Online Learning
CLICK HERE TO ORDER YOUR ASSIGNMENT

HW4requirments

General Instructions Download the HW4 files from Google Drive into your CSE 523 Ubuntu VM. You can decompress its contents with this command: tar -xvf hw4_files.tar.gz The package contains five binaries: p1, p2, p3, p4, and p5. At least one binary exhibits a stack buffer overflow vulnerability and at least one binary does not. Your goal is to find which of the five programs in the package exhibit a stack buffer overflow vulnerability. You will need to provide an explanation for the answer you give for each program, and include any information or material that would be required for me to reproduce your work and reach the same conclusion. If you determined that a program exhibits a vulnerability, you will need to exploit that vulnerability by opening a shell using the four techniques we learned in class.For each exploit, provide all of the materials needed for me to reproduce your work. Explain every part of your payload, including how you found the addresses, how you determined the payload size, and proof that you were able to exploit the program using the provided payload. You are welcome to use the shellcode and payload patterns from class, along with any other course materials you find helpful. However, you should use first person and your own words when explaining what you did!Things to remember: You must echo your name in every screenshot you include. It’s okay if the ‘echo’ command fails (like it would in gdb), but we will still be able to see your name in the command. You must echo your name to get credit for the screenshot. When possible, show the date and time when taking screenshots. (this would be hard to do in gdb, so only do it when taking a screenshot of the terminal). You will get partial credit for guessing the payload. Full credit for the exploit will be given only if you were able to explain how to correctly construct it. In other words, show us that you understand what you’re doing! You will get no credit if you exploited your program by a coincidence. Your report should be well-written and consistent. Make sure that the payload shown in your screenshot matches the one you explain!! You will lose points if your answers are inconsistent or unclear.Grading:You can earn up to 3 points for every program you identify correctly.You can earn up to 10 points for each successful exploit. There are N possible exploits, but you to find N-2 exploits to get full credit for the assignment. The last two exploits will earn you extra credit (5 points each). We can’t give you N or the total number of possible points as this will reveal the number of vulnerable programs and possible exploits.Please note that N refers to the number of possible exploits and not to the number of vulnerable programs. We learned four different exploit techniques this semester, so the maximum number of exploits per program is 4.Submission:Copy hw4_notes to your student’s folder, and follow its outline when completing the assignment. In addition to keeping the file in your folder, we ask you to also submit the completed report to Gradescope as a PDF. Use ‘File-

HW4requirments