MIPS Stack Buffer Overflow

posted in: Research Paper | 0

Module 7 Assignment: MIPS Stack Buffer Overflow Introduction

For this assignment you will get a small feel for how the compiler works while getting a chance to performance a “stack smashing” (buffer overflow) attack. We will be using the online C compiler GodBolt for compiling our C code into MIPS and you will have a choice of multiple online IDE’s for actually running your C code. We hope you enjoy it!

Step 1: Run the Code Begin by familiarizing yourself with the C code in overflow.c found in my public GitHub repository. Once you have an idea of what the code is doing I recommend using either REPL to compile and run your C code. Practice running the code and make sure you can demonstrate both a failed and a successful authentication attempt by providing a correct and an incorrect password.

Step 2: Crashing the Application For the first part of this project we’d like for you to provide an input (password) that causes a segmentation fault/core dump, essentially crashing the program. Write a detailed 1-2 paragraph explanation describing why you chose your input and how it caused a seg-fault to occur. Please also provide a screenshot showing the input you chose and evidence that a segmentation fault occurred.

Step 3: Authentication Trick For this part we’re going to be a little bit more thoughtful about the input we provide so we don’t crash the application, but rather gain access despite using a wrong password. Remember, we’re inside of the main() function, so think about how the program is keeping track of the buffers on the stack. Derive an input, other than that true secret password, that will trick the  program into authenticating a user.

Note: there are many such passwords, so don’t focus quite so much on the content (but do not ignore it) and think about where the input data is being stored in memory. Again, write a detailed 1-2 paragraph explanation describing why you chose your input and how it tricked the program into authenticating the user. Please also provide a screenshot showing the input you chose and evidence that you were able to gain unauthorized access successfully.

Step 4: Stack Buffer Overflow Attack The final part of the assignment will require you to download overflow2.s which contains a buffer overflow vulnerability. Paste the code into MIPS and make sure you can run it successfully with the input: Hello, world!

Module 7 Assignment: MIPS Stack Buffer Overflow Introduction

Next, please comment each line of code in the .text section. Please do this FIRST! It will make tracing through the code much easier.

Once you understand what the code is doing, you’ll notice there is a ‘print_a’ function that is not reachable through the execution path of the code as it’s written. Your job is to devise an input that overflows the call stack and overwrites the $ra register causing the program to execute the ‘print_a’ function. Please provide the successful input that triggers the overflow, a screenshot of the successful execution of your

attack that prints the A+ message, and a detailed description of how you figured out how to exploit the buffer overflow and how you devised the proper input.

https://github.com/jkovba/jhu_sp20_comporg/blob/master/overflow.c

https://repl.it/languages/c

https://github.com/jkovba/jhu_sp20_comporg/blob/master/overflow.s

Hints: 1. Know thy stack!

  1. Become familiar with asciitable.com. You will need it for a portion of your input to get the right

values into the $ra register.

  1. Remember your endianness.
  2. Be sure to know how to examine the stack using MARS. Here is a sample for an input of abcde:
  3. 5. Be sure to know how to examine your .text section in memory:

a.

http://www.asciitable.com/

  • Module 7 Assignment: MIPS Stack Buffer Overflow
    • Step 1: Run the Code
    • Step 2: Crashing the Application
    • Step 3: Authentication Trick
    • Step 4: Stack Buffer Overflow Attack
    • Hints:

 

Last Updated on