/prog/ - /prog/-challenge: HAX MY ANUS

Name: Anonymous 2010-08-31 18:13

Your task:

Write a program that exploits the buffer overflow in the following program, to let it display the string ``Hello World'' on Linux i386:

#include <stdio.h>

#include <stdlib.h>

#include <string.h>



char *readstuff(int length) {

  char *buffa;



  if((buffa = malloc(length)) == NULL)

    return;

  gets(buffa);

  return buffa;

}



int main(int argc, char **argv) {

  char *buffa;



  buffa = readstuff(argc);

  free(buffa);

  return EXIT_SUCCESS;

}

Deadline is this sunday night 23:59:59

Name: Anonymous 2010-08-31 18:18

Supplemental:

<yourprogram> | ./buffa shall output ``Hello World''.

Name: Anonymous 2010-08-31 18:56

So basically what you're asking is a tutorial on buffer overflows? Because every program that does that is going to be almost exactly the same.

Name: Anonymous 2010-08-31 18:57



system("AdobeReader.exe someExploitFile.pdf");

Name: Anonymous 2010-08-31 19:06

>>2

#include <stdio.h>



int main() {

    fprintf(stderr, "``[u]Hello World[/u]''\n");

    return 0;

}

Name: Anonymous 2010-08-31 19:29

printf

Name: Anonymous 2010-08-31 19:43

Nice homework you've got there. Hate for something to happen to it.
And please change that title, we don't want that /b/ stuff in here.

Name: Anonymous 2010-08-31 19:44

print "Hello World!";

Name: Anonymous 2010-08-31 20:03

>>7
Fuck off, ``faggot''.

>>1
I can cook you up a solution, but only for x86-64. Want it?

Name: >>9 2010-08-31 20:22

Also, you'll have to blow me.

Name: Anonymous 2010-08-31 20:49

Can i smash the stack for fun and profit using LISP?

Name: Anonymous 2010-09-01 1:05

>>9
Lead by example.

Name: Anonymous 2010-09-01 1:08

>>9
Sure, go ahead.

Name: Anonymous 2010-09-01 1:20

>>12
Fuck off, ``faggot''.

Name: C99 2010-09-01 1:22

#include <stdio.h>

int main(void) {

  gets((char []){0});

}

Name: Anonymous 2010-09-01 1:32

>>14
Lead by example.

Name: Anonymous 2010-09-01 1:36

>>16
Fuck off, ``faggot''.

Name: Anonymous 2010-09-01 2:17

>>17
Lead by example.

Name: Anonymous 2010-09-01 3:11

>>1
This isn't a "traditional" buffer overflow, it's just completely incorrect code.

The readstuff function allocates a buffer of size N where N is the number of arguments passed to the program. So if you just run ./buffa as you specified, then argc will be zero.

So then when you hit this line of code:



  if((buffa = malloc(length)) == NULL)

    return;

malloc will probably return zero (who knows) and you'll just return, but that function must return a value... shit, your code won't even compile.

Name: Anonymous 2010-09-01 4:24

^zawa _zawa

Name: Anonymous 2010-09-01 4:29

>>20
back to Espoir, please

Name: Anonymous 2010-09-01 4:40

>>21
Kaiji is a computer science graduate who was forced to gamble due to developer outsourcing.

True story.

Name: Anonymous 2010-09-01 5:09

>>19
In your case length will be 1.
Also, the code will ^compile just fine.

Name: Anonymous 2010-09-01 5:12

Updated version, so >>19 will be happy:

#include <stdio.h>

#include <stdlib.h>

#include <string.h>



char *readstuff(int length) {

  char *buffa;



  if((buffa = malloc(length)) == NULL)

    return NULL;

  gets(buffa);

  return buffa;

}



int main(int argc, char **argv) {

  char *buffa;



  buffa = readstuff(argc);

  if(buffa) free(buffa);

  return EXIT_SUCCESS;

}

Name: Anonymous 2010-09-01 5:17

>>18,21
Fuck off, ``faggot''.

Name: Anonymous 2010-09-01 13:53

>>25
Fuck off, ``XARN''.

Name: Anonymous 2010-09-01 16:14

>>5 won.

Name: Anonymous 2010-09-01 17:26

>>27
>>5 didn't exploit a _buffer ^overflow. Also the deadline isn't over, yet.

Name: Anonymous 2010-09-01 20:36

>>28
The buffer was so flewn over that it didn't even touch the program.

Name: Anonymous 2010-09-01 21:30

>>19
argc will never be zero on any sane system.

Name: Anonymous 2010-09-02 2:04

>>30
You're right. I forgot that the executable name counts as argv[0]. So the program always allocates a single byte. It's still completely incorrect and not what OP intended.

Or, if it was intended to work that way, it would be better written as:



#include <stdio.h>



int main(int argc, char **argv)

{

   char c;

   gets(&c);

   return 0;

}

The only difference is that the pointer points to the stack where his points to the heap. No real difference in "exploitability." If it absolutely has to be a heap pointer, do this:



#include <stdio.h>

#include <stdlib.h>



int main(int argc, char **argv)

{

   char *c = malloc(1);

   if (!c) return 1;

   gets(c);

   free(c);

   return 0;

}

... although the check for malloc(1) failing seems a little unnecessary.

Name: Anonymous 2010-09-02 12:43

void main(void){ ... }

I mean, if you're not writing for a microcontroller, why are you using C?

Name: Anonymous 2010-09-02 12:47

>>30
>pulling things out of your ass to sound like an expert
>has never touched a computer

Name: Anonymous 2010-09-02 20:23

the check for malloc(1)
I like how readstuff returns without a value if that failed. That made me laugh a bit, in a disturbed way, because I've seen code like that -- and it's often the very same people who also use dangerous functions like gets.

Name: Anonymous 2010-09-03 7:51

>>33
Don't know how to quote
...
Fuck this, I'm not dropping to your _{i^{m^{a_{g_{e^{b^{o_{a_{r^{d _{s_c^{u^m}}}}}}}}}}}} quoting level. Learn C.

^{I^{H^B_T}}

Name: Anonymous 2010-09-05 6:09

The deadline is near. Any serious submissions?

Name: Anonymous 2010-09-05 7:03

>>36
I'm not hacker, i'm an artist.

Name: Anonymous 2010-09-05 7:07

>>36
What do you want? There's a possibility for a heap overflow, but that's not going to help you

Name: Anonymous 2010-09-05 8:19

So which time zone is this?

Name: Anonymous 2010-09-05 9:14

>>39
Paris, I believe. You can tell by the high level of homosexuality.

Name: Anonymous 2010-09-05 14:22

>>1 here.
Since I will go to sleep now and when I wake up, it will be monday in this time zone, I hereby declare >>5 to be the winner.

Congratulations!

Name: Anonymous 2010-09-05 15:28

>>41 Epic samefag from >>5

Name: VIPPER 2010-09-05 15:49

>>42
Epic
samefag

JEWS

Name: Anonymous 2010-09-05 17:35

>>42
back to /b/, please, you fucking retard.

Name: not >>42 2010-09-05 19:02

>>44
Fuck off, ``faggot''.

Name: not >>46 2010-09-06 9:58

>>45
There's no need for that kind of language.

Name: Anonymous 2010-09-06 10:59

>>46
Fuck off, ``faggot''.

Name: Anonymous 2010-09-06 11:08

>>47
Stop spamming.

Name: Fuck off, !Ep8pui8Vw2 2010-09-06 14:46

>>48
Fuck off, ``faggot''.

Name: Anonymous 2010-09-06 16:58

>>45,47,49
I always assumed these were a bot that just scanned for the phrase "back to ___, please," but apparently not the case.

Name: Anonymous 2010-09-06 17:04

>>50
It's sad, isn't it?

Name: Fuck off, !Ep8pui8Vw2 2010-09-06 19:08

>>50,51
Fuck off, ``faggot''.

Name: Anonymous 2010-09-06 19:10

>>52
Your cute when youre incompetent rage.

Name: Fuck off, !Ep8pui8Vw2 2010-09-06 19:16

>>53
Your cute when youre incompetent grammar.

Name: Anonymous 2010-09-06 19:58

>>54
Your good at noticing obvious things and avoiding the real point by focusing on being a pedant.

Name: Fuck off, !Ep8pui8Vw2 2010-09-06 22:54

>>55
Congratulations, you just described the typical /prog/rider. Idiot.

Name: Anonymous 2010-09-07 6:15

This question is too basic and simple. It's also very platform-dependent. Exploiting buffer overflows requires knowledge of the underlying platform, as the shellcode and actual exploit will differ, even within different versions of the same OS and CPU.

Here's the document most people learned from when it comes to exploiting stack overflows:
http://www.phrack.com/issues.html?issue=49&id=14&mode=txt

More interesting challenges are heap overflows and format string vulnerabilities.

Name: >>57 2010-09-07 7:00

Nevermind, I should have read more carefully, yours is a classic heap overflow, so, read this:
http://www.phrack.org/issues.html?issue=57&id=9&mode=txt
http://www.infosecwriters.com/texts.php?op=display&id=19
http://www.sans.edu/resources/student_presentations/heap_overflows_notes.pdf

It's still platform-dependent ( you need to know which malloc implementation is in use, the CPU, the exact OS, and possibly the generated binary after compilation).

Name: Anonymous 2010-09-07 7:11

>>56
A class of person to which you belong, no less. Congratulations, you're average.

Name: Anonymous 2010-12-17 1:28

Xarn is a bad boyfriend

/prog/-challenge: HAX MY ANUS

1 Name: Anonymous 2010-08-31 18:13

2 Name: Anonymous 2010-08-31 18:18

3 Name: Anonymous 2010-08-31 18:56

4 Name: Anonymous 2010-08-31 18:57

5 Name: Anonymous 2010-08-31 19:06

6 Name: Anonymous 2010-08-31 19:29

7 Name: Anonymous 2010-08-31 19:43

8 Name: Anonymous 2010-08-31 19:44

9 Name: Anonymous 2010-08-31 20:03

10 Name: >>9 2010-08-31 20:22

11 Name: Anonymous 2010-08-31 20:49

12 Name: Anonymous 2010-09-01 1:05

13 Name: Anonymous 2010-09-01 1:08

14 Name: Anonymous 2010-09-01 1:20

15 Name: C99 2010-09-01 1:22

16 Name: Anonymous 2010-09-01 1:32

17 Name: Anonymous 2010-09-01 1:36

18 Name: Anonymous 2010-09-01 2:17

19 Name: Anonymous 2010-09-01 3:11

20 Name: Anonymous 2010-09-01 4:24

21 Name: Anonymous 2010-09-01 4:29

22 Name: Anonymous 2010-09-01 4:40

23 Name: Anonymous 2010-09-01 5:09

24 Name: Anonymous 2010-09-01 5:12

25 Name: Anonymous 2010-09-01 5:17

26 Name: Anonymous 2010-09-01 13:53

27 Name: Anonymous 2010-09-01 16:14

28 Name: Anonymous 2010-09-01 17:26

29 Name: Anonymous 2010-09-01 20:36

30 Name: Anonymous 2010-09-01 21:30

31 Name: Anonymous 2010-09-02 2:04

32 Name: Anonymous 2010-09-02 12:43

33 Name: Anonymous 2010-09-02 12:47

34 Name: Anonymous 2010-09-02 20:23

35 Name: Anonymous 2010-09-03 7:51

36 Name: Anonymous 2010-09-05 6:09

37 Name: Anonymous 2010-09-05 7:03

38 Name: Anonymous 2010-09-05 7:07

39 Name: Anonymous 2010-09-05 8:19

40 Name: Anonymous 2010-09-05 9:14

41 Name: Anonymous 2010-09-05 14:22

42 Name: Anonymous 2010-09-05 15:28

43 Name: VIPPER 2010-09-05 15:49

44 Name: Anonymous 2010-09-05 17:35

45 Name: not >>42 2010-09-05 19:02

46 Name: not >>46 2010-09-06 9:58

47 Name: Anonymous 2010-09-06 10:59

48 Name: Anonymous 2010-09-06 11:08

49 Name: Fuck off, !Ep8pui8Vw2 2010-09-06 14:46

50 Name: Anonymous 2010-09-06 16:58

51 Name: Anonymous 2010-09-06 17:04

52 Name: Fuck off, !Ep8pui8Vw2 2010-09-06 19:08

53 Name: Anonymous 2010-09-06 19:10

54 Name: Fuck off, !Ep8pui8Vw2 2010-09-06 19:16

55 Name: Anonymous 2010-09-06 19:58

56 Name: Fuck off, !Ep8pui8Vw2 2010-09-06 22:54

57 Name: Anonymous 2010-09-07 6:15

58 Name: >>57 2010-09-07 7:00

59 Name: Anonymous 2010-09-07 7:11

60 Name: Anonymous 2010-12-17 1:28