• Home

personal

CY501 – Quiz 1

Introduction to Cybersecurity

1

Lecture Review Before quiz

2

A program vulnerability is a software weakness that could be exploited to cause harm

List:

Hard-coded Credentials

Buffer Overflow

SQL Injection

OS Command Injection

Integer Overflow or Wraparound

Uncontrolled Format String

Program Vulnerabilities

3

Hard-coded credentials

Embed login, identity, password, pin, secret key, etc. in code.

4

Quiz

Dr. Naive is a ‘good’ programmer except he never cared about SW security. You will convince him the vulnerabilities in his code by breaking one of his programs.

5

Quiz

Steps:

Download Dr.Naive.zip (which includes temp1.c, temp2.c, and temp3.c source templates and Dr.Naive executable generator) from Unit 3->Resources to your Virtual Machine

Use the following commands to generate 3 executables, which have hard-coded credentials. You will be prompted to provide your login for the 3 executables to name after

$>./Dr.Naive 1

$>./Dr.Naive 2

$>./Dr.Naive 3

Crack the pin for one of the 3 executables. Upload screenshots to prove you successfully cracked the pin

6