/prog/ - /prog/-challenge: HAX MY ANUS

Name: Anonymous 2010-08-31 18:13

Your task:

Write a program that exploits the buffer overflow in the following program, to let it display the string ``Hello World'' on Linux i386:

#include <stdio.h>

#include <stdlib.h>

#include <string.h>



char *readstuff(int length) {

  char *buffa;



  if((buffa = malloc(length)) == NULL)

    return;

  gets(buffa);

  return buffa;

}



int main(int argc, char **argv) {

  char *buffa;



  buffa = readstuff(argc);

  free(buffa);

  return EXIT_SUCCESS;

}

Deadline is this sunday night 23:59:59

Name: Anonymous 2010-09-05 14:22

>>1 here.
Since I will go to sleep now and when I wake up, it will be monday in this time zone, I hereby declare >>5 to be the winner.

Congratulations!

Name: Anonymous 2010-09-05 15:28

>>41 Epic samefag from >>5

Name: VIPPER 2010-09-05 15:49

>>42
Epic
samefag

JEWS

Name: Anonymous 2010-09-05 17:35

>>42
back to /b/, please, you fucking retard.

Name: not >>42 2010-09-05 19:02

>>44
Fuck off, ``faggot''.

Name: not >>46 2010-09-06 9:58

>>45
There's no need for that kind of language.

Name: Anonymous 2010-09-06 10:59

>>46
Fuck off, ``faggot''.

Name: Anonymous 2010-09-06 11:08

>>47
Stop spamming.

Name: Fuck off, !Ep8pui8Vw2 2010-09-06 14:46

>>48
Fuck off, ``faggot''.

Name: Anonymous 2010-09-06 16:58

>>45,47,49
I always assumed these were a bot that just scanned for the phrase "back to ___, please," but apparently not the case.

Name: Anonymous 2010-09-06 17:04

>>50
It's sad, isn't it?

Name: Fuck off, !Ep8pui8Vw2 2010-09-06 19:08

>>50,51
Fuck off, ``faggot''.

Name: Anonymous 2010-09-06 19:10

>>52
Your cute when youre incompetent rage.

Name: Fuck off, !Ep8pui8Vw2 2010-09-06 19:16

>>53
Your cute when youre incompetent grammar.

Name: Anonymous 2010-09-06 19:58

>>54
Your good at noticing obvious things and avoiding the real point by focusing on being a pedant.

Name: Fuck off, !Ep8pui8Vw2 2010-09-06 22:54

>>55
Congratulations, you just described the typical /prog/rider. Idiot.

Name: Anonymous 2010-09-07 6:15

This question is too basic and simple. It's also very platform-dependent. Exploiting buffer overflows requires knowledge of the underlying platform, as the shellcode and actual exploit will differ, even within different versions of the same OS and CPU.

Here's the document most people learned from when it comes to exploiting stack overflows:
http://www.phrack.com/issues.html?issue=49&id=14&mode=txt

More interesting challenges are heap overflows and format string vulnerabilities.

Name: >>57 2010-09-07 7:00

Nevermind, I should have read more carefully, yours is a classic heap overflow, so, read this:
http://www.phrack.org/issues.html?issue=57&id=9&mode=txt
http://www.infosecwriters.com/texts.php?op=display&id=19
http://www.sans.edu/resources/student_presentations/heap_overflows_notes.pdf

It's still platform-dependent ( you need to know which malloc implementation is in use, the CPU, the exact OS, and possibly the generated binary after compilation).

Name: Anonymous 2010-09-07 7:11

>>56
A class of person to which you belong, no less. Congratulations, you're average.

Name: Anonymous 2010-12-17 1:28

Xarn is a bad boyfriend

/prog/-challenge: HAX MY ANUS

1 Name: Anonymous 2010-08-31 18:13

41 Name: Anonymous 2010-09-05 14:22

42 Name: Anonymous 2010-09-05 15:28

43 Name: VIPPER 2010-09-05 15:49

44 Name: Anonymous 2010-09-05 17:35

45 Name: not >>42 2010-09-05 19:02

46 Name: not >>46 2010-09-06 9:58

47 Name: Anonymous 2010-09-06 10:59

48 Name: Anonymous 2010-09-06 11:08

49 Name: Fuck off, !Ep8pui8Vw2 2010-09-06 14:46

50 Name: Anonymous 2010-09-06 16:58

51 Name: Anonymous 2010-09-06 17:04

52 Name: Fuck off, !Ep8pui8Vw2 2010-09-06 19:08

53 Name: Anonymous 2010-09-06 19:10

54 Name: Fuck off, !Ep8pui8Vw2 2010-09-06 19:16

55 Name: Anonymous 2010-09-06 19:58

56 Name: Fuck off, !Ep8pui8Vw2 2010-09-06 22:54

57 Name: Anonymous 2010-09-07 6:15

58 Name: >>57 2010-09-07 7:00

59 Name: Anonymous 2010-09-07 7:11

60 Name: Anonymous 2010-12-17 1:28