Open caballomaldito opened 5 years ago
Hi!
Here you have vulnerable concept proofs of heap based buffer overflow, stack buffer overflow and user after free.
To compile:
g++ heap.c -o heap g++ uaf.c -o uaf g++ stack.c -o stack
Is it possible that the ZeraTool tool could successfully exploit these three cases?
peto@ubuntu:~/Desktop/challenges$ cat heap.c
using namespace std;
int main(int argc, char* argv[]) { if (argc > 1) { cout << "argv[1] = " << argv[1] << endl; } else { cout << "No file name entered. Exiting..."; return -1; } ifstream myReadFile; myReadFile.open(argv[1]); char output[8192]; if (myReadFile.is_open()) { while (!myReadFile.eof()) {
myReadFile >> output;
char buf; buf = (char )malloc(sizeof(char)*BUFSIZE); strcpy(buf, output);
} } myReadFile.close(); return 0; }
peto@ubuntu:~/Desktop/challenges$ cat uaf.c
myReadFile >> output; char buf1R1; buf1R1 = (char ) malloc(BUFSIZER1); free(buf1R1); strcpy(buf1R1, output); } } myReadFile.close(); return 0; }
peto@ubuntu:~/Desktop/challenges$ cat stack.c
int main(int argc, char* argv[]) { if (argc > 1) { cout << "argv[1] = " << argv[1] << endl; } else { cout << "No file name entered. Exiting..."; return -1; } ifstream myReadFile; myReadFile.open(argv[1]); char output[10]; if (myReadFile.is_open()) { while (!myReadFile.eof()) {
myReadFile >> output; cout<<output;
Hi!
Here you have vulnerable concept proofs of heap based buffer overflow, stack buffer overflow and user after free.
To compile:
g++ heap.c -o heap g++ uaf.c -o uaf g++ stack.c -o stack
Is it possible that the ZeraTool tool could successfully exploit these three cases?
peto@ubuntu:~/Desktop/challenges$ cat heap.c
include
include
include
include
define BUFSIZE 10
using namespace std;
int main(int argc, char* argv[]) { if (argc > 1) { cout << "argv[1] = " << argv[1] << endl; } else { cout << "No file name entered. Exiting..."; return -1; } ifstream myReadFile; myReadFile.open(argv[1]); char output[8192]; if (myReadFile.is_open()) { while (!myReadFile.eof()) {
char buf; buf = (char )malloc(sizeof(char)*BUFSIZE); strcpy(buf, output);
} } myReadFile.close(); return 0; }
peto@ubuntu:~/Desktop/challenges$ cat uaf.c
include
include
include
include
define BUFSIZER1 10
using namespace std;
int main(int argc, char* argv[]) { if (argc > 1) { cout << "argv[1] = " << argv[1] << endl; } else { cout << "No file name entered. Exiting..."; return -1; } ifstream myReadFile; myReadFile.open(argv[1]); char output[8192]; if (myReadFile.is_open()) { while (!myReadFile.eof()) {
myReadFile >> output; char buf1R1; buf1R1 = (char ) malloc(BUFSIZER1); free(buf1R1); strcpy(buf1R1, output); } } myReadFile.close(); return 0; }
peto@ubuntu:~/Desktop/challenges$ cat stack.c
include
include
using namespace std;
int main(int argc, char* argv[]) { if (argc > 1) { cout << "argv[1] = " << argv[1] << endl; } else { cout << "No file name entered. Exiting..."; return -1; } ifstream myReadFile; myReadFile.open(argv[1]); char output[10]; if (myReadFile.is_open()) { while (!myReadFile.eof()) {
} } myReadFile.close(); return 0; }