Dr. Chow,
Attached it screen output for Exercise 3.1 exploit6 and I am also attching the temp6 which created by this program. Do think, just this info you wants ?
Please let me know.
Thanks,
Rajshri
Hint: Please read the smashing.doc for detailed steps in using gdb to understand the smashing stack problems in hw2
http://cs.uccs.edu/~cs591/bufferOverflow/smashing.doc
Note that internal rh72 and fc4 virtual machines were created for you inside viva.uccs.edu. In case rh72.csnet.uccs.edu and fc4.csnet.uccs.edu crashes. You can first login to viva.uccs.edu and then use "ssh -l <login> rh72int" or "ssh -l <login> fc4int" to login. Here <login> is your CS Unix machine login. The password is your SID (no dash). rh72int maps to 192.168.174.72 and fc4int to 192.168.174.44 by /etc/hosts file.
Just restart it. It should work now.
Somehow the password checking was not functioning right. I also see a lot of scans and brute force account guessing attacks in /var/log/secure.
Since this is an old OS, we never know when it will be hacked. In case it crashes, you can use another virtual machine which is shielded by viva very much like a firewall.
I have set up another rh72 and fc4 virtual machines only accessible through viva (which fc5 better patched).
To access that internal rh72, first login to viva.uccs.edu, then use “ssh –l <login> 192.168.174.72” to login. Where <login> is your login on CS Unix or viva.
To access that internal fc4, first login to viva.uccs.edu, then use “ssh –l <login> 192.168.174.44” to login.
See an example below.
[cs591@viva ~]$ ssh -l chow 192.168.174.72
chow@192.168.174.72's password:
Last login: Thu Feb 1 14:42:41 2007 from 192.168.174.1
[chow@rh72 chow]$
192.168.174.0/24 is a host-only subnet set up by vmware server.
192.168.174.1 is the gateway and used by the host. We configure internal rh72 to use 192.168.174.72
The ifconfig command on viva show the following interface entry.
vmnet1 Link encap:Ethernet HWaddr 00:50:56:C0:00:01
inet addr:192.168.174.1 Bcast:192.168.174.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2795 errors:0 dropped:0 overruns:0 frame:0
TX packets:3377 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Edward
From: Rajshri Vispute [mailto:rvispute@uccs.edu]
Sent: Friday, February 02, 2007 10:31 AM
To: Chow, Edward
Subject: Login problem
Dr. Chow,
Today I am trying to login at rh72.csnet.uccs.edu using username as rvispute and password as xxxxxxxx(no dashes) but I am not able to login. Until yesterday it was working but today I am having problem.
Do you know what to do now?
Thanks,
Rajshri
From: CS 591 class email list on behalf of Chow, Edward
Sent: Thu 2/1/2007 9:02 PM
To: CS 591 class email list
Subject: [CS591-l]Re: CS591 Que regarding paper
Dr. Chow,
From the paper I was trying to execute the command (gdb) disassemble __execve. But I am getting error. Could you please let me know about __ this? Is it underscore? I am sorry but I am not understanding this.
Thanks,
Rajshri
Rajshri,
It would help you can include the actual text output on your console and the program and directory you are in. That will be help diagnose the problem.
I just login and found the problem can be solved by re-compiling the program.
The original executable code probably generated in different version of Linux OS.
[rvispute@rh72 bufferOverflow]$ gdb example2
GNU gdb Red Hat Linux 7.x (5.0rh-15) (MI_OUT)
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...Dwarf Error: Cannot handle DW_FORM_strp in DWARF reader.
(gdb) quit
[rvispute@rh72 bufferOverflow]$ gcc -g -o example2 example2.c
example2.c: In function `main':
example2.c:7: warning: return type of `main' is not `int'
[rvispute@rh72 bufferOverflow]$ gdb example2
GNU gdb Red Hat Linux 7.x (5.0rh-15) (MI_OUT)
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(gdb)
Edward
-----Original Message-----
From: Rajshri Vispute [mailto:rvispute@uccs.edu]
Sent: Tuesday, January 30, 2007 6:35 PM
To: Chow, Edward
Subject: RE: Regarding GDB
Dr Chow,
I was using rh72.csnet.uccs.edu.
Rajshri
-----Original Message-----
From: Chow, Edward [mailto:chow@eas.uccs.edu]
Sent: Tuesday, January 30, 2007 5:59 PM
To: Rajshri Vispute
Cc: Chow, Edward
Subject: RE: Regarding GDB
Rajshri,
You should recompile the .c source code with gcc The executable code could be generated by different verison of the operating systems.
In our case, we will run gdb on rh72.csnet.uccs.edu (rh72 OS) not on viva
(fc5 OS).
Let me know what machine you run gdb on.
Edward
-----Original Message-----
From: Rajshri Vispute [mailto:rvispute@uccs.edu]
Sent: Tuesday, January 30, 2007 4:31 PM
To: Chow, Edward
Cc: rvispute@uccs.edu
Subject: Regarding GDB
Dr Chow,
Today I was practicing the http://cs.uccs.edu/~cs591/bufferOverflow.html.
And when I typed gdb example1 , I am getting error like Dwarf Error: Cannot handle DW_FORM_strp in DWARF reader."
So I can't execute the commands like run or break.
Please let me know what I am doing wrong. I tried to search about error in google but couldn't find out any solution.
Thanks,
Rajshri
From: CS 591 class email list on behalf of Chow, Edward
Sent: Tue 1/30/2007 2:11 PM
To: CS 591 class email list
Subject: [CS591-l]CS 591 HW#1 Solution
Ankur,
The solution web page is at
http://cs.uccs.edu/~cs591/hw/solution/hw1S2007Sol.html
Use cs591 as login and xxxxxxx as password.
Note that this password protection only against un-authorized access from
web, it does not prohibit local user from peeping into the directory. We
need to allow apache to access that directory.
Edward