HW2: Buffer Overflow by Example

CS 493/693 Homework, Dr. Lawlor, 2006/02/06.  Due at 5pm on Monday, Feb 13 (Monday the 13th!).

I've started a vulnerable network server process, listening on port 80 of the server "target.cs.uaf.edu".  Your assignment is to see firsthand how a buffer overflow attack works, by attacking this port of this server.  Allow me to be very clear.  DO NOT ATTACK ANY OTHER  PORT OR MACHINE.

The server listening on port 80 of target.cs.uaf.edu is NOT a webserver.  Instead, it speaks the following very simple protocol:
  1. The server sends you a welcome string followed by a newline.
  2. You send the server your UAF email ID (like "ffosl") followed by a newline.
  3. You send the server an arbitrary attack buffer, followed by a newline.
  4. The server then executes the following laughably insecure code on your attack buffer "req":
    void parse_request(void)
    char buf[32];
  5. The server records and sends back your grade and a short explanation, followed by a newline.
The grade levels available for this assignment are:
I'll keep your highest grade--you can repeatedly attack the server as many times as you like.  Please do not denial-of-service the target, or try to break out of the emulated machine.

You should be able to get at least a "D" using just "telnet" run interactively.  For higher grade levels, writing your own network attacker program is recommended.   If you log in and send two strings-and-newlines without immediately getting a one-line grade back, send me an email--the target may have gone down.

The vulnerable server has this source code, which you'll pretty much have to read. You could even compile and run the server, although be careful not to get hacked yourself!  The relevant buffer locations as actually run (hint, hint!) are:
Inside vulnerable routine:
grade_C routine is at 0x8048d68
grade_B string is at 0x8082357
grade routine is at 0x8048cb4
buf is at 0xbfffff28
This vulnerable server runs:
So don't worry about breaking anything too important--and have fun!  You don't need to turn anything in--I can get your grade out of the server logs!