Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

How to exploit this:

  1. Home
  2. Forum
  3. Programming
  4. How to exploit this:

Twi7ch's Avatar

Twi7ch

Member
0 0

#include <stdio.h>

int main(int argc,char *argv[]) { char command[511]; fgets(command,510,stdin); system(command); //execlp(,"less",NULL); return 0;//this is really easy. }

I tried doing a BoF attack. perl -e&#39;print &quot;A&quot; x 516&#39; and incressed each time but I could never get a segfault. Is there another way to exploit this code?


ghost's Avatar

ghost

0 0

think big. printing out something like 1024 chars.


ghost's Avatar

ghost

0 0

Touch me baby :p


Twi7ch's Avatar

Twi7ch

Member
0 0

Doing 1024 I got "Syntax error: EOF in backquote substitution"


ghost's Avatar

ghost

0 0

XD i just realised ur using fgets() to parse the inpt. notice the 510? Thats the number of bytes that will be transfered. So that code is secure.


ghost's Avatar

ghost

0 0

Well, apart from the fact that you're passing user input directly to system(3), but I presume it was for example purposes only.