Description
Hello.
Could you please follow the attachment bellow there are the questions .
best regards
Unformatted Attachment Preview
Purchase answer to see full attachment
Explanation & Answer
hiPFA. I have explained all questions as much as possible.
1.
2.
●
A buffer overflow attack is known to be a scenario in programming where a program
overruns the boundary of a buffer and write the memory locations outside of the buffer
while writing to that buffer itself. This violates the safety of memory. Specially designed
inputs to execute code can trigger buffer overflow attacks. This results in memory access
errors, erratic program behavior and sometime crashes the program itself.
Let us know take a closer look at the program “stack.c” in a view of learning how buffer
overflow works. So, going by the definition of buffer overflow attacks, the mentioned
program “stack.c” can be good candidate for a buffer overflow attack. As we can see, in
bof() method the strcpy copies the string str into the buffer. Now, the size of
buffer declared is 24 bytes. While, the source string str which is being copied to the
variable buffer is of length 517 bytes. So, the variable str is trying to write data outside
the boundary of buffer. This may cause a buffer overflow attack if string str is well
designed to serve as a proper buffer overflow input.
1
●
To launch a successful buffer overflow attack the attacker needs to know the address of the
important variable on stack. That said, i essentially means a buffer overflow on its own is
uninteresting leading to a program crash most of the time. However, a successful buffer
overflow will either read or write a sensitive variable on stack e.g. an unencrypted
password or variable holding privilege bits. Knowing the addresses of such variables is not
trivial and often depends on attackers’ ingenuity. With some amount o...