admin管理员组文章数量:1532774
2023年12月29日发(作者:)
EEL4930/5934Cross-LayerComputerSecurity,Spring2015Assignment1:DefusingaBinaryBombDue:Feb1711:splantedaslewof“binarybombs”ypethecorrectstring,ise,thebombexplodesbyprinting"BOOM!!!"retoomanybombsforustodealwith,ssion,whichyouhavenochoicebuttoaccept,ck,andwelcometothebombsquad!Step1:GetYourBombYoucanobtainyourbombbypointingyourWebbrowserat::15213Thiswilldisplayabinarybombrequestformforyoutofiverwillbuildyourbombandreturnittoyourbrowserinatarfi,filetoa(protected)vethecommandinterminal:llcreateadirectorycalled./bombkwiththefollowingfiles:•README:Identifiesthebombanditsowners.•bomb:Theexecutablebinarybomb.•bomb.c:Sourcefilewiththebomb’.1
Ifforsomereasonyourequestmultiplebombs,erthatyoucouldrunyourbombonyourownlinuxmachine,2:twmeyourbombexplodesitnotifiesthebomblabserver,andyoulose0.05point(uptoamaxof3points)inthefitbecareful!Thepointfromphase1to6is1point,1point,1.5points,2points,ghphasesgetprogressivelyhardertodefuse,theexpertiseyougainasyoumovefromphasetophaseshouldoffsetthisdiffir,thelastphasewillchallengeeventhebeststudents,sopleasedon’unyourbombwithacommandlineargument,forexample,linux>./ilitreachesEOF(endoffile),entofweakness,dedthisfeaturesoyoudon’daccidentallydetonatingthebomb,youwillneedtolehenicesifibwillkeeptrackofhowyouaredoingbylookingattheclassscoreboardat::15213/scoreboard2
(Pleasereadthis!)examineitingreatdetailwithouteverrunningtheprogram,andfiausefultechnique,alsorunitunderadebugger,watchwhatitdoesstepbystep,keonerequest,pleasedonotusebruteforce!Youcouldwriteaprogramthatwilltryeverypossiblekeytofisisnogoodforseveralreasons:•Youlose0.05point(uptoamaxof3points)everytimeyouguessincorrectlyandthebombexplodes.•Everytimeyouguesswrong,ldveryquicklysaturatethenetworkwiththesemessages,andcausethesystemadministratorstorevokeyourcomputeraccess.•Wehaven’ttoldyouhowlongthestringsare,youmadethe(incorrect)assumptionsthattheyallarelessthan80characterslongandonlycontainletters,lltakeaverylongtimetorun,remanytoolswhicharedesignedtohelpyoufigureoutbothhowprogramswork,andwhatiswrongwhentheydon’alistofsomeofthetoolsyoumayfindusefulinanalyzingyourbomb,andhintsonhowtousethem.•gdbTheGNUdebugger,tracethroughaprogramlinebyline,examinememoryandregisters,lookatboththesourcecodeandassemblycode(wearenotgivingyouthesourcecodeformostofyourbomb),setbreakpoints,setmemorywatchpoints,:APPwebsite/public/saveresomeothertipsforusinggdb.–Tokeepthebombfromblowingupeverytimeyoutypeinawronginput,you’llwanttolearnhowtosetbreakpoints.–Foronlinedocumentation,type“help”atthegdbcommandprompt,ortype“mangdb”,or“infogdb”oplealsoliketorungdbundergdb-modeinemacs.3
•objdump-tThiswillprintoutthebomb’boltableincludesthenamesofallfunctionsandglobalvariablesinthebomb,thenamesofallthefunctionsthebombcalls,learnsomethingbylookingatthefunctionnames!•ghobjdump-dgivesyoualotofinformation,itdoesn’mple,acalltosscanfmightappearas:8048c36:e899fcffffcall80488d4<_init+0x1a0>Todeterminethatthecallwastosscanf,youwouldneedtodisassemblewithingdb.•gforaparticulartool?Howaboutdocumentation?Don’tforget,thecommandsapropos,man,icular,,seofyouwhohavenotusedlinuxbefore,youshoulddownloadVmwarePlayer/Fusion/WorkstationorVirtualBoxfirstandtheninstalllinuxenvironment(ubunturecommended)toAbrarPolani,thereisadetailerttodefuseyourbombs!Goodluck!4
版权声明:本文标题:bomblab 斯坦福大学有名的计算机安全bomb实验 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://m.elefans.com/dianzi/1703803056a72557.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论