{"id":28607012,"url":"https://github.com/yosef-alsabbah/software-security-buffer-overflow","last_synced_at":"2026-04-15T07:35:29.046Z","repository":{"id":296519275,"uuid":"993660760","full_name":"Yosef-AlSabbah/Software-Security-Buffer-Overflow","owner":"Yosef-AlSabbah","description":"This repository contains my homework assignment for the Software Security course, demonstrating a buffer overflow vulnerability in C. It includes a simple C program with a vulnerable function, Python scripts to create exploit payloads, and a report explaining the exploitation steps and results.","archived":false,"fork":false,"pushed_at":"2025-05-31T08:52:35.000Z","size":674,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-10-09T03:37:42.043Z","etag":null,"topics":["assignment","buffer-overflow","buffer-overflow-attack","c","software-security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Yosef-AlSabbah.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-31T08:35:31.000Z","updated_at":"2025-09-29T07:39:51.000Z","dependencies_parsed_at":"2025-05-31T20:29:04.120Z","dependency_job_id":"745fcff3-2e4d-402d-9dd3-c3e4073f8e2a","html_url":"https://github.com/Yosef-AlSabbah/Software-Security-Buffer-Overflow","commit_stats":null,"previous_names":["yosef-alsabbah/software-security-buffer-overflow"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Yosef-AlSabbah/Software-Security-Buffer-Overflow","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Yosef-AlSabbah%2FSoftware-Security-Buffer-Overflow","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Yosef-AlSabbah%2FSoftware-Security-Buffer-Overflow/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Yosef-AlSabbah%2FSoftware-Security-Buffer-Overflow/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Yosef-AlSabbah%2FSoftware-Security-Buffer-Overflow/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Yosef-AlSabbah","download_url":"https://codeload.github.com/Yosef-AlSabbah/Software-Security-Buffer-Overflow/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Yosef-AlSabbah%2FSoftware-Security-Buffer-Overflow/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31831847,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-15T07:17:56.427Z","status":"ssl_error","status_checked_at":"2026-04-15T07:17:30.007Z","response_time":63,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["assignment","buffer-overflow","buffer-overflow-attack","c","software-security"],"created_at":"2025-06-11T20:43:07.805Z","updated_at":"2026-04-15T07:35:29.041Z","avatar_url":"https://github.com/Yosef-AlSabbah.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Software Security Buffer Overflow HW1\n\nThis repository contains my homework assignment for the Software Security course, demonstrating a buffer overflow vulnerability in C.  \n**All personal data (student ID, quiz grade, phone number) is securely managed with environment variables in a `.env` file.**\n\n---\n\n## Assignment Description\n\n**Buffer Overflow HW1**\n\nWe have demonstrated in the lecture practically buffer overflow.  \nDescription, code and instructions are shared at Moodle.\n\nYou are asked to demonstrate understanding of buffer overflow by implementing and exploiting the vulnerability using the files provided.\n\n**Tasks:**\n1. Code should have a variable that stores your university ID number. By exploiting buffer overflow, change that number to the grade you got in the last quiz.\n2. Having a secret function in the code that prints your actual mobile number, use buffer overflow to demonstrate how you can trigger that function and print its contents.\n\nPlease give a detailed report showing the steps you went through to exploit the vulnerability, showing screenshots of memory dump of the memory address of the secret function and output of exploitation.\n\nThe more detailed the report the better, and with your own language.\n\nDuplicate reports will be assigned zero grade.\n\nGood Luck\n\n---\n\n## Project Structure\n\n```\nsoftware-security-buffer-overflow-hw1/\n│\n├── assignment/\n│   ├── hw1_buffer_overflow.c\n│   ├── payload_for_id.py\n│   ├── payload_for_secret.py\n│\n├── images/\n│   ├── task1_screenshot.png\n│   ├── task2_screenshot.png\n│\n├── .env\n├── README.md\n```\n\n- All assignment files are in the `assignment/` folder.\n- All screenshots and images are in the `images/` folder.\n\n---\n\n## Setup\n\n1. **Create a `.env` file** in the project root:\n    ```\n    STUDENT_ID=\u003cYour Student ID\u003e\n    QUIZ_GRADE=\u003cYour Quiz Grade\u003e\n    PHONE=\u003cYour Phone Number\u003e\n    SECRET_ADDR=0x401196\n    ```\n   *Replace with your own values. Do **not** commit your real `.env` file to the repository.*\n\n2. **Load environment variables before running code:**\n    ```bash\n    export $(cat .env | xargs)\n    ```\n\n3. **Compile the C code:**\n    ```bash\n    cd assignment\n    gcc -fno-stack-protector -z execstack -no-pie -o hw1 hw1_buffer_overflow.c\n    ```\n\n---\n\n## Task 1: Overwrite Student ID Variable\n\n**Goal:**  \nExploit the buffer overflow to change the student ID variable to the quiz grade.\n\n### Steps\n\n1. The C program loads `\u003cStudent ID\u003e` and `\u003cQuiz Grade\u003e` from environment variables.\n2. The vulnerable function uses `gets(buffer)` for input.\n3. Using Python, generate a payload that fills the buffer and overwrites the value of the student ID variable.\n4. Run the payload generator and pipe its output to the program.\n\n```bash\npython3 assignment/payload_for_id.py | ./assignment/hw1\n```\n\n### Example Output\n\n```\nid before exploit: \u003cStudent ID\u003e\ntype something:\nyou typed: \u003cexploit payload\u003e\nstudent id now: \u003cQuiz Grade\u003e\n```\n\n### Screenshot\n\n![Task 1 Screenshot](images/task1_screenshot.png)\n\n---\n\n## Task 2: Trigger Secret Function\n\n**Goal:**  \nExploit the buffer overflow to overwrite the return address and jump to the secret function, which prints your phone number.\n\n### Steps\n\n1. The secret function prints `\u003cPhone Number\u003e` from the environment.\n2. Find the memory address of `secret_function` (see below).\n3. Use Python to generate a payload that overflows the buffer and sets the return address to the secret function.\n4. Run the payload generator and pipe its output to the program.\n\n```bash\npython3 assignment/payload_for_secret.py | ./assignment/hw1\n```\n\n### Example Output\n\n```\nid before exploit: \u003cStudent ID\u003e\ntype something:\nyou typed: \u003cexploit payload\u003e\nmy phone is \u003cPhone Number\u003e\n```\n\n### Screenshot\n\n![Task 2 Screenshot](images/task2_screenshot.png)\n\n---\n\n## Finding the Secret Function Address\n\nTo find the address of `secret_function`, use `gdb`:\n\n```bash\ngdb ./assignment/hw1\n(gdb) disas secret_function\n```\n\nOr print it directly:\n\n```bash\n(gdb) p secret_function\n$1 = {\u003ctext variable, no debug info\u003e} 0x401196 \u003csecret_function\u003e\n```\n\n**Memory dump screenshot should be provided:**  \n*(See `images/task2_screenshot.png`)*\n\n---\n\n## How the Code Uses Environment Data\n\n- All sensitive values (student ID, quiz grade, phone number, secret function address) are read from environment variables.\n- There are **no hardcoded personal values** in the C or Python source code.\n- The code falls back to placeholders only if the environment variable is missing.\n\n---\n\n## Security Note\n\n- **Never use unsafe functions like `gets()` in real code.**\n- Always use environment variables for sensitive data, never hardcode them.\n- Buffer overflows are a critical security threat and must be prevented in production software.\n\n---\n\n## Problems Faced\n\n- Modern systems often crash on buffer overflow due to protections such as stack canaries, ASLR, and DEP.\n- In some environments, the exploit only causes a segmentation fault, which proves the vulnerability exists even if exploitation is not fully successful.\n\n---\n\n## Key Takeaways\n\n- Buffer overflows can be used to manipulate program execution and memory.\n- Protect sensitive data using environment variables and never hardcode them.\n- Secure coding practices are essential to prevent these vulnerabilities.\n\n---\n\n## License\n\nThis project is for educational purposes only.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyosef-alsabbah%2Fsoftware-security-buffer-overflow","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyosef-alsabbah%2Fsoftware-security-buffer-overflow","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyosef-alsabbah%2Fsoftware-security-buffer-overflow/lists"}