Buffer overflow gone wrong

This is a discussion on Buffer overflow gone wrong within the C Programming forums, part of the General Programming Boards category; I wrote two programs, one with a vulnerability, and the other to exploit it. However, when I run the exploit, ...

  1. #1
    Registered User
    Join Date
    Jun 2009
    Posts
    30

    Buffer overflow gone wrong

    I wrote two programs, one with a vulnerability, and the other to exploit it. However, when I run the exploit, I get "The system cannot find the file specified" (And yes, I checked the obvious, it is in the directory)

    5. Messages relating to cracking, (erroneously called "hacking" by many), copyright violations, or other illegal activities will be deleted. Due to the overlapping boundaries of code with malicious intent, and other legitimate uses of it, the moderators will assess each potential infraction on a case by case basis.

    <<code deleted>>

  2. #2
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,246
    Does it work if you put the full path to the file?
    bit∙hub [bit-huhb] n. A source and destination for information.

  3. #3
    Registered User
    Join Date
    Jun 2009
    Posts
    30
    Same if I put the full path. I think it has something to do with sprintf();.

  4. #4
    1337
    Join Date
    Jul 2008
    Posts
    135
    Lol, i didnt know that this forum delimits the discussion of shellcoding.

  5. #5
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by valthyx View Post
    Lol, i didnt know that this forum delimits the discussion of shellcoding.
    Unfortunately.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  6. #6
    Registered User
    Join Date
    Jun 2009
    Posts
    30
    What do you mean? I can't post anything that has to do with shellcoding?
    Last edited by Wolf`; 08-08-2009 at 12:30 PM.

  7. #7
    Registered User
    Join Date
    Oct 2008
    Posts
    1,262
    Quote Originally Posted by Wolf` View Post
    What do you mean?
    Probably that it's quite an interesting subject, and you can learn a lot about processors, assembly language and C by learning about that. And seriously, if you exploit your own written program, what harm can you do with it?

  8. #8
    Registered User
    Join Date
    Jun 2009
    Posts
    30
    That was my thought. The only reason it's supposed to work is because the program is totally unrealistic. After a while of coding my own OS, I figured it would be cool to try a shellcode stack exploit on MY OWN PROGRAM, cause low-level coding is fun.

  9. #9
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by Wolf` View Post
    That was my thought. The only reason it's supposed to work is because the program is totally unrealistic. After a while of coding my own OS, I figured it would be cool to try a shellcode stack exploit on MY OWN PROGRAM, cause low-level coding is fun.
    I kind of presumed it wasn't you that deleted the code from the first post. If it was, it's kind of hard to decide 1) what's going on and why; 2) why anyone would want to participate in a discussion where a participant is prone to suddenly pull his/her rug, take his/her ball home, and leave some rubble.

    If it was a mod, yeah, I have seen them strongly discouraged anything involving "a shellcode stack exploit" but that doesn't mean you can't try again, taking care about how you frame the issue. For example, such an exploit is not a surefire success and usually must rely on a lack of checking/testing/verifying input. Stack exploits can teach you how truly nasty a buffer overflow can become, so it seem legitimate to me.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  10. #10
    1337
    Join Date
    Jul 2008
    Posts
    135
    The Moderators should allow shellcoding and exploit discussions as they help us to be aware of the possible vulnerabilities during coding, Especially in these c/c++ language.

  11. #11
    Registered User
    Join Date
    Oct 2008
    Posts
    1,262
    Quote Originally Posted by valthyx View Post
    The Moderators should allow shellcoding and exploit discussions as they help us to be aware of the possible vulnerabilities during coding, Especially in these c/c++ language.
    Couldn't agree more. I hope the moderators will soon reconsider this rule. Of course, I can imagine you can't post an apache buffer overflow and ask how to exploit it. But exploiting your own scripts... There's nothing wrong with that.

  12. #12
    Super Moderator
    Join Date
    Sep 2001
    Posts
    4,913
    The Moderators should allow shellcoding and exploit discussions as they help us to be aware of the possible vulnerabilities during coding, Especially in these c/c++ language.
    We've had to be very strict on this rule because even when white-hat-hackers and security professionals come here, all their code and explanations are visible to script kiddies and malicious hackers, and we want no part in that.

    But exploiting your own scripts... There's nothing wrong with that.
    We made the assumption that if you can code your own OS as he is claiming, you can debug your own shell script. The last time I saw someone post here claiming they were just "researching vulnerabilities", they didn't even know how to use gcc properly. Those are the rules, and we're aware that they do inhibit some legitimate conversations, but we have to be strict about it.

    I'm pretty sure I know which mod edited your post, and I trust their judgment - they don't go on power trips.

  13. #13
    not-a-geek
    Join Date
    Apr 2004
    Posts
    210
    Quote Originally Posted by sean View Post
    We've had to be very strict on this rule because even when white-hat-hackers and security professionals come here, all their code and explanations are visible to script kiddies and malicious hackers, and we want no part in that.
    Hope you're aware that this stuff is taught in either first or second semester. It's kind of pointless to try to limit access to this basic kind of information, but then again it's your forum and you make the rules, so people will simply have to accept that.
    main() { int O[!0<<~-!0]; (!0<<!0)[O]+= ~0 +~(!0|!0<<!0); printf("a function calling "); }

  14. #14
    Super Moderator
    Join Date
    Sep 2001
    Posts
    4,913
    And it's kind of silly to expect us to believe you're security-testing your own OS when you lack some basic skills... like stuff that's taught in first or second semester. That's exactly my point - the rule doesn't exist to restrict access to that information. The rule exists to stop this from turning into script-kiddie haven.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Function call from another .c module
    By Ali.B in forum C Programming
    Replies: 14
    Last Post: 08-03-2009, 11:45 AM
  2. Lame null append cause buffer to crash
    By cmoo in forum C Programming
    Replies: 8
    Last Post: 12-29-2008, 02:27 AM
  3. Replies: 16
    Last Post: 10-29-2006, 04:04 AM
  4. buffer overflow
    By cpp_is_fun in forum C Programming
    Replies: 2
    Last Post: 10-24-2006, 11:04 PM
  5. DirectSound - multiple sounds
    By Magos in forum Game Programming
    Replies: 9
    Last Post: 03-03-2004, 03:33 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21