Deneb (Launched 2000)

• Password: neveruseit
• (20 points)

EvanBot’s message is alarming. Could the Caltopian Jupiter exploration project
have some secondary evil purpose? Following Bot’s advice, you decide to hack into
the Deneb satellite to investigate further.

The fear of the Y2K bug at the turn of the century drove Gobian engineers to
conduct a sweeping evaluation of its systems and correct any deficiencies. Deneb,
the first Gobian satellite launched in the 21st century, features a more secure version
of the original Spica file viewing utility.

Consider what security vulnerabilities occur during error checking. Which security principles are involved in correctly implementing error checking?

Your task

Like Question 3, this question uses an interact script instead of an egg script, and the interact script has already been created for you. As before, you have access to a SHELLCODE variable and the p.send(s) and p.recv(n) functions. Refer to the interact API section of Question 3 for more information.

Debugging

You might find it helpful to use two terminals to debug this question.

If you are using the online setup, you can use the following command in a second terminal to connect to the Hive machine:

$ ssh -t cs161-XXX@hiveYY.cs.berkeley.edu \~cs161/proj1/connect

Alternatively, on the local (VirtualBox) setup, you can simply open two terminals on your local computer and SSH into the VM on both terminals.

To start a debugging session:

• In terminal 1: Start gdb (./debug-exploit)

• In terminal 2: Start an interactive Python shell (python)

• In terminal 2: >>> from scaffold import *

To run any p.send and p.recv calls in your interact script, use terminal 1 to type input or read output from gdb. For any other Python function calls in your interact script, type the lines of Python code into terminal 2 to execute them.

Deliverables

A script interact and a writeup. Make sure the script works by running ./exploit.