Software vulnerabilities lab

Lab partners for today.

Part 1: Python injection

Note: If you have Python installed on your own computer, you can do this part of the lab on your own computer. Otherwise, use one of the lab machines.

Homework exercise 16.0: Who is your lab partner?

  1. Create a new folder called "lab3" somewhere in your filesystem.
  2. Download calculator.py and save it in your lab3 folder. Important: please make sure calculator.py goes into your lab3 folder; we will be deleting files in this folder, and we don't want to delete any file that is actually important to you!
  3. If necessary, refamiliarize yourself with how to execute Python programs by working through just the first four steps of the Python overview. (You already did this once, in Lab 1. Also, you need to execute Python in this lab, but you don't need to edit Python -- that's why you only need to work through the first four steps of the overview.)
  4. Run calculator.py, and use it to answer the following questions:

    Homework exercise 16.1: What is 456^76? Hint: in Python, exponentiation is not achieved using the "^" character. Check our class notes or search online.

    Homework exercise 16.2: What is 52.3 / sin(0.445)?

  5. Create a Microsoft Word document and type a few words into it. Now save this Word document in your lab3 folder. Run calculator.py, and use a Python code injection to delete your Word document. Hint: look at the notes from our first class on software vulnerabilities. Also, note that a Microsoft Word file name typically ends in ".docx", even if you don't see this part of the filename in your desktop view.

    Homework exercise 16.3: What input did you give calculator.py in order to delete your Word document?

  6. Create another Microsoft Word document and type a few words into it. Again save this Word document in your lab3 folder. Run calculator.py, and use a Python code injection to rename your Word document to instead be called "important-stuff.docx". Hint: search for the word "rename" at the following URL: http://docs.python.org/2/library/os.html.

    Homework exercise 16.4: What input did you give calculator.py in order to rename your Word document?

  7. Mount a denial of service attack against calculator.py by entering a suitable string. Hint: look at the notes from our first class on software vulnerabilities.

    Homework exercise 16.5: (a) What input did you give calculator.py in order to achieve a denial of service attack? (b) Approximately what percentage of the CPU is the calculator program now consuming? Hint: use Activity Monitor, in the Utilities folder of the Applications folder.

  8. Kill your out-of-control calculator.py program by pressing Control-C in the terminal window.

Part 2: Buffer overflow

Note: This part of the lab can only be done on the lab machines. Don't try it on your own laptop (although it might work if your laptop is a Mac).
  1. Download the program greetings.exe and save it in your lab3 folder. (Optional, for experienced programmers only: if you're interested in seeing the source code of this program, it's available as greetings.c.)
  2. Open up a terminal window, navigate to your lab3 folder, and run greetings.exe by typing "./greetings.exe" at the command prompt. (Note: you will see a warning message when running this program. This is normal -- the computer has recognized that the program has a security flaw.)
  3. Verify that greetings.exe works as expected with reasonably short inputs.

    Homework exercise 16.6: Give examples of two different inputs for which greetings.exe works as expected.

  4. Mount a buffer overflow attack on greetings.exe, causing the program to crash.

    Homework exercise 16.7: What error message do you see when the program crashes after a buffer overflow?

  5. Experiment further with the program to answer the following question.

    Homework exercise 16.8: What is the size of the buffer allocated by greetings.exe to hold the user's input?

Part 3: Cross-site scripting

You can do this part of the lab on any computer. We will be using Steve Kemp's XSS tutorial for our experiments.

  1. Work through parts 1 and 2 of the tutorial.

    Homework exercise 16.9: Give an example of some input that could be provided to the text box in part 2 of the tutorial ("simple cookie stealing"), that would result in a pop-up window with the message "This is Homework exercise 16.9".

  2. Work through parts 3 and 4 of the tutorial.

    Homework exercise 16.10: Give an example of some input that could be provided to the text box in part 3 of the tutorial ("basic filtered input"), that would result in a pop-up window with the message "This is Homework exercise 16.10".

  3. Work through part 5 of the tutorial.

    Homework exercise 16.11: Give an example of some input that could be provided to the text box in part 2 of the tutorial ("simple cookie stealing"), that results in the user being immediately redirected to Dickinson's homepage.