Need help finding vulnerabilities

Need help finding vulnerabilities

Post by wallabong on Tue Dec 25, 2012 8:09 am
([msg=71838]see Need help finding vulnerabilities[/msg])

Hey guys,

I've been pushing myself into learning and understanding buffer overflows and now I'm desperately looking for vulnerabilities in a given executable (see file below).

This program listens on a given port when running (./vuln 8888 for port 8888), writes into a log file ("/tmp/vuln.log") and waits for user input. If there is a user input, it prints it onto the shell, writes into the log file something like "%buffer = 0xbffff1d0" and replies with "OK".

After some investigations, I'm sure it is vulnerable to buffer overflows and uses a char * buffer[2000].
In all tutorials, it is usually enough to use a larger input than allowed to crash the program. But I just can't get it crashing.

I hope the solution is not too obvious....

Some help would be much appreciated!

Cheers
wallabong

Linux executable:
*Executable link removed. We don't normally allow this for security reasons. PM a Mod to discuss*
wallabong
New User
New User
 
Posts: 1
Joined: Tue Dec 25, 2012 7:57 am
Blog: View Blog (0)


Re: Need help finding vulnerabilities

Post by centip3de on Fri Dec 28, 2012 1:27 pm
([msg=71873]see Re: Need help finding vulnerabilities[/msg])

wallabong wrote:Hey guys,

I've been pushing myself into learning and understanding buffer overflows and now I'm desperately looking for vulnerabilities in a given executable (see file below).

This program listens on a given port when running (./vuln 8888 for port 8888), writes into a log file ("/tmp/vuln.log") and waits for user input. If there is a user input, it prints it onto the shell, writes into the log file something like "%buffer = 0xbffff1d0" and replies with "OK".

After some investigations, I'm sure it is vulnerable to buffer overflows and uses a char * buffer[2000].
In all tutorials, it is usually enough to use a larger input than allowed to crash the program. But I just can't get it crashing.

I hope the solution is not too obvious....

Some help would be much appreciated!

Cheers
wallabong

Linux executable:
*Executable link removed. We don't normally allow this for security reasons. PM a Mod to discuss*


Just because there is a char array, doesn't mean that there is a buffer overflow -- you need to know how the buffer is used in order to detect that. Do you have access to the source?
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1426
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)



Return to C and C++

Who is online

Users browsing this forum: No registered users and 0 guests