Difference between revisions of "Talk:Team 10 Main"
(→Working on code -- software folks please read) |
(→Working on code -- software folks please read) |
||
| Line 76: | Line 76: | ||
Well, I wish I could say I made progress on this. After six days of hacking, it's not working. I've got a ton of traces, but still can't seem to make this thing fly. I'll keep working on it tonight. If I can't get it working by tomorrow, I'm going to submit what I've got, with a report on why I think it's not running. I can probably offer such a detailed explanation of the process at this point that it will equal if not better running code. But it's more than annoying that the thing doesn't work. | Well, I wish I could say I made progress on this. After six days of hacking, it's not working. I've got a ton of traces, but still can't seem to make this thing fly. I'll keep working on it tonight. If I can't get it working by tomorrow, I'm going to submit what I've got, with a report on why I think it's not running. I can probably offer such a detailed explanation of the process at this point that it will equal if not better running code. But it's more than annoying that the thing doesn't work. | ||
-- Marty, Friday, 7 PM | -- Marty, Friday, 7 PM | ||
| + | |||
| + | |||
| + | So i've been working on this for the past few hours and even after re-reading the http://thc.org/papers/OVERFLOW.TXT paper its still not working and getting seg faults. the get_sp(void) is given in this paper and should be giving us the correct stackpointer...any word back from the ta? | ||
| + | --steven, friday 12am | ||
== Proposed outline of the report == | == Proposed outline of the report == | ||
Revision as of 06:58, 22 October 2005
Welcome to the Group 10 wiki. Here is some info:
Members with preferred email:
Steven Boray Huang (sbhuang@cs.ucsd.edu) - UCSD
Vitaliy B. Zavesov (zavesov@yahoo.com) - UCSD
Lisa Valdez Josefina (jlvaldez@berkeley.edu) - UCB
Brenda Hernandez (brenn25@berkeley.edu) - UCB-Ugrad
Jessica Miller (jessica@cs.washington.edu) - UW
Marty Lyons (marty@cs.washington.edu) - UW
As of now (14 Oct 2200 PDT) everyone is here except Jessica, pending her addition to the page by Jeff.
Contents
Team 10 members
Since we have to write some code etc, I thought I'd check on the background of folks in our team. I know that they tried to make the groups comprise various disciplines, and the stack smashing papers are pretty short of helpful material if you're not coming at this from the Computer Science side. If everyone can just edit this page with their background, we'll get a better idea on how to break up the tasks. Jessica and I are both here at UW and have the ability to sit together and work, which might help.
Steven Boray Huang (sbhuang@cs.ucsd.edu) - UCSD Computer Science - software engineering and ubiquitous computing (mainly cell phones). I read the assignment and took a look at the code today and since we only need to do sploit1, it doesn't seem too bad. I haven't had a chance to spend too much time on it yet though, just read through the stanford powerpoint slides and the smashing the stack paper. How is everyone else doing?
Vitaliy B. Zavesov (zavesov@yahoo.com) - UCSD I'm a Masters student in Computer Science with specialization in Software Engineering. Steven and I will try to meet this Wednesday to go over the project. I've read through the powerpoint slides and some of the papers and am looking at the code right now.
Josefina Lisa Valdez (jlvaldez@berkeley.edu) - UCB Ok, so I am an undergraduate at UC Berkeley, and I am minoring in Public Policy. I have no background in computer science so, I could do reseacrh to answer the questions...Yeah, Brenda and I can also work together since we are both from UC Berkeley.
Brenda Hernandez (brenn25@berkeley.edu) - UCB-Ugrad
Jessica Miller (jessica@cs.washington.edu) - UW
Marty Lyons (marty@cs.washington.edu) - UW
BACKGROUND: Computer Science as a systems programmer and network engineer. My C coding skills are marginal since I haven't done anything with the language in (gasp) 10 years, but I should be able to recall enough to sort out the project. I'm limited in typing since I've got bad hand tendonitis; so programming involving lots of keyboard time is something I try to avoid if possible.
Working on code -- joint dev using IM
I'm logged into the ucsd dev machine now (Sunday, 6 PM) and I see Steven is there too. If anyone else has AOL Instant Messenger, we can chat that way if we want to work together. I'm on AOL IM as "GoPolar". -- Marty at UW
I've made substantial progress on the code tonight (Sunday) and will likely finish sometime tomorrow afternoon (Monday) if all goes well. At that point, I'm hoping we can get the whole team to co-write the report, particularly the Policy folks. -- Marty at UW, Monday 1 AM
Ok, to be honest, I am a little confused at coding/etc. language, so when you tell us what you did, is there any way to explain what is happening in a non-codish way? I hope that made sense... - Josefina- UCB
Probably the best thing is we'll finish up getting it working (it's close, it's not so much a programming problem anymore, as just understanding some of the terrible documentation they gave us...); then once we have it running, we can write up a summary of how it works.
-- Marty at UW
Working on code -- software folks please read
I've been working on this for quite some time and I have to say the supplied documentation is pretty lacking.
Feel free to look at my code/notes and copy them -- they are in ~cse291g10/sploits/ml/. I'm not a good C programmer by any means so feel free to rewrite (please, make yourself a directory and work off a copy, otherwise we'll all get confused).
I've got things working, but am just trying to finally understand how to arrive at the right addresses. The Stanford powerpoint slides are more confusing than helpful, and I've been finding some other reference material.
-- Marty, Tue, 1 AM
Update: The code compiles clean and is otherwise fine, but I'm having a really hard time parsing the Stanford powerpoint to make sense of how to get the buffer address to reference. Maybe someone else can figure that part out. In theory, all you'll have to do is insert the right address into the code (~cse291g10/sploits/ml/ml.c), run "make", then execute with "./ml". If you get a shell prompt, it worked. It's probably not helping that it's 3:30 AM that I'm not thinking straight on this anymore. I'll pick back up tomorrow afternoon. If someone gets it working by then, just update the wiki. Thanks!
-- Marty (from UW), Tue, 3:30 AM
I tried to figure out the address of the buffer. I was thinking it could be 0xbffff980 because a) this is the contents of the $esp after the buf[] has been allocated in target1 main and b) this is what's being passed into foo as the *out parameter (which is the same as buf[]). I tried to use this address with Marty's code, but I keep getting segmentation faults.
-- Vitaliy Wed 3:00 am
Well, I wish I could say I made progress on this. After six days of hacking, it's not working. I've got a ton of traces, but still can't seem to make this thing fly. I'll keep working on it tonight. If I can't get it working by tomorrow, I'm going to submit what I've got, with a report on why I think it's not running. I can probably offer such a detailed explanation of the process at this point that it will equal if not better running code. But it's more than annoying that the thing doesn't work. -- Marty, Friday, 7 PM
So i've been working on this for the past few hours and even after re-reading the http://thc.org/papers/OVERFLOW.TXT paper its still not working and getting seg faults. the get_sp(void) is given in this paper and should be giving us the correct stackpointer...any word back from the ta?
--steven, friday 12am
Proposed outline of the report
The following is my brainstorming of the outline of our report. Please feel free to modify it or sign up for writing particular sections. Beside the introduction and conclusion, the sections are taken from the project description.
1) Introduction (Why are we doing this exercise?)
2) description of attack techniques attempted, vulnerabilities exposed, and estimated difficulty
3) Estimated dollar value of the damage that such an attack could cause
4) Estimated feasibility and strategic value of the attack technique to a terrorist organization
5) Feasibility and cost of defending against such attacks
6) Conclusion (What did we learn from our analysis?)
-- Vitaliy
