search

0x1CA3 / Reaper

An ADB-based botnet written in C.
40 stars 12 forks source link

Buffer Overflow & Command Injection #4

Open 215B5D opened 2 years ago

215B5D commented 2 years ago

There is a buffer overflow & command injection inside of the connect command reference

Here you initialise a buffer:

char *adb_connect_ip;
adb_connect_ip = (char *)malloc(32 * sizeof(char));

A few lines below this, you accept unsensitised user input to the buffer using scanf() which can lead to a buffer overflow

scanf("%s", adb_connect_ip);

If you look down another few lines, after copying the user input to the buffer, you then proceed to execute the users input using system() without validating it

system(adb_con_before);

I would recommend fixing this, whilst it not being a huge issue due to the fact this project was clearly just something written for fun & not meant to be used in a real world scenario, it's still a bad idea to leave vulnerable code inside of your C2

215B5D commented 2 years ago

There were a few spelling mistakes, I don't care enough to fix them