Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <stdio.h>
- #include <string.h>
- /*
- Compile : gcc -fno-stack-protector -z execstack microsoft.c -o microsoft
- Reference : http://www.cigital.com/news/index.php?pg=art&artid=70
- request_data, in parameter which contains user supplied encoded string like
- "host=dot.net&id=user_id&pw=user_password&cookie=da".
- user_id, out parameter which is used to copy decoded 'user_id'.
- password, out parameter which is used to copy decoded 'password'
- */
- void decode(char *request_data, char *user_id, char *password){
- char temp_request[64];
- char *p_str;
- strcpy(temp_request, request_data);
- p_str = strtok(temp_request, "&");
- while(p_str != NULL){
- if (strncmp(p_str, "id=", 3) == 0){
- strcpy(user_id, p_str + 3 );
- }
- else if (strncmp(p_str, "pw=", 3) == 0){
- strcpy(password, p_str + 3);
- }
- p_str = strtok(NULL, "&");
- }
- }
- /*
- Any combination will fail.
- */
- int check_password(char *id, char *password){
- return -1;
- }
- /*
- We use argv[1] to provide request string.
- */
- int main(int argc, char ** argv)
- {
- char user_id[32];
- char password[32];
- user_id[0] = '\0';
- password[0] = '\0';
- if ( argc < 2 ) {
- printf("Usage: victim request.\n");
- return 0;
- }
- decode( argv[1], user_id, password);
- if ( check_password(user_id, password) > 0 ){
- //Dead code.
- printf("Welcome!\n");
- }
- else{
- printf("Invalid password, user:%s password:%s.\n", user_id, password);
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
