How would you hack this simple program?

I know this may be a "no brainer" for most of you, but all I want is some instructions to open up my mind a bit on hacking. Yes I'm new to this

Code:

include <string>
#include <iostream>
using namespace std;
int main ()
{
string password;
while ( 1 )
{
cout << "Please enter your password: ";
cin >> password;
if ( password == "1234" )
{
break;
}
}
cout << "Welcome, you got the password right";
}

Before becoming a hacker try to write main this way

Code:

int main(void)
{
....
return 0;//successfully terminated program
}

Code:

#include <string>
#include <iostream>
using namespace std;
int main ()
{
string password;
while ( 1 )
{
cout << "Please enter your password: ";
cin >> password;
if ( password == "1234" )
{
break;
}
}
cout << "Welcome, you got the password right";
return 0; 
}

sorry about that.

Strictly not needed.

int main() and int main(void) are the same in C++. In C however they have different meansings.

return 0 not needed by the standard. An implicit return 0 is added at the end of main if you exit main without return statement.

Now to the original question. We are not fond of aiding in cracking so you will most likely not find information here on this subject.

If all you had was the executable, it's easy to "hack" with GDB:

Code:

(gdb) disassemble main
Dump of assembler code for function main:

/* ... */


0x0000000100000b6e <main+57>:	lea    0x208(%rip),%rsi        # 0x100000d7d
0x0000000100000b75 <main+64>:	callq  0x100000cba <dyld_stub__ZSteqIcSt11char_traitsIcESaIcEEbRKSbIT_T0_T1_EPKS3_>
0x0000000100000b7a <main+69>:	test   %al,%al
0x0000000100000b7c <main+71>:	jne    0x100000b80 <main+75>

/* ... */


End of assembler dump.
(gdb)

Then to find the password:

Code:

(gdb) x/s 0x100000d7d
0x100000d7d:	 "1234"

Although, we're not here to help you do malicious activity, and I'm only providing this solution because its use in practical programs would be next to impossible.

Originally Posted by Shakti

Strictly not needed.

Well by default the compiler will do so,but many things are done by default,but i think is good practice to clearly state what we want to do,and not letting someone else who read our code to 'trying' to remember what's done by default.For example

Code:

#include <iostream>

using namespace std;

int main(void){
    int x;
    cout<<x<<endl;
return 0;
}

This will output 0,because by default x gets the value.However in a large program it would be very helpful if we wrote int x=0 (in my opinion)

-off topic post ends

Originally Posted by std10093

This will output 0,because by default x gets the value.However in a large program it would be very helpful if we wrote int x=0 (in my opinion)

Not true. x is uninitialised. It is not initialised by default to a value of zero.

"int main()" and "int main(void)" are equivalent in C++. They are also equivalent in C within a function definition (i.e. implementation). So your advocacy of adding the void keyword, in this case, is pointless.

Originally Posted by grumpy

Not true. x is uninitialised. It is not initialised by default to a value of zero.

Just run it and got a 0 at the output.

Originally Posted by std10093

Just run it and got a 0 at the output.

undefined behavior. the standard does not define what uninitialized variables get set to, except in the case of static objects.

Originally Posted by std10093

Just run it and got a 0 at the output.

Yes, occasionally variables will be zero. The value of the variable just depends on what was in memory before they were created, as declaring a variable doesn't change any memory.

And this is really irrelevant to the topic.

memcpy, I hope it's not a bother, but can you break down the code that you wrote? you don't have to go into to much detail.

He did not write any code.assembly is what your code is translated into before some other stages in order to be runned.There he executed the proram.These are addresses 0x0000000100000b6e.The 0x states that they are in hex. The jne for example is a command(like you use an if-else statement,a for loop etc.).

so all he did was disassemble the main function in GBD. thought it was written, feel like an idiot lol.

For those who can't read the disgusting, weird and unreadable AT&T syntax, here is the clean Intel version:

Code:

		cout << "Please enter your password: ";
00BE1220  mov         eax,dword ptr [__imp_std::cout (0BE3088h)]  
00BE1225  push        offset string "Please enter your password: " (0BE31ACh)  
00BE122A  push        eax  
00BE122B  call        std::operator<<<std::char_traits<char> > (0BE18C0h)  
		cin >> password;
00BE1230  mov         ecx,dword ptr [__imp_std::cin (0BE308Ch)]  
00BE1236  push        ecx  
00BE1237  lea         eax,[esp+18h]  
00BE123B  call        std::operator>><char,std::char_traits<char>,std::allocator<char> > (0BE1B00h)  
00BE1240  add         esp,0Ch  
		if ( password == "1234" )
00BE1243  lea         esi,[esp+0Ch]  
00BE1247  call        std::operator==<char,std::char_traits<char>,std::allocator<char> > (0BE1B20h)  
00BE124C  test        al,al  
00BE124E  je          main+50h (0BE1220h)

And what lies at esp+0Ch, pray tell? Why, it's the string "1234", according to a memory viewer.

Want to make it secure? Then encrypt the password "1234", then encrypt whatever the user inputs and then compare them.
This foils this approach.

Originally Posted by Elysia

Want to make it secure? Then encrypt the password "1234", then encrypt whatever the user inputs and then compare them.
This foils this approach.

Shouldn't this, ideally, be 'hash' instead of 'encrypt' ?