Tuesday, November 2, 2010

I wrote my first exploit

I had the following program for many years now:

main(int argc , char argv[])
{
char rest[100];
char first;
char *e;
e = getenv("NAME");
if(!e) exit(1);
if(strlen(e)>sizeof(rest)) exit(1);
first = e[0];
strcpy(rest, &e[1]);
printf("First char =%c\n",first);
printf("the rest =%s\n",rest);
}

I found the in the Data Fort Hack challenge.

I know the error in this code since the beginning but I wasn't able to exploit it. After reading the first part of the book Hacking: The Art Of Exploitation, I bought a few weeks ago, I succeeded to write an exploit this Saturday. My first ever working exploit!:)

It was great to see at the end that:

sh-3.2# whoami
root
sh-3.2#

Posted by Stone at 8:33 AM

Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)