CS591 ST 008

Lab 2 (due 3/11/09)

Ok, this is what I have done so far with lab2.

1) downloaded all files for lab2
2) combed thru lab2exploit.c program
3) combed thru server2.c program
4) updatd lab2exploit.c with new order of assembly commands
5) guessed a number to use for the string size which is larger than 32768 and less than 65536
6) ssh to shasta and passwd
7) ssh to Aleph and passwd (noticed I don't have a user space for diabloo)
8) on Aleph, played with: >% nc 10.0.0.2 8084

Some issues I have had up to this point are:
1) shasta and Aleph have been down almost every time I've tried to log onto them.
2) I'm not sure what the magic number should be. I know the concept of the exploit and the number being too large will be seen as a negative number with a short int variable and thus passes the if validation. Then when the buffer is filled it will be filled passed capacity, upto the return address for when the function finishes its operation. I'm just not sure what value to use to reach this area, and when reached, should this area be filled with another address where the actual asm code is located or should the asm code occupy this area (where the RA is located)?