E-Bärs Xopedia

User Tools

Site Tools

Trace:
ex:vcode:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ex:vcode:start [2023/03/09 06:40] titannetex:vcode:start [2023/07/31 05:51] (current) titannet
Line 16: Line 16:
 } }
  
-<code>+</code>
  
 ====== Stack 1 ====== ====== Stack 1 ======
  
- +<file example1.c c>
-<code c>+
 #include <stdio.h> #include <stdio.h>
 #include <string.h> #include <string.h>
Line 27: Line 26:
    
  
-char buffer[50];+char buffer[20];
  
 int copy_buffer(char *input_buffer) { int copy_buffer(char *input_buffer) {
Line 53: Line 52:
 } }
                
 +</file>
 +
 +===== Walkthrough Windbg =====
 +
 +<code bash>
 +cl.exe /Zi /GS- /EH-
 +# debugging symbols, no stack security, no seh (not working??)
 +
 +bp $exentry (if no symbols)
 +bp example1!main
 +# F5
 +# debug -> make sure that source mode is unchecked
 +
 +# x86 calling convention: parameter 1-3 on stack
 +# x86 function prolog: push ebp, mov ebp, esp
 +# [ebp+8] == local variable
 +
 +# dd esp -> first address on stack == return pointer
 +# dd ebp -> old base pointer
 +# dd poi(ebp+8)
 +
 </code> </code>
 +
  
  
Line 84: Line 105:
  
 To prevent this type of vulnerability, it's important to use functions that limit the amount of data written to a buffer, such as strncpy, and to validate input to ensure that it does not exceed the buffer size. Additionally, it's important to use secure programming practices like input validation and data sanitization. One way to fix this vulnerability is to use a buffer of sufficient size for the input and to use functions that limit the amount of data written to the buffer. Another solution is to use a buffer overflow protection mechanism like Microsoft's /GS (Buffer Security Check) or Address Space Layout Randomization (ASLR) to prevent stack buffer overflows. To prevent this type of vulnerability, it's important to use functions that limit the amount of data written to a buffer, such as strncpy, and to validate input to ensure that it does not exceed the buffer size. Additionally, it's important to use secure programming practices like input validation and data sanitization. One way to fix this vulnerability is to use a buffer of sufficient size for the input and to use functions that limit the amount of data written to the buffer. Another solution is to use a buffer overflow protection mechanism like Microsoft's /GS (Buffer Security Check) or Address Space Layout Randomization (ASLR) to prevent stack buffer overflows.
-<code>+</code>
  
  
Line 120: Line 141:
  
  
 +</code>
  
  
 +====== Heap2-2 ======
 +
 +
 +<code c>
 +#include <stdlib.h>
 +#include <unistd.h>
 +#include <string.h>
 +#include <sys/types.h>
 +#include <stdio.h>
 +
 +// Use after free example, original code from https://exploit.education
 +
 +#define SERVICE_SIZE 32
 +
 +struct AuthStruct {
 +  char name[32];
 +  int is_authenticated;
 +};
 +
 +struct AuthStruct *auth;
 +char *service;
 +
 +int main(int argc, char **argv)
 +{
 +  char line[128];
 +
 +  while(1) {
 +    printf("[ auth = %p, service = %p ]\n", auth, service);
 +    if(fgets(line, sizeof(line), stdin) == NULL) break;
 +    
 +    if(strncmp(line, "user ", 5) == 0) {
 +      auth = malloc(sizeof(*auth));
 +      memset(auth, 0, sizeof(*auth));
 +      if(strlen(line + 5) < 31) {
 +        strcpy(auth->name, line + 5);
 +      }
 +    }
 +    if(strncmp(line, "reset", 5) == 0) {
 +      free(auth);
 +    }
 +    if(strncmp(line, "service", 6) == 0) {
 +      service = malloc(SERVICE_SIZE);
 +      strcpy(service, line+7);
 +    }
 +    if(strncmp(line, "login", 5) == 0) {
 +      if(auth->is_authenticated) {
 +        printf("you have logged in already!\n");
 +      } else {
 +        printf("please enter your password\n");
 +      }
 +    }
 +  }
 +}
  
 </code> </code>
  
ex/vcode/start.1678340421.txt.gz · Last modified: 2023/03/09 06:40 by titannet
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki