+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Network Hacking (https://sinister.ly/Forum-Network-Hacking)
+--- Thread: [Challenge] Get Shell via BOF (/Thread-Challenge-Get-Shell-via-BOF)
Pages:
1
2
[Challenge] Get Shell via BOF - Adorapuff - 02-17-2014
Okay, so this is a very simple challenge.
All you have to do is spawn a shell.
You can not modify the source code
I did not write this code. I found it online.
Compile the code with G++ then run the program.
From there enter your attack vector.
A successful attack vector will result in the following:
sh-3.2$
Spoiler:
Solvers:
Adorafuck
w00t
tropic
VollPlus
BreShie
RE: [Challenge] Get Shell via BOF - Alan Turing - 02-21-2014
Any counter measures we should know about like ASLR, DEP, NX etc?
[Challenge] Get Shell via BOF - Adorapuff - 02-21-2014
(02-21-2014, 07:22 PM)VolPlus Wrote: Any counter measures we should know about like ASLR, DEP, NX etc?
Nah, this is a basic challenge with a simple attack vector. Anyone with basic knowledge of BOF could accomplish this.
RE: [Challenge] Get Shell via BOF - Alan Turing - 02-21-2014
(02-21-2014, 08:28 PM)Adorapuff Wrote: Nah, this is a basic challenge with a simple attack vector. Anyone with basic knowledge of BOF could accomplish this.
Okay, will give this a go right now.
RE: [Challenge] Get Shell via BOF - Reiko - 02-21-2014
EDIT: Wow, the below information is total bullshit. I didn't even read the code and just assumed it was a lame sprintf() like vuln.
Make sure to compile with the proper options to disable all these protections. By default, most systems will turn them on and make this a total bitch.
RE: [Challenge] Get Shell via BOF - tropic - 02-22-2014
(02-21-2014, 08:38 PM)Starfall Wrote: Make sure to compile with the proper options to disable all these protections. By default, most systems will turn them on and make this a total bitch.
It's not necessary in this case.
RE: [Challenge] Get Shell via BOF - BreShiE - 02-23-2014
I would attempt this if I could even get the script to compile. It's pissing me off, lol.
RE: [Challenge] Get Shell via BOF - Alan Turing - 02-23-2014
(02-23-2014, 12:34 AM)BreShiE Wrote: I would attempt this if I could even get the script to compile. It's pissing me off, lol.
What error are you getting when you compile it?
(02-23-2014, 12:34 AM)BreShiE Wrote: I would attempt this if I could even get the script to compile. It's pissing me off, lol.
Yeh, I'm trying to compile it right now, and it's throwing me tons of errors.
RE: [Challenge] Get Shell via BOF - w00t - 02-23-2014
Compile the following using -fpermissive( system expects a const char, not a char ), it's the same code except for the declaration of types.
Code:
#include <stdio.h>
#include <stdlib.h>
class Test{
public:
Test(){
command[0] = 'l';
command[1] = 's';
command[2] = '\0';
}
void a(){
scanf("%s", buffer);
system(command);
}
private:
char buffer[10];
char command[10];
};
int main(){
Test aTest = Test();
aTest.a();
}RE: [Challenge] Get Shell via BOF - BreShiE - 02-23-2014
(02-23-2014, 02:35 AM)w00t Wrote: Compile the following using -fpermissive( system expects a const char, not a char ), it's the same code except for the declaration of types.
Code:#include <stdio.h>
#include <stdlib.h>
class Test{
public:
Test(){
command[0] = 'l';
command[1] = 's';
command[2] = '\0';
}
void a(){
scanf("%s", buffer);
system(command);
}
private:
char buffer[10];
char command[10];
};
int main(){
Test aTest = Test();
aTest.a();
}
Thank-you, that worked. Now time to try this. :3