In this order, there are few software that the expert should use.
Fyi: I'm using a Window Computer. And need to use a Virtualbox software with Kali Linux install on it.
Software Requirements:
- The Virtualbox Software
- The Kali Linux, Penetration Testing Distribution
- GDB: The GNU Project Debugger
- GCC, the GNU Compiler Collection
- C source file including BOF.c, createBadfile.c, and testShellCode.c
Then, the expert can just follow the instruction in the PDF of what to do step by step. But, make sure you do a screenshot of each steps and saved it to a folder called "Screenshots". I need this at the end once you've finish.
Once you've done all of the steps above, i need:
A zip file containing:
1. Your updated createBadfile.c that generates the input for the BOF program
2. A copy of the badfile. This must generate a shell when BOF runs from the command line in the VM
3. A screenshot of using BOF program to gain a shell (see simple screenshot below, under "happy exploiting" in the pdf)
4. A text file with answers to the following questions: (if you can answer these three questions below, that you would be great)
a. What happens when you compile without “-z execstack”?
A = Can you answer this for me too.
b. What happens if you enable ASLR? Does the return address change?
A = Can you answer this for me too.
c. Does the address of the buffer[] in memory change when you run BOF using GDB, /home/ss4310-student/Desktop/BufferOverflows/BOF, and ./BOF?
A = Can you answer this for me too.
5. The "Screenshots" folder of each steps starting from topic "Starting the virtual machine" to "Happy Exploiting!" (see the pdf then you'll understand)