[Challenge] Get Shell via BOF

Adorapuff · 02-17-2014, 09:52 PM

Okay, so this is a very simple challenge.
All you have to do is spawn a shell.
You can not modify the source code
I did not write this code. I found it online.
Compile the code with G++ then run the program.
From there enter your attack vector.
A successful attack vector will result in the following:
sh-3.2$

Spoiler:

PM me your attack vector to be added to the list of solvers.
Solvers:
Adorafuck
w00t
tropic
VollPlus
BreShie

Alan Turing · 02-21-2014, 07:22 PM

Any counter measures we should know about like ASLR, DEP, NX etc?

Adorapuff · 02-21-2014, 08:28 PM

(02-21-2014, 07:22 PM)VolPlus Wrote: Any counter measures we should know about like ASLR, DEP, NX etc?

Nah, this is a basic challenge with a simple attack vector. Anyone with basic knowledge of BOF could accomplish this.

Alan Turing · 02-21-2014, 08:36 PM

(02-21-2014, 08:28 PM)Adorapuff Wrote: Nah, this is a basic challenge with a simple attack vector. Anyone with basic knowledge of BOF could accomplish this.

Okay, will give this a go right now.

Reiko · 02-21-2014, 08:38 PM

EDIT: Wow, the below information is total bullshit. I didn't even read the code and just assumed it was a lame sprintf() like vuln.

Make sure to compile with the proper options to disable all these protections. By default, most systems will turn them on and make this a total bitch.

tropic · 02-22-2014, 01:44 AM

(02-21-2014, 08:38 PM)Starfall Wrote: Make sure to compile with the proper options to disable all these protections. By default, most systems will turn them on and make this a total bitch.

It's not necessary in this case.

BreShiE · 02-23-2014, 12:34 AM

I would attempt this if I could even get the script to compile. It's pissing me off, lol.

Alan Turing · 02-23-2014, 12:48 AM

(02-23-2014, 12:34 AM)BreShiE Wrote: I would attempt this if I could even get the script to compile. It's pissing me off, lol.

What error are you getting when you compile it?

(02-23-2014, 12:34 AM)BreShiE Wrote: I would attempt this if I could even get the script to compile. It's pissing me off, lol.

Yeh, I'm trying to compile it right now, and it's throwing me tons of errors.

w00t · 02-23-2014, 02:35 AM

Compile the following using -fpermissive( system expects a const char, not a char ), it's the same code except for the declaration of types.

Code:
#include <stdio.h>

#include <stdlib.h>

class Test{

public:

Test(){

    command[0] = 'l';

    command[1] = 's';

    command[2] = '\0';

}

void a(){

    scanf("%s", buffer);

    system(command);

}

private:

char buffer[10];

char command[10];

};

int main(){

    Test aTest = Test();

    aTest.a();

}

BreShiE · 02-23-2014, 04:12 AM

(02-23-2014, 02:35 AM)w00t Wrote: Compile the following using -fpermissive( system expects a const char, not a char ), it's the same code except for the declaration of types.

Code:
#include <stdio.h> #include <stdlib.h> class Test{ public: Test(){ command[0] = 'l'; command[1] = 's'; command[2] = '\0'; } void a(){ scanf("%s", buffer); system(command); } private: char buffer[10]; char command[10]; }; int main(){ Test aTest = Test(); aTest.a(); }

Thank-you, that worked. Now time to try this. :3

[Challenge] Get Shell via BOF
Author Message