Exploit code

followme_1987 · 30-11-2011 12:00am #1

Hi all,
write down a call to the code below that will cause the magic string to be displayed.

/* Read in a name but display the magic string only to the superuser */
  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
  #include <unistd.h>
  #include <sys/types.h>
  char *magic = "This string confers special powers on its reader\n";
  int
  main(int argc, char *argv[])
  {
    char buffer[40];
    uid_t euid;
    if (argc != 2) {
      printf("Usage: %s your_name\n", argv[0]);
      exit(EXIT_FAILURE);
    }
    strncpy(buffer, "Nice to meet you ", sizeof (buffer));
    strcat(buffer, argv[1]);
    printf("%s\n", buffer);
    euid = geteuid();
    if (euid != 0) {
      printf("Sorry %s, you cannot access the magic string\n", argv[1]);
    } else {
      printf("%s\n", magic);
    }
    return (0);
  }

you will use gdb and "perl" if you want to.
THX ALL!I will appreciate your help!

Colonel Panic · 30-11-2011 12:24am

You first!

followme_1987 · 30-11-2011 12:43am

Colonel Panic wrote: »

You first!

Sorry, I am a student aboard. As you know, it is really difficulity for me to study computing in English. I reallllllly don't know how to solve this problem.Please!

Webmonkey · 30-11-2011 9:51am

followme_1987 wrote: »

Sorry, I am a student aboard. As you know, it is really difficulity for me to study computing in English. I reallllllly don't know how to solve this problem.Please!

A lot of programmers don't speak english at all. Is it the question you can't interpret?

Look into buffer overruns.

Exploit code

Comments