Blog

This calligraphy is an important art form in which religion? Muslim calligraphy.jpg 

French sociologist Émile Durkheim insists in his definition of religion on

The term “Oral Torah” is associated with which group?

Select all correct answers regarding cookies that is introduced in the web security basics lecture videos.

Task C: “Argument for system()” in the question 18 requires understanding in exact machine effects achieved by X86 function prolog and epilog.     The following table lists X86 gcc compiler generated function epilog instructions. Copy the following table into the answer text box and fill the table with the appropriate %esp and %ebp register values right after the execution of the each instruction in the function epilog. For this question, suppose the following; %esp = 0xbfff1230%ebp = 0xbfff1210M[0xbfff120c]=0xf7312420 # The content of 4 bytes of memory referenced by the address 0xbfff120c is 0xf7312420 M[0xbfff1210]=0xbfff11f0M[0xbfff122c]=0xf7123120M[0xbfff1230]=0xf7304f80 Function epilog x86 instructions in AT&T assembly format  %ebp  %esp movl %ebp, %esp popl %ebp ret # popl %eip

The payload (“badfile”), which being properly created with Tasks A, B, and C, enables to obtain “/bin/sh” with a regular user privilege. Even though the stack program is a root-owned set-uid program and return-to-libc attack is successfully launched,  we still won’t be able to obtain “/bin/sh” with a root privilege. Describe the additional tasks other than Tasks A, B, and C to obtain a root shell. Note that you are *NOT* allowed to use “/bin/zsh” instead. 

The following is an entry inside the /etc/passwd file. What is the user ID (numeric) of the user bob? bob:x:2000:3000:SEED,,,:/home/bob:/bin/bash

The tag in a malicious HTML page will generate the HTTP Get request when the page is loaded to the victim’s web browser?

Web servers know whether an HTTP request is cross-site or not.

Suppose the regular user seed (UID 1000) was able to successfully launch Buffer-Overflow-Attack on this root-owned SetUID program simple_stack using the shellcode. However, the user seed wasn’t able to get a root prompt, but a regular prompt. Explain why.