Thread: Creating buffer overrun

  1. #1
    Registered User
    Join Date
    Nov 2006
    Posts
    7

    Creating buffer overrun

    Code:
    #include <stdio.h>
    #include <string.h>
    #include <stdlib.h>
    #define salt "AAAAA"
    #define name1 "Alice"
    #define pass1 "Alice123"
    #define name2 "Bob"
    #define pass2 "Bob12345"
    #define name3 "Chris"
    #define pass3 "Chris123"
    
    void foo(const char* input)
    {
        char buf[10];
        printf("My stack looks like:\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n\n");
    
    
        //Pass the user input straight to secure code public enemy #1.
        strcpy(buf, input);
        printf("%s\n", buf);
        printf("Now the stack looks like:\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n\n");
    }
    
    int update(int money)
    {
        money=money+2000;
        printf("Augh! I've been hacked!\n");
        return money;
    }
    
    int main(int argc, char *argv[])
    {   char * name;
        char * pass;
        int money1=1234;
        int money2=2533;
        int money3=4567;
        
        printf("Address of foo is: %p\n", foo);
        printf("Address of update is: %p\n", update);
        
        if(argc != 3)
        {        printf("Usage: Your_Username Your_Password\n");
                 exit(1);
        }
        name=argv[1];
        pass=argv[2];
        
        if(strcmp(name,name1) == 0 && strcmp(pass,pass1) == 0)
        {
           printf("Welcome Alisa, Your balance is: $ %i", money1);
           foo(argv[2]);
        }
        else if(strcmp(name,name2) == 0 && strcmp(pass,pass2) == 0)
        {
           printf("Welcome Bob, Your balance is: $ %i", money2);
           foo(argv[2]);
        }
        else if(strcmp(name,name3) == 0 && strcmp(pass,pass3) == 0)
        {
           printf("Welcome Chris, Your balance is: $ %i", money3);
           foo (argv[2]);
        }
        else
        {
           printf("Wrong username and password");
        }
        return 0;
    }
    That is the code i have, now i want to cause a buffer overrun. The buffer overrun is caused by misuse of a password input and can be exploited by manipulating a password input
    Let's assume that everyone have 8 characters of password. A malicious customer could enter oversized password to invoke the update function in an attack.

    Before that, a user have to enter their username and password to access the program.

    StoredSalt+StoredPassword == StoredSalt+EnteredPassword.

    I want to use strcat. A concatenation of a password and a salt code in arrays could cause a buffer overrun.

    I have no idea how to do that. Can anyone help me. And is there any ways to prevent buffer overrun?

  2. #2
    Registered User
    Join Date
    Dec 2005
    Posts
    136
    Dear suckss.. what really sucks u is You is impatience. Try to read some material for c programming. Even what u want to make is not clear(i mean logic behind the program).
    S_ccess is waiting for u. Go Ahead, put u there.

  3. #3
    Registered User
    Join Date
    Nov 2006
    Posts
    7
    Quote Originally Posted by maven
    Dear suckss.. what really sucks u is You is impatience. Try to read some material for c programming. Even what u want to make is not clear(i mean logic behind the program).
    I'm sorry about my impatience. I will try to read the book. If i stuck, then i will ask for your help. Thx for the suggestion maven.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Lame null append cause buffer to crash
    By cmoo in forum C Programming
    Replies: 8
    Last Post: 12-29-2008, 03:27 AM
  2. writing a pack-style function, any advices?
    By isaac_s in forum C Programming
    Replies: 10
    Last Post: 07-08-2006, 08:09 PM
  3. Having Buffer Problems With Overlapped I/O --
    By Sargera in forum C++ Programming
    Replies: 0
    Last Post: 02-07-2006, 04:46 PM
  4. creating a string in a buffer
    By carrythe0 in forum C Programming
    Replies: 1
    Last Post: 10-01-2001, 11:41 PM
  5. What is 'buffer overrun vulnerability' in IIS?
    By Web admin in forum Windows Programming
    Replies: 1
    Last Post: 08-16-2001, 03:33 AM