Remote Shell-Code Execution using the SLMail-5.5.0 Service

ECE 5526 - Engineering Principles of Computer Intrusion and Detection

Summary Today we extend the previous experiment with probing a buffer exploit vulnerability inside SLMail and getting the program to execute the remotely placed shell-code. We successfully get SLMail to open a TCP socket listening socket on port 4444 leading to a Administrative privileged command prompt. The shell-code is loading... [Read More]
Tags: networking, security, kali, exploit, programming, software, linux, school, server, bash, security, python

Buffer Overflow SLMail-5.5.0 Service and Gain Root Shell

ECE 5526 - Engineering Principles of Computer Intrusion and Detection

Summary Today we introduce the buffer overflow vulnerability by using a known case in the SLMail5.5.0 application released in 2001. We discuss how an exploit is constructed and then use Python to create a script that will overflow the memory buffer. By the end of the experiment we demonstrate that... [Read More]
Tags: networking, security, kali, programming, software, linux, school, server, bash, security, python

Stop and Wait Data Communication Protocol

ECE 4532 - Data Communications

Summary Today we introduce the stop-and-wait sliding window transmission method and compare the performance for difference values of window size and sequence size. We find that a window size that is too small decreases performance but having a window size that is too big introduces the probability that errors will... [Read More]
Tags: programming, c code, networking, microcontroller, flowcontrol, TCP