Thread: How would you hack this simple program?

  1. #1
    Registered User
    Join Date
    Aug 2012
    Posts
    5

    Exclamation How would you hack this simple program?

    I know this may be a "no brainer" for most of you, but all I want is some instructions to open up my mind a bit on hacking. Yes I'm new to this

    Code:
    include <string>
    #include <iostream>
    using namespace std;
    int main ()
    {
    string password;
    while ( 1 )
    {
    cout << "Please enter your password: ";
    cin >> password;
    if ( password == "1234" )
    {
    break;
    }
    }
    cout << "Welcome, you got the password right";
    }

  2. #2
    SAMARAS std10093's Avatar
    Join Date
    Jan 2011
    Location
    Nice, France
    Posts
    2,694
    Before becoming a hacker try to write main this way
    Code:
    int main(void)
    {
    ....
    return 0;//successfully terminated program
    }

  3. #3
    Registered User
    Join Date
    Aug 2012
    Posts
    5
    Code:
    #include <string>
    #include <iostream>
    using namespace std;
    int main ()
    {
    string password;
    while ( 1 )
    {
    cout << "Please enter your password: ";
    cin >> password;
    if ( password == "1234" )
    {
    break;
    }
    }
    cout << "Welcome, you got the password right";
    return 0; 
    }
    sorry about that.

  4. #4
    Registered User
    Join Date
    Aug 2003
    Posts
    1,218
    Strictly not needed.

    int main() and int main(void) are the same in C++. In C however they have different meansings.

    return 0 not needed by the standard. An implicit return 0 is added at the end of main if you exit main without return statement.

    Now to the original question. We are not fond of aiding in cracking so you will most likely not find information here on this subject.

  5. #5
    Registered User
    Join Date
    Dec 2011
    Posts
    795
    If all you had was the executable, it's easy to "hack" with GDB:

    Code:
    (gdb) disassemble main
    Dump of assembler code for function main:
    
    /* ... */
    
    
    0x0000000100000b6e <main+57>:	lea    0x208(%rip),%rsi        # 0x100000d7d
    0x0000000100000b75 <main+64>:	callq  0x100000cba <dyld_stub__ZSteqIcSt11char_traitsIcESaIcEEbRKSbIT_T0_T1_EPKS3_>
    0x0000000100000b7a <main+69>:	test   %al,%al
    0x0000000100000b7c <main+71>:	jne    0x100000b80 <main+75>
    
    /* ... */
    
    
    End of assembler dump.
    (gdb)
    Then to find the password:
    Code:
    (gdb) x/s 0x100000d7d
    0x100000d7d:	 "1234"
    Although, we're not here to help you do malicious activity, and I'm only providing this solution because its use in practical programs would be next to impossible.

  6. #6
    SAMARAS std10093's Avatar
    Join Date
    Jan 2011
    Location
    Nice, France
    Posts
    2,694
    Quote Originally Posted by Shakti View Post
    Strictly not needed.
    Well by default the compiler will do so,but many things are done by default,but i think is good practice to clearly state what we want to do,and not letting someone else who read our code to 'trying' to remember what's done by default.For example
    Code:
    #include <iostream>
    
    using namespace std;
    
    int main(void){
        int x;
        cout<<x<<endl;
    return 0;
    }
    This will output 0,because by default x gets the value.However in a large program it would be very helpful if we wrote int x=0 (in my opinion)

    -off topic post ends

  7. #7
    Registered User
    Join Date
    Jun 2005
    Posts
    6,815
    Quote Originally Posted by std10093 View Post
    This will output 0,because by default x gets the value.However in a large program it would be very helpful if we wrote int x=0 (in my opinion)
    Not true. x is uninitialised. It is not initialised by default to a value of zero.

    "int main()" and "int main(void)" are equivalent in C++. They are also equivalent in C within a function definition (i.e. implementation). So your advocacy of adding the void keyword, in this case, is pointless.
    Right 98% of the time, and don't care about the other 3%.

    If I seem grumpy or unhelpful in reply to you, or tell you you need to demonstrate more effort before you can expect help, it is likely you deserve it. Suck it up, Buttercup, and read this, this, and this before posting again.

  8. #8
    SAMARAS std10093's Avatar
    Join Date
    Jan 2011
    Location
    Nice, France
    Posts
    2,694
    Quote Originally Posted by grumpy View Post
    Not true. x is uninitialised. It is not initialised by default to a value of zero.
    Just run it and got a 0 at the output.

  9. #9
    Registered User
    Join Date
    Oct 2006
    Posts
    3,445
    Quote Originally Posted by std10093 View Post
    Just run it and got a 0 at the output.
    undefined behavior. the standard does not define what uninitialized variables get set to, except in the case of static objects.

  10. #10
    Registered User
    Join Date
    Dec 2011
    Posts
    795
    Quote Originally Posted by std10093 View Post
    Just run it and got a 0 at the output.
    Yes, occasionally variables will be zero. The value of the variable just depends on what was in memory before they were created, as declaring a variable doesn't change any memory.

    And this is really irrelevant to the topic.

  11. #11
    Registered User
    Join Date
    Aug 2012
    Posts
    5
    memcpy, I hope it's not a bother, but can you break down the code that you wrote? you don't have to go into to much detail.

  12. #12
    SAMARAS std10093's Avatar
    Join Date
    Jan 2011
    Location
    Nice, France
    Posts
    2,694
    He did not write any code.assembly is what your code is translated into before some other stages in order to be runned.There he executed the proram.These are addresses 0x0000000100000b6e.The 0x states that they are in hex. The jne for example is a command(like you use an if-else statement,a for loop etc.).

  13. #13
    Registered User
    Join Date
    Aug 2012
    Posts
    5
    so all he did was disassemble the main function in GBD. thought it was written, feel like an idiot lol.

  14. #14
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    For those who can't read the disgusting, weird and unreadable AT&T syntax, here is the clean Intel version:

    Code:
    		cout << "Please enter your password: ";
    00BE1220  mov         eax,dword ptr [__imp_std::cout (0BE3088h)]  
    00BE1225  push        offset string "Please enter your password: " (0BE31ACh)  
    00BE122A  push        eax  
    00BE122B  call        std::operator<<<std::char_traits<char> > (0BE18C0h)  
    		cin >> password;
    00BE1230  mov         ecx,dword ptr [__imp_std::cin (0BE308Ch)]  
    00BE1236  push        ecx  
    00BE1237  lea         eax,[esp+18h]  
    00BE123B  call        std::operator>><char,std::char_traits<char>,std::allocator<char> > (0BE1B00h)  
    00BE1240  add         esp,0Ch  
    		if ( password == "1234" )
    00BE1243  lea         esi,[esp+0Ch]  
    00BE1247  call        std::operator==<char,std::char_traits<char>,std::allocator<char> > (0BE1B20h)  
    00BE124C  test        al,al  
    00BE124E  je          main+50h (0BE1220h)
    And what lies at esp+0Ch, pray tell? Why, it's the string "1234", according to a memory viewer.

    Want to make it secure? Then encrypt the password "1234", then encrypt whatever the user inputs and then compare them.
    This foils this approach.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  15. #15
    [](){}(); manasij7479's Avatar
    Join Date
    Feb 2011
    Location
    *nullptr
    Posts
    2,657
    Quote Originally Posted by Elysia View Post
    Want to make it secure? Then encrypt the password "1234", then encrypt whatever the user inputs and then compare them.
    This foils this approach.
    Shouldn't this, ideally, be 'hash' instead of 'encrypt' ?

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. are strings a hack in c?
    By stabu in forum C Programming
    Replies: 15
    Last Post: 08-06-2008, 06:45 PM

Tags for this Thread