Microsoft Word - Assignment 2.docxCS 444/544 Software Security Assignment 2 Due by 11:59PM, Saturday, November 26 NOTE: Assignments are to be done in teams. Do not look at...

1 answer below »
c programming


Microsoft Word - Assignment 2.docx CS 444/544 Software Security Assignment 2 Due by 11:59PM, Saturday, November 26 NOTE: Assignments are to be done in teams. Do not look at another team’s answer and do not allow another team to look at your answer. Doing so will result in charges of academic misconduct. This assignment is the natural follow-up to assignment 1. Overview: In this second assignment, you are to use the provided simple application that contains a vulnerability, identify the vulnerability, and then write an application that will exploit the vulnerability. Description: The assignment was heavily borrowed from Steve Zdancewic. The blame service is a simple system for assigning blame. The program accepts on standard input the name of a scapegoat and prints on standard output a message asserting that person's universal culpability. For example: $ echo "Bill Gates" | ./blame It's all Bill Gates's fault. Source code for blame.c is attached below. Simple-minded string processing aside (it would be more correct, after all, to say that "It's all Bill Gates' fault"), there is a serious problem with the blame program. Despite our best efforts, a bug allows anyone who can provide input to this program to run arbitrary code on the target machine. (What might happen if it is run as a network service under inetd?) Your job is to create input that will cause the blame service to print out the helpful message "Now I pwn your computer" before it terminates. For example: $ cat exploit_file | ./blame ... Now I pwn your computer Here, the "..." may be additional output caused as a side-effect of your attack. Deliverables: 1) your exploit application, and 2) a document discussing what the vulnerability is, how you were able to exploit it, and what your recommendation is for fixing the vulnerability. Blame source code (blame.c): /* * Blame server. Assigns blame to the person of your choice. * * Usage: blame * (reads one line from standard input) * * To compile: * gcc blame.c -o blame * * Copyright 2022 Feckless C. Coder, PhD. */ #include #include #define INPUT_BUFFER 256 /* maximum name size */ /* * read input, copy into s * gets() is insecure and prints a warning * so we use this instead */ void grabline(char *s) { int c; while ((c=getchar()) != EOF) *s++ = c; *s = '\0'; } /* * convert newlines to nulls in place */ void purgenewlines(char *s) { int l; l = strlen(s); while (l--) if (s[l] == '\n') s[l] = '\0'; } int main() { char scapegoat[INPUT_BUFFER]; grabline(scapegoat); /* this check ensures there's no buffer overflow */ if (strlen(scapegoat) < input_buffer) { purgenewlines(scapegoat); printf("it's all %s's fault.\n", scapegoat); } return 0; } input_buffer)="" {="" purgenewlines(scapegoat);="" printf("it's="" all="" %s's="" fault.\n",="" scapegoat);="" }="" return="" 0;="">
Answered 2 days AfterNov 23, 2022

Answer To: Microsoft Word - Assignment 2.docxCS 444/544 Software Security Assignment 2 Due by...

Nidhi answered on Nov 25 2022
51 Votes
1) your exploit application
Code attached.
2) a document discussing what the vulnerability is, how
you were able to exploit it, and what your recommendation is for fixing the vulnerability.
Vulnerability defines as the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally. Also known as " Weakness in an information system, system security procedures, internal controls, or perpetration that could be exploited or touched off by a trouble source” as per NIST.
Take a example for large bank system. It is considered as secure because it has all type of security and amenities to make it secure. Amenities describe below:
1. Main entry sensor enabled gate.
2. Human body scanner.
3. Luggage scanner.
4. Highly armed securities.
5. Extra guards to check peoples.
6. 24x7...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here