北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】

15-213, Fall 20xx The Attack Lab: Understanding Buffer Overflow Bugs Assigned: Tue, Sept. 29 Due: Thu, Oct. 8, 11:59PM EDT Last Possible Time to Turn in: Sun, Oct. 11, 11:59PM EDT
時間: 2021-08-26 10:08:29

1 Introduction This assignment involves generating a total of five attacks on two programs having different security vulnerabilities. Outcomes you will gain from this lab include: ? You will learn different ways that attackers can exploit security vulnerabilities when programs do not safeguard themselves well enough against buffer overflows. ? Through this, you will get a better understanding of how to write programs that are more secure, as well as some of the features provided by compilers and operating systems to make programs less vulnerable. ? You will gain a deeper understanding of the stack and parameter-passing mechanisms of x86-64 machine code. ? You will gain a deeper understanding of how x86-64 instructions are encoded. ? You will gain more experience with debugging tools such as GDB and OBJDUMP. Note: In this lab, you will gain firsthand experience with methods used to exploit security weaknesses in operating systems and network servers. Our purpose is to help you learn about the runtime operation of programs and to understand the nature of these security weaknesses so that you can avoid them when you write system code. We do not condone the use of any other form of attack to gain unauthorized access to any system resources. You will want to study Sections 3.10.3 and 3.10.4 of the CS:APP3e book as reference material for this lab

1導言


此任務涉及對具有不同安全漏洞的兩個程序總共生成五次攻擊。您將從本實驗室獲得的成果包括:


?您將了解攻擊者在程序不存在漏洞時利用安全漏洞的不同方式


充分保護自己,防止緩沖區溢出。


?通過本課程,您將更好地了解如何編寫更安全的程序,如


以及編譯器和操作系統提供的一些使程序更少的功能


脆弱的


?您將更深入地了解x86-64的堆棧和參數傳遞機制


機器代碼。


?您將更深入地了解x86-64指令的編碼方式。


?您將獲得更多使用GDB和OBJDUMP等調試工具的經驗。


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】注意:在本實驗室中,您將獲得利用安全漏洞的方法的第一手經驗


操作系統和網絡服務器。我們的目的是幫助您了解


并了解這些安全弱點的性質,以便您在


編寫系統代碼。我們不允許使用任何其他形式的攻擊來獲取未經授權的訪問權限


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】任何系統資源。


您需要學習CS:APP3e手冊的第3.10.3節和第3.10.4節,作為本實驗室的參考資料2 Logistics As usual, this is an individual project. You will generate attacks for target programs that are custom generated for you. 2.1 Getting Files You can obtain your files by pointing your Web browser at: http://$Attacklab::SERVER_NAME:15513/ INSTRUCTOR: $Attacklab::SERVER_NAME is the machine that runs the attacklab servers. You define it in attacklab/Attacklab.pm and in attacklab/src/build/driverhdrs.h The server will build your files and return them to your browser in a tar file called targetk.tar, where k is the unique number of your target programs. Note: It takes a few seconds to build and download your target, so please be patient. Save the targetk.tar file in a (protected) Linux directory in which you plan to do your work. Then give the command: tar -xvf targetk.tar. This will extract a directory targetk containing the files described below. You should only download one set of files. If for some reason you download multiple targets, choose one target to work on and delete the rest. Warning: If you expand your targetk.tar on a PC, by using a utility such as Winzip, or letting your browser do the extraction, you’ll risk resetting permission bits on the executable files. The files in targetk include: README.txt: A file describing the contents of the directory ctarget: An executable program vulnerable to code-injection attacks rtarget: An executable program vulnerable to return-oriented-programming attacks cookie.txt: An 8-digit hex code that you will use as a unique identifier in your attacks. farm.c: The source code of your target’s “gadget farm,” which you will use in generating return-oriented programming attacks. hex2raw: A utility to generate attack strings. In the following instructions, we will assume that you have copied the files to a protected local directory, and that you are executing the programs in that local directory. 2 2.2 Important Points Here is a summary of some important rules regarding valid solutions for this lab. These points will not make much sense when you read this document for the first time. They are presented here as a central reference of rules once you get started. ? You must do the assignment on a machine that is similar to the one that generated your targets. ? Your solutions may not use attacks to circumvent the validation code in the programs. Specifically, any address you incorporate into an attack string for use by a ret instruction should be to one of the following destinations: – The addresses for functions touch1, touch2, or touch3. – The address of your injected code – The address of one of your gadgets from the gadget farm. ? You may only construct gadgets from file rtarget with addresses ranging between those for functions start_farm and end_farm. 3 Target Programs Both CTARGET and RTARGET read strings from standard input. They do so with the function getbuf defined below: 1 unsigned getbuf() 2 { 3 char buf[BUFFER_SIZE]; 4 Gets(buf); 5 return 1; 6 } The function Gets is similar to the standard library function gets—it reads a string from standard input (terminated by ‘\n’ or end-of-file) and stores it (along with a null terminator) at the specified destination. In this code, you can see that the destination is an array buf, declared as having BUFFER_SIZE bytes. At the time your targets were generated, BUFFER_SIZE was a compile-time constant specific to your version of the programs. Functions Gets() and gets() have no way to determine whether their destination buffers are large enough to store the string they read. They simply copy sequences of bytes, possibly overrunning the bounds of the storage allocated at the destinations. If the string typed by the user and read by getbuf is sufficiently short, it is clear that getbuf will return 1, as shown by the following execution examples: unix> ./ctarget 3 Cookie: 0x1a7dd803 Type string: Keep it short! No exploit. Getbuf returned 0x1 Normal return Typically an error occurs if you type a long string: unix> ./ctarget Cookie: 0x1a7dd803 Type string: This is not a very interesting string, but it has the property ... Ouch!: You caused a segmentation fault! Better luck next time (Note that the value of the cookie shown will differ from yours.) Program RTARGET will have the same behavior. As the error message indicates, overrunning the buffer typically causes the program state to be corrupted, leading to a memory access error. Your task is to be more clever with the strings you feed CTARGET and RTARGET so that they do more interesting things. These are called exploit strings. Both CTARGET and RTARGET take several different command line arguments: -h: Print list of possible command line arguments -q: Don’t send results to the grading server -i FILE: Supply input from a file, rather than from standard input Your exploit strings will typically contain byte values that do not correspond to the ASCII values for printing characters. The program HEX2RAW will enable you to generate these raw strings. See Appendix A for more information on how to use HEX2RAW. Important points: ? Your exploit string must not contain byte value 0x0a at any intermediate position, since this is the ASCII code for newline (‘\n’). When Gets encounters this byte, it will assume you intended to terminate the string. ? HEX2RAW expects two-digit hex values separated by one or more white spaces. So if you want to create a byte with a hex value of 0, you need to write it as 00. To create the word 0xdeadbeef you should pass “ef be ad de” to HEX2RAW (note the reversal required for little-endian byte ordering). When you have correctly solved one of the levels, your target program will automatically send a notification to the grading server. For example: unix> ./hex2raw < ctarget.l2.txt | ./ctarget Cookie: 0x1a7dd803 Type string:Touch2!: You called touch2(0x1a7dd803) Valid solution for level 2 with target ctarget PASSED: Sent exploit string to server to be validated. NICE JOB! 4 Phase Program Level Method Function Points 1 CTARGET 1 CI touch1 10 2 CTARGET 2 CI touch2 25 3 CTARGET 3 CI touch3 25 4 RTARGET 2 ROP touch2 35 5 RTARGET 3 ROP touch3 5 CI: Code injection ROP: Return-oriented programming Figure 1: Summary of attack lab phases The server will test your exploit string to make sure it really works, and it will update the Attacklab scoreboard page indicating that your userid (listed by your target number for anonymity) has completed this phase. You can view the scoreboard by pointing your Web browser at http://$Attacklab::SERVER_NAME:15513/scoreboard Unlike the Bomb Lab, there is no penalty for making mistakes in this lab. Feel free to fire away at CTARGET and RTARGET with any strings you like. IMPORTANT NOTE: You can work on your solution on any Linux machine, but in order to submit your solution, you will need to be running on one of the following machines: INSTRUCTOR: Insert the list of the legal domain names that you established in buflab/src/config.c. Figure 1 summarizes the five phases of the lab. As can be seen, the first three involve code-injection (CI) attacks on CTARGET, while the last two involve return-oriented-programming (ROP) attacks on RTARGET. 4 Part I: Code Injection Attacks For the first three phases, your exploit strings will attack CTARGET. This program is set up in a way that the stack positions will be consistent from one run to the next and so that data on the stack can be treated as executable code. These features make the program vulnerable to attacks where the exploit strings contain the byte encodings of executable code. 4.1 Level 1 For Phase 1, you will not inject new code. Instead, your exploit string will redirect the program to execute an existing procedure. Function getbuf is called within CTARGET by a function test having the following C code:

2物流


像往常一樣,這是一個單獨的項目。您將為自定義生成的目標程序生成攻擊。


2.1獲取文件


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】您可以通過將Web瀏覽器指向以下位置來獲取文件:


http://$Attacklab::服務器名稱:15513/


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】講師:$Attacklab::SERVER\u NAME是運行


攻擊實驗室服務器。您可以在attacklab/attacklab.pm和中定義它


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】attacklab/src/build/driverhdrs.h


服務器將生成您的文件,并將它們返回到名為targetk.tar的tar文件中的瀏覽器,其中


k是目標計劃的唯一編號。


注意:構建和下載目標需要幾秒鐘,所以請耐心等待。


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】將targetk.tar文件保存在您計劃在其中執行工作的(受保護的)Linux目錄中。然后給


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】命令:tar-xvf targetk.tar。這將提取包含這些文件的目錄targetk


如下所述。


您應該只下載一組文件。如果出于某種原因下載了多個目標,請選擇一個


要處理的目標并刪除其余的。


警告:如果您在PC上擴展targetk.tar,請使用Winzip等實用程序,或讓


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】瀏覽器執行提取操作時,可能會重置可執行文件上的權限位。


targetk中的文件包括:


README.txt:描述目錄內容的文件


ctarget:易受代碼注入攻擊的可執行程序


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】rtarget:易受面向返回編程攻擊的可執行程序


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】cookie.txt:一個8位十六進制代碼,在攻擊中用作唯一標識符。


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】c:目標的“gadget farm”的源代碼,用于生成面向返回的


編程攻擊。


hex2raw:用于生成攻擊字符串的實用程序。


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】在以下說明中,我們假設您已將文件復制到受保護的本地目錄,


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】并且您正在本地目錄中執行程序。


2.


2.2要點


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】以下是關于本實驗室有效解決方案的一些重要規則的摘要。這些要點不會說明問題


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】當您第一次閱讀此文檔時,您會覺得非常有意義。它們在這里作為中心參考


一旦你開始了,你就會有很多規則。


?您必須在與生成目標的機器類似的機器上執行任務。


?您的解決方案可能不會使用攻擊繞過程序中的驗證代碼。明確地


任何合并到攻擊字符串中供ret指令使用的地址都應該是


以下目的地:


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】–功能touch1、touch2或touch3的地址。


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】–注入代碼的地址


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】–小工具場中一個小工具的地址。


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】?您只能從文件rtarget構建小工具,其地址介于函數start_farm和end_farm的地址之間。


3個目標項目


CTARGET和RTARGET都從標準輸入讀取字符串。它們是通過函數getbuf實現的


定義如下:


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】1個未簽名的getbuf()


2 {


3字符buf[緩沖區大小];


4個(buf);


5返回1;


6 }


北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】函數get類似于標準庫函數get,它


2 Card Poker Challenge Develop a simplified 2 card poker game to show off your C# programming prowess
時間: 2021-08-25 08:41:27

北美代写,Homework代写,Essay代寫-准时✔️高质✔最【靠谱】Develop a simplified 2 card poker game to show off your C# programming prowess. 1. 2-6 players. 2. 2-5 rounds. 3. The dealer shuffles the deck at the start of each round. 4. The dealer deals 2 cards to each player. 5. The dealer ranks each player’s hand according the poker hand ranking rules 6. At the end of each round, each player is assigned a score (0 – weakest to strongest x-1 (where x = number of players)). 7. The overall winner is determined once all rounds have been completed. The winner is the player with the highest score. Poker Hand Ranks: In order from strongest to weakest 1. Straight Flush (2 cards of sequential rank, same suit) 2. Flush (2 cards, same suit) 3. Straight (2 cards of sequential rank, different suit) 4. 1 pair (2 cards of same rank) 5. High Card (2 cards, different rank, suit and not in sequence. Highest card wins) ? Individual cards are ranked A (highest), K, Q, J, 10, 9, 8, 7, 6, 5, 4, 3, 2 (lowest). ? Suit order (strongest to weakest): Spades, Clubs, Hearts, Diamonds Objective: Develop a 2 card poker game according to the rules above. Implement each feature according to the acceptance criteria stated later. You will be judged on the following merits: 1. Code quality 2. Test coverage 3. Correctness (according to the game specification) You have a weekend to complete this challenge, best of luck. Feature: Shuffle Deck As The Dealer I want to Shuffle the Deck So that the card sequence is different for each round Scenario: Shuffle Deck X Times Given it is the start if a new round And the game is not over And a deck of 52 cards When I shuffle the deck X time (s) Then the deck is in a different order each time Feature: Deal Cards As The Dealer I want to deal 2 cards to each player So that the game can proceed Scenario: Deal Cards Given it is the start of a new round And the game is not over And I have shuffled the deck When I deal the cards Then each player should have 2 cards And each player has a unique 2 cards Feature: Rank Hands As The Dealer I want to rank each players' hands So that I can determine the winning hand Scenario: Determine Winner Given I have dealt each player their cards When I rank each players hand (according to poker hand rankings) Then the player with the highest ranked hand is the winner And each player is assigned a score from 0 (weakest) to X-1 players (strongest) Feature: Determine Winner As The Dealer I want to determine who the overall winner is So that the game can end Scenario: Overall Winner Given all rounds have been played When I determine who the overall winner And players are ordered from highest score to lowest score Then it is known who the winner is And each player knows what place they finished at

在線客服

售前咨詢
售后咨詢
微信號
Essay_Cheery
微信
墨尔本assignment代写,代写毕业论文,paper代写-51作业君 北美代写,程序代做,程序代写,java代写,python代写,c++代写,c代写 英国代写paper,python代写,Report代写,编程代写-程序代写网 北美代写essay,程序代写,Java代写代做,Java代考-焦点论文 澳大利亚essay代写,编程代写,代码代写,程序代写-三洋编程 加拿大essay代写|程序代写代做||Python代写|Matlab代写-Meeloun 澳大利亚代写,代写essay,代写毕业论文,留学生代写-小马代写 日本代写,北美作业代写,新加坡代写,essay代写-无时差服务 加拿大代写,作业代写,exam代考,Report代写,代写文章-最靠谱最低价 新加坡代写,北美CS代写,python代写,CS编程代写-新顾客立减20%