Zenk - Security hackingweek_2014:exploit
http://wiki.zenk-security.com/
2026-04-20T03:54:07+02:00
Zenk - Security
http://wiki.zenk-security.com/
http://wiki.zenk-security.com/lib/tpl/dokuwiki/images/favicon.ico
-
text/html
2014-03-03T11:46:54+02:00
hackingweek_2014:exploit:exploit1
http://wiki.zenk-security.com/doku.php?id=hackingweek_2014:exploit:exploit1&rev=1393843614&do=diff
Source :
#define _GNU_SOURCE
#include <stdlib.h>
#include <unistd.h>
int main(){
gid_t gid = getegid();
uid_t uid = geteuid();
setresgid(gid, gid, gid);
setresuid(uid, uid, uid);
system("/usr/bin/env echo Find the flaw!");
return EXIT_SUCCESS;
}
-
text/html
2014-03-04T21:47:50+02:00
hackingweek_2014:exploit:exploit2
http://wiki.zenk-security.com/doku.php?id=hackingweek_2014:exploit:exploit2&rev=1393966070&do=diff
Source :
#include <stdlib.h>
#include <string.h>
void func(char *str) {
char buffer[32];
strcpy (buffer, str);
}
int main (int argc, char **argv) {
volatile int i = 0;
if (argc > 1)
func (argv[1]);
if (i)
system ("/bin/sh");
return EXIT_SUCCESS;
}
-
text/html
2014-03-03T11:46:25+02:00
hackingweek_2014:exploit:exploit3
http://wiki.zenk-security.com/doku.php?id=hackingweek_2014:exploit:exploit3&rev=1393843585&do=diff
Source :
#include <string.h>
int main (int argc, char *argv[]) {
char buffer[64];
if (argc > 1)
strcpy (buffer, argv[1]);
return 0;
}
La vulnérabilité se trouve au niveau de l'appel à la fonction strcpy() qui copie l'argument d'entrée dans un tableau de 64.
-
text/html
2014-03-03T18:40:58+02:00
hackingweek_2014:exploit:exploit4
http://wiki.zenk-security.com/doku.php?id=hackingweek_2014:exploit:exploit4&rev=1393868458&do=diff
Ici, l'épreuve est simple. Une fois de plus, un binaire nous est donné avec son code C associé.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
int target;
void bar() {
system("/bin/sh <>/dev/tty");
_exit(EXIT_SUCCESS);
}
void foo() {
char buffer[512];
fgets(buffer, sizeof(buffer), stdin);
printf(buffer);
exit(EXIT_SUCCESS);
}
int main() {
foo();
return EXIT_SUCCESS;
}
-
text/html
2014-03-03T11:45:31+02:00
hackingweek_2014:exploit:exploit5
http://wiki.zenk-security.com/doku.php?id=hackingweek_2014:exploit:exploit5&rev=1393843531&do=diff
Source :
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <libgen.h>
#include <sys/types.h>
char *program;
struct task {
int priority;
char *name;
};
void foo() {
system("/bin/sh");
exit(EXIT_SUCCESS);
}
struct task *task_alloc() {
struct task *task = malloc(sizeof(struct task));
if (!task) {
fprintf(stderr, "%s: error: out of memory\n", program);
exit(EXIT_FAILURE);
}
task->name = malloc(8 * sizeof(char));
if (!task->name) {
fprintf(…