CYS523 M3.6
Two part: 1st part is the instruction below and in order to provide second part i have to post 1st part by deadline. 2nd part is three response to other strudents post.
Introduction
Invalidated inputs are always a big threat to website security. In this activity, you will discuss the popular buffer overflow attack and its countermeasures.
Instructions
Before starting with the assignment, refer to the following website:
A Shellcode: The Payload https://www.tenouk.com/Bufferoverflowc/Bufferoverflow5.html
Now, consider the following C program used for authenticating a user to log into the software. The hacker bypasses the authentication and logs into the software. Analyze the following program to identify the possible cause of the breach in the code.
#include <stdio.h> #include <string.h> void main { char buffer[20]; int flag = 0; printf(” Enter your password : n”); gets(buffer); if(strcmp(buffer, “123456”)) { printf (“n Incorrect Password n”); } else { printf (“n Correct Password n”); flag = 1; } if(flag) { printf (“n Granted Access n”); } }
Respond to the following:
Examine the above code and discuss how it is vulnerable to Buffer Overflow Attack.
Explain how hackers inject shellcodes into the system using a Buffer Overflow Attack.
After posting your initial response, select two of your peers to discuss how you would each refine the code to mitigate the vulnerabilities in the existing code.