Exercise 1: debug and find the canary
Use gdb to find the canary position on the stack for a given executable file. Manually overwrite the canary and observe the stack smashing message.
Hint: the canary is read from
gs:0x14 and changes at every execution. Register gs points to the process data area which contains the canary at a fixed offet.
Exercise 2: show the canary value
Write a program that prints its own canary value.
Hint: once you think you are printing the canary, make the program itself overwrite it so that you make the program self-abort. This will confirm you are really printing the canary.
Exercise 3: overwrite return address with the canary
Modify the vulnerable program we discussed in previous class so that it explicitly reveals the canary. This simulates the presence of a vulnerability that gives read access to the stack. Then, try to attack the program by overwriting the return address in presence of the canary (with stack protector enabled!).