Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Explore the Vulnerability in the following snippets - Help Requried

mystery_reverser
mystery_reverser
in Malware Reverse Engineering

Featured Replies

Posted

Hello Guys,

I am a newbie to reverse engineering vulnerabilities. Following are some of the vulnerable codes, for which I want to know the answer for the following questions.

It would be great if you guys explain elaborately so that I can kick start my vulnerability analysis with a bang. Please help me out guys.

You can mail me the answers to mysteryreverse@gmail.com or post it here as doc file.

Regards,

Mystery

Here is the doc file!!

Vulnerablitity.zip

Vulnerablitity.doc

Edited by quosego

subl $132, %esp

[...]

pushl $256

leal -132(%ebp), %ebx

1. Linux asm seems inverted. ;)

2. I'm not really an exploit kind of guy. So don't blame me if I'm wrong.

3. Assuming 256 is the max length of the stream which is retrieved by fgets substracting only 132 of the stack means you can feed a bigger stream than this and corrupt the stack which can be used to execute code.

PHP exploits are not my speciality. :) So nothing there.. Prolly sql injects or so..

And btw is this your homework. ;)

  • Author

Yeah its a part of that!!!

Anyway can anybody let me know the right one guys!!!!

subl $132, %esp

[...]

pushl $256

leal -132(%ebp), %ebx

1. Linux asm seems inverted. ;)

2. I'm not really an exploit kind of guy. So don't blame me if I'm wrong.

3. Assuming 256 is the max length of the stream which is retrieved by fgets substracting only 132 of the stack means you can feed a bigger stream than this and corrupt the stack which can be used to execute code.

PHP exploits are not my speciality. :) So nothing there.. Prolly sql injects or so..

And btw is this your homework. ;)

#1: XSS vulnerability, easily. Pass in <script>alert('XSS');</script> for $_GET['name'] and watch it go~

#2: Obvious SQL injection here. Something like: ','',''); DROP TABLE users-- might work, I've never been one for SQL injections.

#3: Buffer overflow vulnerability. I don't really know how to exploit these, yet.

#4: ^

1. Linux asm seems inverted. ;)

That's just AT&T syntax :P But I'm sure you know that. Ugh, I despise AT&T syntax. It's makes so little sense when you're used to Intel syntax!

Edited by Hyperlisk

#3 Buffer Overflow:

For starters your using a C-coded program to do CGI work. Getenv("INPUT") is cgi.. to help ya understand this a lil better look at my modded up version of your code i wrote in Dev-c++... when you goto run this wait a few, the 300 chars will print and it most def will crash and print a minidump


#include <stdlib.h>
#include <stdio.h>
#include <string.h>int main() {
  char *tmp;
  char buf[256];
  //tmp = getenv("INPUT");
  tmp="10101010101010101010101010101010101010101010101010"
        "10101010101010101010101010101010101010101010101010"
        "10101010101010101010101010101010101010101010101010"
        "10101010101010101010101010101010101010101010101010"
        "10101010101010101010101010101010101010101010101010"
        "10101010101010101010101010101010101010101010101010";
  if (tmp != NULL) {
    strncpy(buf, tmp, strlen(tmp));
    printf("INPUT: %s\n");
  } else {
    exit(1);
  }
  return(0);
}

head over to IBM's site and look for "Make your software behave: Preventing buffer overflows"

Edited by JMC31337

#3 Buffer Overflow:

For starters your using a C-coded program to do CGI work. Getenv("INPUT") is cgi.. to help ya understand this a lil better look at my modded up version of your code i wrote in Dev-c++... when you goto run this wait a few, the 300 chars will print and it most def will crash and print a minidump


#include <stdlib.h>
#include <stdio.h>
#include <string.h>int main() {
  char *tmp;
  char buf[256];
  //tmp = getenv("INPUT");
  tmp="10101010101010101010101010101010101010101010101010"
        "10101010101010101010101010101010101010101010101010"
        "10101010101010101010101010101010101010101010101010"
        "10101010101010101010101010101010101010101010101010"
        "10101010101010101010101010101010101010101010101010"
        "10101010101010101010101010101010101010101010101010";
  if (tmp != NULL) {
    strncpy(buf, tmp, strlen(tmp));
    printf("INPUT: %s\n");
  } else {
    exit(1);
  }
  return(0);
}

head over to IBM's site and look for "Make your software behave: Preventing buffer overflows"

Pretty sure this is like his homework or something, he's not the one that wrote it.

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.