Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Realistic 8


Realistic 8

By ghostghost | 11146 Reads |
0     0

Realistic 8

This is a guide on how to complete Realistic Challenge 8

Okay i read another article on this challenge which had some code and spoke about cURL and php etc… That isn’t the only way you can complete this challenge.

I recommend you Google Buffer Overflow for more information.

Buffer overflow:- Buffer overflows may cause a process to crash or produce incorrect results. They can be triggered by inputs specifically designed to execute malicious code or to make the program operate in an unintended way. As such, buffer overflows cause many software vulnerabilities and form the basis of many exploits. Sufficient bounds checking by either the programmer or the compiler can prevent buffer overflows. Wikipedia

In a scenario like this one, to determine if it is buffer overflow vulnerable then you would put in the correct username, a random password. Hit enter and it will say invalid password. Now you keep refreshing as fast as possible, (Hint// using firefox hitting F5 then enter works a treat)

Once you have promptly refreshed the page about 20 something times then the data is corrupted and it goes in your favour. Now you are logged in, time to complete the rest of the challenge.

Please comment and rate this article Feel free to PM if you need extra help

The_Flash

Comments
AldarHawk's avatar
AldarHawk 18 years ago

Nice article. I actually put in the password for this one though :P Either way will work.

ghost's avatar
ghost 18 years ago

Wow what a quick way to complete it, Buffer Overflow's rock Superbly Awesome :)

ghost's avatar
ghost 18 years ago

Wow. This article is going to help my a lot. Is this challenge suppose to be completed this way?

ghost's avatar
ghost 18 years ago

Nice, helped loads for those of us who couldn't do the remote brute force

SySTeM's avatar
SySTeM 18 years ago

Great article flash!

ghost's avatar
ghost 18 years ago

yep

ghost's avatar
ghost 18 years ago

Good article for completing the challenge, but realistically you will NEVER find a buffer overflow like this, it's not even really a buffer overflow. For an excellent article on Buffer overflows and how to exploit them check this out http://www.insecure.org/stf/smashstack.txt Good job on the article.

ghost's avatar
ghost 18 years ago

Thank's man, helped me out a LOT and gave me some nice knowledge

ranma's avatar
ranma 18 years ago

W00P. Thanks! 60 points

ghost's avatar
ghost 18 years ago

This is awsome man! Are buffer overflows possible on logins without a database check, or is this only for this challange?

ghost's avatar
ghost 18 years ago

Thank you very much. This article helped me out greatly.

ghost's avatar
ghost 18 years ago

I did it the easy way and set Opera to reload the page every second. Didn't have to do any work at all. B) lol, anyways thanks for this…I was completely stumped on what to do before I read this!

ghost's avatar
ghost 18 years ago

3876 - it WOULD be possible to find a buffer overflow like this, if the server application stored the requests for a short period of time, but you wouldn't get a login. the server would probably just crash (or if you crafted some shellcode you could get the server to run it)

ghost's avatar
ghost 17 years ago

Maybe stupid question, but how many challenges that overflow works?B)

ghost's avatar
ghost 17 years ago

This is awesome article. Much better than other article. Thanks

zi_hunter's avatar
zi_hunter 17 years ago

That's a awesome article. Thank you Flash ;)

ghost's avatar
ghost 17 years ago

Awsome article!:ninja::evil::D

ghost's avatar
ghost 17 years ago

That trick rocks. Real 8 in 2 minutes. B-)

ghost's avatar
ghost 16 years ago

tnx it was awsome!!!

macfarlanet's avatar
macfarlanet 16 years ago

Nice!!! I've always wanted to do a buffer overflow (albeit not an entirely realistic one) in a challenge.