Worksheet 07: Software Security II

Worksheets are self-guided activities that reinforce lectures. They are not graded for accuracy, only for completion. Worksheets are due by the start of the next lecture via Blackboard link as a single PDF document. Be sure to properly label each question.

1. In which segment of program memory stores the instructions of the program?

2. Explain why we refer to the stack as “growing down” and the heap as “growing up?”

3. In a stack frame, what is the purpose of the stack pointer and the frame pointer?

4. What is the instruction pointer (IP)?

5. When a function returns, how is the stack frame de-allocated and control returned to the call function?

6. Using the process you described above, explain how a buffer overflow attack could enable arbitrary code execution?

7. Download the following exercise exploit-me-3 as a zip file and unzip it. You should open that directory in a VSCode environment. If you already have Docker Desktop installed, it should also prompt you to open it in a container. Please do so. If you need some review, refer to problem #12 in Worksheet 2.

   In here you’ll find the source code (minus the flag) for a program that can be exploited using an stack-based buffer overflow. Do so and retrieve the flag. Also describe a way to fix this program.

   Note that the README.md file has additional instructions and hints on how to accomplish this task.

8. What is shell code?

9. What is a NOP sled and how is it used?

10. How does the mechanism of a heap-based vs. a stack-based overflow differ?

11. Explain a “heap spray” or “spray and pray” based attack?

12. What is a return-to-libc attack and how does it differ than using shell code?

13. What are “stack canaries” and how do they prevent stack-based buffer overflows?

14. Take a look at this OWASP report on format string attacks. How can this vulnerability be used to reveal values on the stack that the attacker?