CS-220 Spring 2016 Lab 12 - Starting Project 4

Background / Introduction

Project 4 is yet another buffer overflow attack excercise... but for Project 4, you get to be a real hacker. The basic idea behind project 4 is that project 4 prints out the grades for your section of CS-220. It does this using a C program that I have given you called "grades.c". This program generates all the grades for both sections, asks you what section you are interested in, and prints the grades for that section. The "grades" that it prints are randomly generated grades designed to allow each student to get a grade between the mid 50's and the mid 80's.

Your job is to write the input file that is used to pick your section. I will run the grades program with your input file. Your project grade will be the average grade printed out by the grades program for your userid. (This project uses numeric userid's which are the same as your project 3 bomb ID's.)

If your input file has just your section letter (either "A" or "B") then you project 4 grade will be some random grade between 50 and 90. Maybe you will get lucky and get a good grade, or maybe you will be unlucky and get a bad grade... or maybe you will figure out how to do a buffer overflow attack and modify your grade and make sure it's REALLY good!

Starting the Lab / Project 4

First, read through the instructions provided on the project page in project4.pdf

Then, download the proj4.tar.gz file, untar it, and run make test. This will compile grades.c and run it with the current "test.txt" file. If you are in section A, you may want to edit test.txt and change it to print the grades for section A. (Just change the "B" to an "A".)

Next, start figuring out how you can do a buffer overflow attack... how are you going to provide instructions that modify your grade? How are you going to modify the return address so that it points somewhere that you can execute the instructions you have provided? What instructions do you need to modify your grade and make it good? Right now, there are a lot more questions than there are answers.

I don't expect you to complete project 4 in this lab period, but I wanted to give you a chance to get started, and ask questions if things don't make sense to you. Good luck, and happy hacking.

Lab Report

No lab report this week! The TA's are busy grading project 3, and we'll figure out how well you did in this lab by looking at your project 4 grade.