CSCI 432 :: Operating Systems

CSCI 432

Operating Systems

Home | Calendar | Assignments | CS@Williams

Project 3 - Smash the Stack

This project will help you understand call stack vulnerabilities and debuggers like the GNU Debugger (GDB). You can work in groups of 2 if you'd like.

In this project, you will compromise several vulnerable processes running inside a VM. You will be able to access a full copy of the C source code for each process, which you can use to analyze the behavior of the programs. By exploiting the vulnerabilities present in the processes, you will gain root access to the VM.

You must complete Targets 1-4, and Target 5, 6, or 7 (choose one of these three). If you solve more than 5 total targets, you will receive a very, very small amount of extra credit.

Please submit to GLOW a "formal" solution to the project, including all files (including sploit source files) used in your exploit (as a tarball), an explanation of your method of attack for each target, and a review of the project as a whole. Your explanations and review of the project will constitute your writeup (which should be submitted in PDF form).

Honor Code: As with all other assignments this semester, you are free to us the web/ChatGPT as a resource. However, DO NOT specifically search for solutions to the exploits. Variations of this assignment exist at many universities, and it is hard to find reliable sources. Keep your searches general.

Important Downloads

Starter guide (READ THIS FIRST!!)
Option 1: Download Virtual Box (for Windows, Intel Macs, Linux)
Download the VM for VirtualBox (on campus)
Option 2: UTM (for M1/M2 Macs)
Download the VM for UTM (on campus, for M1/M2 Macs)
For reference: Download only the code (on campus)
Smashing target1 (Also see these notes from lecture)

Project Writeup

For your writeup, please start by giving a general overview of buffer overflow exploits. If you decide to tackle targets 6 and 7, also describe format string attacks and memory corruption. Then explain how you exploited the vulnerability in each target to gain control of the system. As always, you should end with a conclusion and a brief reflection of the project. The writeup in this assignment is especially important, since you have to convince me that you did not just randomly guess numbers until something worked!

Resources