SEED Labs - Format String Vulnerability Lab 2.1 Task 1: The Vulnerable Program You are given a vulnerable program that has a format string vulnerability. This program is a server program. When it...

SEED Labs - Format String Vulnerability Lab 2.1 Task 1: The Vulnerable Program You are given a vulnerable program that has a format string vulnerability. This program is a server program. When it runs, it listens to UDP port 9090. Whenever a UDP packet comes to this port, the program gets the data and invokes my print () to print out the data. The server is a root daemon, i.e., it runs with the root privilege. Inside the misprint () function, there is a format string vulnerability. We will exploit this vulnerability to gain the root privilege Listing 1: "The vulnerable server program" #include #include #include #include #include #include #define PORT 9090 char secret - "A secret message\n"; unsigned int target - Ox11223344; void misprint (char msg) print ("The address of the 'mag' argument: Ox. 8x\n", (unsigned) (59): // this line has a format-string vulnerability print (msg); print ("The value of the 'target' variable (after): 0x*. 8x\n", target); 1 // this function provides some helpful information. It is meant to // simplify the lab task. In practice, attackers need to figure 1/ out the information by themselves. Void helper) 1 print ("The address of the secret: 0x8.8x\n", (unsigned) secret); print ("The address of the 'target' variable: Ox $. 8x\n", (unsigned) &target); print ("The value of the 'target' variable (before): 0x8. Box\n", target); 1 void main() strict sockaddr_in server; struct sockaddr in client; int client teni char buff(1500); helper(); int sock - socket (AF_INET, SOCK_DGRAM, IPPROTO_UDP); memes((char + ) server, 0, size of (server)); server.sin_family - AF_INET; SEED Labs - Format String Vulnerability Lab server.sin_addr.s_addr - hton1 (INADDR_ANY); server.sin_port - htons (PORI); if (bind(sock, (struct sockaddr =) server, size of (server)) <>