$ cat FormatString.c
#include
int main(int argc, char **argv)
{
char acName[256];
scanf("%255[^\n]", acName);
printf(acName);
printf("\n");
}
$ gcc FormatString.c
$ ./a.out
secure coding <== nothing special
secure coding
$ ./a.out
%x %x %x %x %x <== read attack
bffff9e0 8048244 3530 25207825 78252078
$ ./a.out
abcde%n <== write attack
abcde
$ ./a.out
%s %s %s %s %s <== DoS attack
Segmentation fault
$
_____________________
Example Code
You can start experimenting with this simple code.
#include
int main(int argc, char **argv)
{
char acName[256];
scanf("%255[^\n]", acName);
printf(acName);
}
Enter secure coding as input.
You did nothing special. This is what everyone does. Now lets do something like hackers.
Enter %x %x %x %x %x as input.
You just read 5 values from the stack.
Enter abcde%n as input.
You just wrote 5 in some arbitrary location. Hence the program crashed.
+of+Copy+of+100_0056.JPG)
No comments:
Post a Comment