Homework #11

¢ Download the “gdb4.tar.gz” file on E-ruri

¢ WARNING: Do not let the Windows WinZip program open up your
.tar file(many Web browsers are set to do this automatically).
Instead, save the file to your Linux directory and use the Linux tar
program to extract the compressed file. You should NEVER use any
platform other than Linux to do this.
¢ After downloading it, please try:
§ $ tar –xvzf gdb4.tar.gz
§ ls
¢ Then, you can see the files below
§ gdb4
§ gdb4.c
§ gdb4.h
§ getCorrectAnswerIter_key.o
¢ Please don’t try re-compilation. the executable, gdb4 was built with
multiple source files besides gdb4.c
1
Homework #11 - cont’d
¢ Please try:
§ $ sudo chown root.root gdb4
§ $ sudo chmod u+x gdb4
§ $ sudo chmod u+s gdb4
¢ Please execute gdb4 and input your studentID as follows:

< Figure 1> 2

Homework #11 - cont’d
¢ In HW#10, you have to find a proper input to get root’s shell
prompt (a.k.a, root escalation)
¢ See example below

< Figure 2>

¢ In the example above, I intentionally removed the answer J

¢ Find your answer and get the root shell
¢ Tips : the answer consists of any keys that you can find on
your keyboard including number, special character(!@#$....),
and alphabets (i.e., ASCII code) 3
Homework #11 - cont’d
¢ Submit
§ Your answer (.txt file)
§ Screenshot (.jpg or .png) as shown in Figure 2, which must include the
results of the following commands:
§ whoami
§ ./gdb4
§ your answer
§ whoami

§ I’ll score your hand-in based on the text file

§ If it doesn’t works, you get zero score.
§ So please write the textfile with the correct answer and test it
before you submit it.