The term ‘Memory Exploits’ is a ficticious term that encompases a wide variety of exploitation techniques against vulnerabilities that, if exploited correcly, can results in taking control of program execution. They are mainly against program written in languages without explicit security. Going through these challenges is not enough. You will learn more by coming to the club meetings too.
This Repo Contains
+ part 1 uploaded: Stack-based buffer overflow
+ part 2 uploaded: Heap-based buffer overflow and Integer overflow
git clone https://github.com/RutgersCyberKnights/MemoryExploits && cd MemoryExploits
cd StackBufferOverflow/part1 (run one by one)
make sure you HAVE MADE A BACKUP OF YOUR /etc/passwd BEFORE TRYING.
make sure you have done:
sudo mkdir /tmp/etc
sudo ln -s /bin/bash /tmp/etc/passwd
AND THEN REMOVED IT WHEN YOU ARE DONE!!
sudo rm -r /tmp/etc
this program is used as follows:
python htteclient.py --ip 'youip(probably 127.0.0.1 if run locally)'
server ran as follows:
-->when in files directory run--> make
---> sudo ./htte
and its running
sudo kill any responsive programs:
sudo ps -aux | grep -i 'program name'
sudo kill -9 [pid]
CHALLENGE 1: add yourself as a superuser under your chosen username to the server.
please use your name so we don't get duplicates
use TESTUSER to verify that you succeeded
CHALLENGE2: same as last week. provide a password to get access granted....but there is catch...