Syracuse University
Buffer-Overflow Vulnerability Lab
Lab Overview
The learning objective of this lab is for students to gain the first-hand experience on buffer-overflow vulnerability by putting what they have learned about the vulnerability from class into actions. Buffer overflow is defined as the condition in which a program attempts to write data beyond the boundaries of pre-allocated fixed length buffers. This vulnerability can be utilized by a malicious user to alter the flow control of the program, even execute arbitrary pieces of code. This vulnerability arises due to the mixing of the storage for data (e.g. buffers) and the storage for controls (e.g. return addresses): an overflow in the data part can affect the control flow of the program, because an overflow can change the return address.In this lab, students will be given a program with a buffer-overflow vulnerability; their task is to develop a scheme to exploit the vulnerability and finally to gain the root privilege. In addition to the attacks, we will walk through several protection schemes that have been implemented in Linux to counter against the buffer-overflow attacks. We will evaluate whether these schemes work or not.
Lab Description and Tasks (PDF)
-
For instructors: if you prefer to modify the lab description
to suit your own courses, you can download the source files (Latex)
from here.
VM Version: This lab description was originally developed for Ubuntu 9.11, but we have revised it for Ubuntu 11.04. You can still use our Ubuntu 9.11 VM image (accept some minor inconsistency), but it is better that you use our newer VM image (Ubuntu 11.04).
Recommended Time:
- Supervised lab environment: 2 hours
- Unsupervised environment (e.g. take-home project): 1 week
Lecture Video: (watch)
Files that are Needed
- stack.c (the vulnerable program)
- call_shellcode.c
- exploit.c
Helpful Documents
- Aleph One. Smashing The Stack For Fun And Profit.
Student Feedbacks
To help us understand how effectively this lab has enhanced students' learning in computer security, we asked students to fill out an anonymous survey right after they finish the lab. We started to conduct the survey since 2007. The survey results depicted in the following are aggregate results over several years.- Survey Questionnaires (doc, pdf)
- Survey Results
