What This Document Is
This is a hands-on lab assignment for an Introduction to Systems Software course (CSE 361S) at Washington University in St. Louis. The assignment focuses on practical application of buffer overflow attack techniques. Students will work with a provided C program, `bufbomb.c`, and are tasked with manipulating program execution through crafted input. It’s designed to build a deep understanding of security vulnerabilities and how they can be exploited – and, crucially, how to defend against them. The lab emphasizes a controlled environment for learning offensive security concepts for defensive purposes.
Why This Document Matters
This assignment is critical for students learning about computer security, operating systems, and low-level programming. It’s particularly valuable for those pursuing careers in software engineering, cybersecurity, or systems administration. Successfully completing this lab will solidify understanding of stack frames, return addresses, and the impact of memory corruption. It’s best utilized *after* foundational concepts of buffer overflows have been covered in lectures and readings, and serves as a practical test of those concepts. Students will benefit from working through this assignment to prepare for more advanced security topics.
Common Limitations or Challenges
This assignment provides the core program and the objectives, but it does *not* offer step-by-step solutions or pre-built exploit code. Students are expected to independently analyze the provided C code, utilize debugging tools, and develop their own exploit strings. The assignment is also machine and compiler-specific, meaning solutions may need adjustments when used in different environments. It assumes a working knowledge of C programming, assembly language, and command-line tools.
What This Document Provides
* A vulnerable C program (`bufbomb.c`) for exploitation.
* A series of progressively challenging stages, each building upon the previous one.
* Specific functions within the program (`getbuf`, `test`, `smoke`, `fizz`) to target.
* Guidance on utilizing debugging tools like `objdump` and `gdb`.
* Hints regarding stack frame organization and byte ordering considerations.
* Clear objectives for manipulating program control flow.