CMSC 838G, Spring 2011

Software Security

Project 1: Buffer Overflows

Due: March 3, 2011

Description

I am a bad programmer. I'm such a bad programmer, I introduce bugs in other people's code on purpose. I've taken a simple http server I found on the web and introduced several potential buffer overflows in it.

Here is the web server: tinyhttpd-broken.tar.gz

Your job is to develop a program that exploits a buffer overflow to take over the httpd process, causing it to print a message "Now I pwn your computer":

             (machine 1) host2$ ./httpd
             http running on port 42709
             ...
             Now I pwn your computer

             (machine 2) host1$ ./exploit httpd 42709

Here ... can be empty, or may be some additional output caused by your attack. Your exploit file takes the httpd file as input (at your discretion; if you change this, be sure to mention it in your instructions). Your exploit must work on fireball.cs.umd.edu, when I compile httpd with gcc -m32, which creates a 32-bit executable. The default gcc is 4.1.2 and uses 64-bit compilation.

You can assume that the exploit code is running on the same machine as the httpd server, i.e., your exploit should always just connect to localhost. Also, the client of the exploit will manually type in the port number---you don't need to figure it out from the binary or anything like that.

Tips:

Project Submission Instructions

Resources

Acknowledgements

Inspired by a similar project from Steve Zdancewic.

Web Accessibility