students are given a program that has the buffer-overflow problem, and they need to exploit the vulnerability to gain the root privilege. Moreover, students will experiment with several protection schemes that have been implemented in Linux, and evaluate their effectiveness.

Lab Tasks

  • VM version: This lab has been tested on our pre-built SEEDUbuntu16.04 VM.

Recommended Time

  • Supervised situation (e.g. a closely-guided lab session):
  • Unsupervised situation (e.g. take-home project):

Last Update (New)

  • The lab was last updated on January 11, 2020
  • Instructors now need to specify the size of the buffer. This will make it difficult for students to reuse the solutions from the past.

Videos

Files that are Needed

Suggested Reading

  • SEED Book (2nd Edition) by Wenliang Du (Book website)
  • Aleph One. Smashing The Stack For Fun And Profit.
  • If you have trouble with the non-executable stack on your VM, please read this document: Notes on Non-Executable Stack

SEED Labs

SEED Books