CSCI 432
Operating Systems
Home | Calendar | Assignments | CS@Williams
Project 3 - Smash the Stack
This project will help you understand call stack vulnerabilities
and debuggers like the GNU Debugger (GDB). You can work in groups of 2 if you'd like.
In this project, you will compromise several vulnerable
processes running inside a VM. You will be able to access a full copy of
the C source code for each process, which you can use to analyze the
behavior of the programs. By exploiting the vulnerabilities present in the processes,
you will gain root access to the VM.
You must complete Targets 1-4, and Target 5, 6, or 7 (choose one of these three). If you solve more than 5 total targets, you will receive a very, very small amount of extra credit.
Please submit to GLOW a "formal" solution to the project,
including all files (including sploit source files) used in your exploit (as a tarball), an
explanation of your method of attack for each target, and a review of the
project as a whole. Your explanations and review of the project will
constitute your writeup (which should be submitted in PDF form).
Honor Code: As with all other assignments this semester, you are free to us the web/ChatGPT as a resource.
However, DO NOT specifically search for solutions to the exploits. Variations of this assignment
exist at many universities, and it is hard to find reliable sources. Keep your searches general.
Important Downloads
Project Writeup
For your writeup, please start by giving a general overview of buffer overflow exploits. If you decide to tackle targets 6 and 7, also describe format string attacks and memory corruption. Then explain how you exploited the vulnerability in each target to gain control of the system. As always, you should end with a conclusion and a brief reflection of the project. The writeup in this assignment is especially important, since you have to convince me that you did not just randomly guess numbers until something worked!
Resources