Activity: Keylogger or Buffer Overflow

For this activity, we will be creating the foundation for different types of attacks. You are to implement one of these, not both. These are the Keylogger and Buffer Overflow attack, please see notes below before getting started.

Installing VM's

I would suggest using some of the following VM's if you want to be safe with your computer. You can put any OS you choose on these VM's, but if you are interested or are using Kali Linux for your project this might be the best options.

  • VirtualBox: A free, open-source virtualization software from Oracle, available for Windows, Linux, and MacOS.
  • VMware Workstation Player: A free version of VMware Workstation, suitable for personal use, allowing users to create and run virtual machines on their desktops or laptops.
  • Microsoft Hyper-V: A built-in virtualization feature in Windows, allowing users to create and run virtual machines on their Windows systems.

Non-Negotiable "Musts"

  1. These will only be used in a controlled, academic setting. These may never be used outside of classroom for any malicious activity.
  2. You will submit a text version of your code, screenshots of your work functioning, and proof of a successful output. I would do this in a Word/Google Doc. This needs to be submitted via a PDF
  3. You should execute these in a sandboxed mode or a VM to avoid infecting your actual systems.
  4. You need to have a “failsafe" button to stop the program. This can be any key you choose, but this needs to be implemented.

Keylogger


The objective of this work is to help understand how malware works by creating simple malicious scripts (in a safe and controlled environment) and analyzing them to understand their behavior and potential consequences. Your goal is to write a simple keylogger in any programming language that you choose. The only necessary function of your script will be to record keystrokes and store them in a log file, this should be submitted.


Analysis Questions

  1. How does your keylogger works?
  2. How did the system response to the keylogger?
  3. How difficult did you find this script/program to implement.
  4. Do you feel you could add different mechanisms to make this more difficult to detect?
  5. Do you feel confident that you could prevent/detect this attack from occuring on a system?





Buffer Overflow


The objective of this work is to help students see the vulnerabilities of a buffer overflow attack, and experiment to see what is possible with this type of vulnerability. This assignment is a bit more advanced, and I would suggest proficency in the C language.

Instructions

  1. You first need to implement vulnerable code. This means using something like gets() that does not check bounds.
  2. You can then begin passing in various types of input. You can also use tools like gdb or pwndbg to assist in seeing how the memory is interacting.
  3. (Optional)Then, try to push a new function to the return value, preferrably something like "Hello World!".
  4. Lastly, you want to "fix" your vulnerablitiy.


Analysis Questions

  1. How does your buffer overflow program work?
  2. How did the system response to the memory leak?
  3. How difficult did you find this script/program to implement.
  4. Do you feel you could add different mechanisms to make this more difficult to detect?
  5. Do you feel confident that you could prevent/detect this attack from occuring on a system?


This should be submitted via Kit under the Activity: Keylogger or Buffer Overflow.