Lab 08: Connect and Conquer

Submission instructions for labs can be found on the resource pages. In paticular, you should view this subsection: Creating a new branch and submitting

Description

• Modify the remote shell program such that it is now an echo server. When a client connects, it will read from the socket and echo back what was read to the client.

Preamble

• The assignment can be completed on your vm repository

• gitlab repository

  http://saddleback.academy.usna.edu/aviv/lab-8.1
  

Instructions

• Fork and clone the repository
• Your task is to complete the echo_server.asm program such that it will execute an echo server on port 31337.
• You echo server must accept incoming connections and be able to read from the sockets of strings of aribitrary length and write back aribitrary strings to the client.

• The code you must translate into assembly should be similar to the following:

  while( (r = read(client_sock, buf, 10)) > 0){
     if ( write(client_sock, buf, r) != r ){
        exit(3);
     }
  }
  exit(3);
  

• Your assembly must be proper shell code in that it should not contain any NULL bytes and must be able to execute with the dummy_exploit program:

  ./dummy_exploit $(printf `./hexify.sh assembly_rsh`)
  

• When completed properly, you should be able to execute your echo server in one terminal like above. In another terminal, you can connect to the the server and get responses:

  user@si485H-base:~$ netcat localhost 31337
  short
  short
  looooooooooooooooong
  looooooooooooooooong
  very very very very very very very very very very very very very very loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong
  very very very very very very very very very very very very very very loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong
  ^D
  

• When the client closes the connection with Ctrl-D (EOF), the echo serve should exit with status 3:

  user@si485H-base:8.1$ ./dummy_exploit $(printf `./hexify.sh echo_server`)
  user@si485H-base:8.1$ echo $?
  3
  

Submission

• You must submit at least one files: echo_server.asm

Hints

• What are the return values of read() and write() and how can you condion on them?

Description

• Modify the remote shell program such that it will funciton as a client and connect a service running on saddleback.

Preamble

• The assignment can be completed on your vm repository

• gitlab repository

  http://saddleback.academy.usna.edu/aviv/lab-8.2
  

Instructions

• Fork and clone the repository
• Your task is to complete the batman.asm program such that it will function as a socket client.
• Your program will connect to saddleback.academy.usna.edu on port 47733.
• Once connect, you will read the message from the server and print it to the screen. The result should be the bat signal:

MMMMMMMMMMMMMMMMMMMMM.                             MMMMMMMMMMMMMMMMMMMMM
 `MMMMMMMMMMMMMMMMMMMM           M\  /M           MMMMMMMMMMMMMMMMMMMM'
   `MMMMMMMMMMMMMMMMMMM          MMMMMM          MMMMMMMMMMMMMMMMMMM'  
     MMMMMMMMMMMMMMMMMMM-_______MMMMMMMM_______-MMMMMMMMMMMMMMMMMMM    
      MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM    
      MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM    
      MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM    
     .MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM.    
    MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
                   `MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM'                
                          `MMMMMMMMMMMMMMMMMM'                    
                              `MMMMMMMMMM'                              
                                 MMMMMM                              
                                  MMMM                                  
                                   MM

• You may want to read in a loop or execute a program that will do so for you.
• Next, your program should respond with "go robin", and the server will respond with the following ASCII art:

       ___
     .'``.``.
 ___/ (o) `, `.
'-==`,     ;   `.
     \    :      `-.
     /    ';        `.
    /      .'         `.
    |     (      `.     `-.._
     \     \` ` `. \         `-.._
      `.   ;`-.._ `-`._.-. `-._   `-._
        `..'     `-.```.  `-._ `-.._.'
          `--..__..-`--'      `-.,'
             `._)`/
              /  /
             /--(
          -./,--'`-,
       ,^--(                    
       ,--' `-,

• Your shell code should have no NULL's and execute as follows:

user@si485H-base:8.1$ ./dummy_exploit $(printf `./hexify.sh batman`)
MMMMMMMMMMMMMMMMMMMMM.                             MMMMMMMMMMMMMMMMMMMMM
 `MMMMMMMMMMMMMMMMMMMM           M\  /M           MMMMMMMMMMMMMMMMMMMM'
   `MMMMMMMMMMMMMMMMMMM          MMMMMM          MMMMMMMMMMMMMMMMMMM'
     MMMMMMMMMMMMMMMMMMM-_______MMMMMMMM_______-MMMMMMMMMMMMMMMMMMM
      MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
      MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
      MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
     .MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM.
    MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
                   `MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM'
                          `MMMMMMMMMMMMMMMMMM'
                              `MMMMMMMMMM'
                                 MMMMMM
                                  MMMM
                                   MM         
                   ___
                 .'``.``.
             ___/ (o) `, `.
            '-==`,     ;   `.
                 \    :      `-.
                 /    ';        `.
                /      .'         `.
                |     (      `.     `-.._
                 \     \` ` `. \         `-.._
                  `.   ;`-.._ `-`._.-. `-._   `-._
                    `..'     `-.```.  `-._ `-.._.'
                      `--..__..-`--'      `-.,'
                         `._)`/
                          /  /
                         /--(
                      -./,--'`-,
                   ,^--(                    
                   ,--' `-,

Submission

• You must submit at least one files: batman.asm

Hints

• connect() is a lot like a bind() and accept()
• strace is SUPER USEFUL!

Description

• Modify the remote shell program such that it will funciton as multi-processor shell sever. Multiple clients can connect and access shells. This will be done through the fork() system call, where each new client connection will fork a new process which will start a remote shell.

Preamble

• The assignment can be completed on your vm repository

• gitlab repository

  http://saddleback.academy.usna.edu/aviv/lab-8.2
  

Instructions

• Fork and clone the repository
• Your task is to complete the rsh_server.asm program such that it will execute a remote shell server on port 31337.
• Your shell server must be able to accept incomping connections, and for each incoming connection, it will fork a new process which well execute a remote shell.
• The remote shell will have all standard file descriptors duplicated onto the client socket and have "/bin/sh" executed via with execv() system call.

• Your assembly must be proper shell code in that it should not contain any NULL bytes and must be able to execute with the dummy_exploit program:

  ./dummy_exploit $(printf `./hexify.sh rsh_server`)
  

• When completed properly, you should be able to execute your echo server in one terminal like above. In two terminals, simultanesouly, you can connect to the the server and get responses:

  user@si485H-base:~$ netcat localhost 31337
  ls  
  Makefile
  README.org
  README.org~
  dummy_exploit
  dummy_exploit.c
  hexify.sh
  rsh_server
  rsh_server.asm
  rsh_server.asm~
  rsh_server.o
  ^C
  user@si485H-base:~$ netcat localhost 31337
  cat /etc/passwd | grep root
  root:x:0:0:root:/root:/bin/bash
  ^C
  

Submission

• You must submit at least one files: echo_server.asm

Hints

• Be quick on the killall trigers.