Monday, September 12, 2005
Tuesday, August 02, 2005
Simple Yet Common Again
int catvars(char *buf1, char *buf2, unsigned int len1,
unsigned int len2){
char mybuf[256];
if((len1 + len2) > 256){
return -1;
}
memcpy(mybuf, buf1, len1);
memcpy(mybuf + len1, buf2, len2);
do_some_stuff(mybuf);
return 0;
}
unsigned int len2){
char mybuf[256];
if((len1 + len2) > 256){
return -1;
}
memcpy(mybuf, buf1, len1);
memcpy(mybuf + len1, buf2, len2);
do_some_stuff(mybuf);
return 0;
}
Simple Yet Common
int myfunction(int *array, int len){
int *myarray, i;
myarray = malloc(len * sizeof(int));
if(myarray == NULL){
return -1;
}
for(i = 0; i < len; i++){
myarray[i] = array[i];
}
return myarray;
}
int *myarray, i;
myarray = malloc(len * sizeof(int));
if(myarray == NULL){
return -1;
}
for(i = 0; i < len; i++){
myarray[i] = array[i];
}
return myarray;
}
Tuesday, July 19, 2005
Spot the bug
Microsoft's guy is also hosting a blog where he will be posting the code and you have to find a bug.
Check this out: http://blogs.msdn.com/rsamona/
Thanks
Sandeep
Check this out: http://blogs.msdn.com/rsamona/
Thanks
Sandeep
Tuesday, July 05, 2005
Games
Ever played hacking games??
Check: http://quiz.ngsec.com/
It is pretty trivial..
Once you are done with it..Dont miss http://hackerslab.org
Amazing.
Check: http://quiz.ngsec.com/
It is pretty trivial..
Once you are done with it..Dont miss http://hackerslab.org
Amazing.
Friday, April 15, 2005
The temporary one!
void main()
{
FILE *fh = fopen("/tmp/ABC_my_junk_spot", "w+");
fprintf(fh, "hello..what are you looking at?");
fclose(fh);
}
Find out what is wrong with this piece of code?
How would you exploit this to gain root access if this code runs as root?
PS: The bar girls are like /tmp because
1. They are public property 2.They talk too much
{
FILE *fh = fopen("/tmp/ABC_my_junk_spot", "w+");
fprintf(fh, "hello..what are you looking at?");
fclose(fh);
}
Find out what is wrong with this piece of code?
How would you exploit this to gain root access if this code runs as root?
PS: The bar girls are like /tmp because
1. They are public property 2.They talk too much
Thursday, April 14, 2005
A unix teaser
I was no God.
I told her my password.
She ran to a unix terminal.
She logged in to my account.
Using 'passwd' she changed my password to whatever she wanted.
she checked if the password was changed. It really was.
When she came back, she fainted when she saw me using different password.
How could I do that?
TIP: It was a race condition
I told her my password.
She ran to a unix terminal.
She logged in to my account.
Using 'passwd' she changed my password to whatever she wanted.
she checked if the password was changed. It really was.
When she came back, she fainted when she saw me using different password.
How could I do that?
TIP: It was a race condition
Tuesday, April 12, 2005
No long names allowed.
#include <string.h>
int main(int argc, char *argv[]){
unsigned short s;
int i;
char buf[80];
if(argc < 3){
return -1;
}
i = atoi(argv[1]);
s = i;
if(s >= 80){
printf("We dont allow big names.\n");
return -1;
}
strncpy(buf, argv[2], i);
printf("%s\n", buf);
return 0;
}
After compiling, execute it following way:
$ ./a.out 81 alpha0
We dont allow big names.
$./a.out 79 alpha0
alpha0
int main(int argc, char *argv[]){
unsigned short s;
int i;
char buf[80];
if(argc < 3){
return -1;
}
i = atoi(argv[1]);
s = i;
if(s >= 80){
printf("We dont allow big names.\n");
return -1;
}
strncpy(buf, argv[2], i);
printf("%s\n", buf);
return 0;
}
After compiling, execute it following way:
$ ./a.out 81 alpha0
We dont allow big names.
$./a.out 79 alpha0
alpha0
Thursday, April 07, 2005
Lady, tell me the time.
This program is a SUID program (see my previous post).
int main()
{
System("date");
}
What does it do?
It basically executes command called "date".
Now, what is problem with it?
PS: Lady seems to be blonde
Thanks,
Sandeep
int main()
{
System("date");
}
What does it do?
It basically executes command called "date".
Now, what is problem with it?
PS: Lady seems to be blonde
Thanks,
Sandeep
What are SUID programs?
It is unix term which means "the programs which while running assume someone else's credentials." Generally if a user runs a program the program has same previleges as user has.
So, program can access same resources (files, memory etc..) what user can.
Lets take an example,
When you change your password the password file is modified by the command that changes the password. On the other hand you can edit the password file yourself.
So this command for changing the password runs with the administrator previleges.
This special previleged programs like daemons (See the gatekeepers in the first post) need to be secured because if a user tricks them into executing any other command, the seurity is defeated.
They ought to do what they are supposed to do.
To find all such programs on unix system you can use the following command:
find / -perm -4000 -o -perm -2000 2>/dev/null
Thanks,
Alpha0
So, program can access same resources (files, memory etc..) what user can.
Lets take an example,
When you change your password the password file is modified by the command that changes the password. On the other hand you can edit the password file yourself.
So this command for changing the password runs with the administrator previleges.
This special previleged programs like daemons (See the gatekeepers in the first post) need to be secured because if a user tricks them into executing any other command, the seurity is defeated.
They ought to do what they are supposed to do.
To find all such programs on unix system you can use the following command:
find / -perm -4000 -o -perm -2000 2>/dev/null
Thanks,
Alpha0
Monday, April 04, 2005
The monk is culprit
While going through the SunOS strcat manual, I was stuck by the following lines.
Buffer overflow can be checked as follows:
if (strlcat(dst, src, dstsize) >= dstsize)
return -1;
What is wrong with it?
Buffer overflow can be checked as follows:
if (strlcat(dst, src, dstsize) >= dstsize)
return -1;
What is wrong with it?
Dying of oppulance
It is a story of a programmer who is dead by the deadlines.
He writes the code quickly to meet the deadline just to get another deadline.
One day someone told his boss a tale about the devilish buffer overflow. Boss gives orders to apply fixes to all the bufferoverflows by using strlcat instead of strcat and run a code-checker over the code.:)
The poor programmer got yet another dead-line. He obeys the boss and here is the code he wrote:
#define BUFSIZ 100
int main()
{
char * response;
response = (char *) malloc (sizeof(char) * BUFSIZ);
char input[50];
printf("Enter your first name:"
scanf("%49s",input);
strlcat(response, input, BUFSIZ);
printf("Enter your middle name:"
scanf("%49s",input);
strlcat(response, input, BUFSIZ);
printf("Enter your last name:"
scanf("%49s",input);
strlcat(response, input, BUFSIZ);
}
Do you think this guy needs to be corrected?
He writes the code quickly to meet the deadline just to get another deadline.
One day someone told his boss a tale about the devilish buffer overflow. Boss gives orders to apply fixes to all the bufferoverflows by using strlcat instead of strcat and run a code-checker over the code.:)
The poor programmer got yet another dead-line. He obeys the boss and here is the code he wrote:
#define BUFSIZ 100
int main()
{
char * response;
response = (char *) malloc (sizeof(char) * BUFSIZ);
char input[50];
printf("Enter your first name:"
scanf("%49s",input);
strlcat(response, input, BUFSIZ);
printf("Enter your middle name:"
scanf("%49s",input);
strlcat(response, input, BUFSIZ);
printf("Enter your last name:"
scanf("%49s",input);
strlcat(response, input, BUFSIZ);
}
Do you think this guy needs to be corrected?
Saturday, April 02, 2005
A simple C code.
I asked an interviewee to write a code that should take a string from user and print it back.
He scribbled it in a fraction of second:
void main()
{
char name[100];
scanf("%s", name);
printf(name);
}
Do you think this code is secure? If not, how many bugs does it have?
He scribbled it in a fraction of second:
void main()
{
char name[100];
scanf("%s", name);
printf(name);
}
Do you think this code is secure? If not, how many bugs does it have?
Subscribe to:
Posts (Atom)