C 打印机密[0]和修改机密[0]漏洞攻击
我有这个实验室要做,这是C格式字符串漏洞。我必须做三件事:使程序崩溃,打印出secret[0]或secret[1]值,并修改secret[0]或secret[1]。我成功地使程序崩溃了。我的问题是,我将如何执行其他两个步骤?我不明白如何做这些步骤,也找不到一个好的解释来帮助我理解它C 打印机密[0]和修改机密[0]漏洞攻击,c,string,security,exploit,format-string,C,String,Security,Exploit,Format String,我有这个实验室要做,这是C格式字符串漏洞。我必须做三件事:使程序崩溃,打印出secret[0]或secret[1]值,并修改secret[0]或secret[1]。我成功地使程序崩溃了。我的问题是,我将如何执行其他两个步骤?我不明白如何做这些步骤,也找不到一个好的解释来帮助我理解它 /* vul_prog.c */ #include<stdio.h> #include<stdlib.h> #define SECRET1 0x44 #define SECRET2 0x5
/* vul_prog.c */
#include<stdio.h>
#include<stdlib.h>
#define SECRET1 0x44
#define SECRET2 0x55
int main(int argc, char *argv[])
{
char user_input[100];
int *secret;
int int_input;
int a, b, c, d; /* other variables, not used here.*/
/* The secret value is stored on the heap */
secret = (int *) malloc(2*sizeof(int));
/* getting the secret */
secret[0] = SECRET1; secret[1] = SECRET2;
printf("The variable secret's address is 0x%8x (on stack)\n",(unsigned int)&secret);
printf("The variable secret's value is 0x%8x (on heap)\n", (unsigned int)secret);
printf("secret[0]'s address is 0x%8x (on heap)\n", (unsigned int)&secret[0]);
printf("secret[1]'s address is 0x%8x (on heap)\n", (unsigned int)&secret[1]);
printf("Please enter a decimal integer\n");
scanf("%d", &int_input); /* getting an input from user */
printf("Please enter a string\n");
scanf("%s", user_input); /* getting a string from user */
/* Vulnerable place */
printf(user_input);
printf("\n");
/* Verify whether your attack is successful */
printf("The original secrets: 0x%x -- 0x%x\n", SECRET1, SECRET2);
printf("The new secrets: 0x%x -- 0x%x\n", secret[0], secret[1]);
return 0;
}
但是我对如何查找和修改密码感到困惑。您确定在密码之前声明用户输入[100]吗?您确定在密码之前声明用户输入[100]吗?
The variable secret's address is 0x5c349888 (on stack)
The variable secret's value is 0x49403250 (on heap)
secret[0]'s address is 0x49403250 (on heap)
secret[1]'s address is 0x49403254 (on heap)
Please enter a decimal integer
777
Please enter a string
%x,%x,%s
Segmentation fault: 11