网络安全代写｜Cyber Security Hw4

本次代写是一个网络安全相关的Homework

Problem 1 (4 + 4 + 4 + 4 Points) – Buffer Overflow:

Consider the program below:

0. int foo(char *arg)
1. {
2. char buf[24];
3. int len = strlen(arg);
4.
5. for (i = 0; i < len; i++)
6. buf[i] = arg[i];
7. return 0;
8. }
9.
10.
11. int main(int argc, char *argv[])
12. {
13. int len = 16;
14. char string[len];
15.
16. if (strlen(argv[1]) > len){
17. exit(1);
18. } else {
19. strcpy(string, argv[1]);
20 }
21. foo(string);
22. exit(0);
22. }

a. Which buffer in this program can be overflowed by an attacker?

b. Can the attacker exploit the buffer overflow in the program to get a shell?

Explain your answer. (Note that you will get 0 points if you do not provide
the proper explanation, even if your true/false answer is correct)

c. For each proposed code change below, indicate whether an attacker can exploit
the new program to get a shell or not after the change. Explain your answer.
(Note that you will get 0 points if you do not provide the proper
explanation, even if your true/false answer is correct)

i. Change line 13 from int len = 16 to: int len = 64
ii. Change line 19 from strcpy(string, argv[1]) to:
strncpy(string, argv[1], len)

Problem 2 – Firewalls (16 pts.):

A corporate network is set up such that users (1.1.1.*) behind the firewall can
access any external HTTP (port 80) host. However, inbound HTTP access gets
restricted to a dedicated web server (1.1.1.1). The firewall is stateful and tracks
incoming and outgoing connections. See the summarized filtering rules in the table
below:

A developer works on a web application on their local machine running on port 80.

As the application is incomplete, they do not publicly expose it. While developing
the application, the developer surfs to a “questionable” website (e.g.,
www.magic8ball.co), looking for solutions to an error they face. The website
belongs to an attacker looking to get a foothold into the company’s network.

A. Can the attacker gain access to the company’s network, and why? If not,
what prevents the attacker from doing so? (10pts)

B. A short power outage resets the firewall (but nothing else in the system).
Does this affect the attacker’s chances? Why or why not? What if the power
outage lasts longer (e. g., hours)? Note that the firewall is persistent across
reboots. (6pts)