CPIS 605 – Software SecurityASSIGNMENT 1Objective: Understand the stack smashing buffer exploit thoroughly.1. From the paper “Smashing the stack for fun and profit” by Alephone do the following (10%)a. Download the article by Aleph One (see References). You will be extracting the source code of exploit3.c and exploit4.c files from it.b. Improve the code of exploit3.c and exploit4.c so that there are no warning messages from gcc even after using the flags as in gcc -ansi -pedantic -Wall.c. Reduce the size of their compiled binaries by at least 5% as seen by the size command when exactly the same flags are used in the compilation. Make sure no functionality is lost. Do not just remove printf’s. Do not use gcc optimization flags.d. Login as a non-root user. Verify that the exploit still works on the vulnerable program. (It may not!)e. Turn in a report but also with answers to the questions below, and thoroughly describing your changes, and how you verified that there was no loss of functionality. Include properly indented versions of your exploit.c files. Use indent -kr.f. Answer the question: What is the “environment”?g. Answer the question: Why does exploit3.c run system(“/bin/bash”) at the endof main()?2. Search the web and report on at least four recent (within last five years) buffer overflow attacks or SQL injection. Explain the attacks in two to three pages using your own words. (10%)Submission:Each student shall submit one file(docx, pdf) with two parts. The first part contains the source code andfull-screen shots showing the date and time for all buffer overflow examples and exploits. Then answer all questions in 1At the seconds part write your report for question 2.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more