We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi!
Here you have vulnerable concept proofs of heap based buffer overflow, stack buffer overflow and user after free.
To compile:
g++ heap.c -o heap g++ uaf.c -o uaf g++ stack.c -o stack
Is it possible that the ZeraTool tool could successfully exploit these three cases?
peto@ubuntu:~/Desktop/challenges$ cat heap.c #include #include #include #include #define BUFSIZE 10 using namespace std;
int main(int argc, char* argv[]) { if (argc > 1) { cout << "argv[1] = " << argv[1] << endl; } else { cout << "No file name entered. Exiting..."; return -1; } ifstream myReadFile; myReadFile.open(argv[1]); char output[8192]; if (myReadFile.is_open()) { while (!myReadFile.eof()) {
myReadFile >> output;
char *buf; buf = (char *)malloc(sizeof(char)*BUFSIZE); strcpy(buf, output);
} } myReadFile.close(); return 0; }
peto@ubuntu:~/Desktop/challenges$ cat uaf.c #include #include #include #include #define BUFSIZER1 10 using namespace std;
myReadFile >> output; char *buf1R1; buf1R1 = (char *) malloc(BUFSIZER1); free(buf1R1); strcpy(buf1R1, output); } } myReadFile.close(); return 0; }
peto@ubuntu:~/Desktop/challenges$ cat stack.c #include #include
using namespace std;
int main(int argc, char* argv[]) { if (argc > 1) { cout << "argv[1] = " << argv[1] << endl; } else { cout << "No file name entered. Exiting..."; return -1; } ifstream myReadFile; myReadFile.open(argv[1]); char output[10]; if (myReadFile.is_open()) { while (!myReadFile.eof()) {
myReadFile >> output; cout<<output;
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hi!
Here you have vulnerable concept proofs of heap based buffer overflow, stack buffer overflow and user after free.
To compile:
g++ heap.c -o heap
g++ uaf.c -o uaf
g++ stack.c -o stack
Is it possible that the ZeraTool tool could successfully exploit these three cases?
peto@ubuntu:~/Desktop/challenges$ cat heap.c
#include
#include
#include
#include
#define BUFSIZE 10
using namespace std;
int main(int argc, char* argv[])
{
if (argc > 1) {
cout << "argv[1] = " << argv[1] << endl;
} else {
cout << "No file name entered. Exiting...";
return -1;
}
ifstream myReadFile;
myReadFile.open(argv[1]);
char output[8192];
if (myReadFile.is_open()) {
while (!myReadFile.eof()) {
char *buf;
buf = (char *)malloc(sizeof(char)*BUFSIZE);
strcpy(buf, output);
}
}
myReadFile.close();
return 0;
}
peto@ubuntu:~/Desktop/challenges$ cat uaf.c
#include
#include
#include
#include
#define BUFSIZER1 10
using namespace std;
int main(int argc, char* argv[])
{
if (argc > 1) {
cout << "argv[1] = " << argv[1] << endl;
} else {
cout << "No file name entered. Exiting...";
return -1;
}
ifstream myReadFile;
myReadFile.open(argv[1]);
char output[8192];
if (myReadFile.is_open()) {
while (!myReadFile.eof()) {
myReadFile >> output;
char *buf1R1;
buf1R1 = (char *) malloc(BUFSIZER1);
free(buf1R1);
strcpy(buf1R1, output);
}
}
myReadFile.close();
return 0;
}
peto@ubuntu:~/Desktop/challenges$ cat stack.c
#include
#include
using namespace std;
int main(int argc, char* argv[])
{
if (argc > 1) {
cout << "argv[1] = " << argv[1] << endl;
} else {
cout << "No file name entered. Exiting...";
return -1;
}
ifstream myReadFile;
myReadFile.open(argv[1]);
char output[10];
if (myReadFile.is_open()) {
while (!myReadFile.eof()) {
}
}
myReadFile.close();
return 0;
}
The text was updated successfully, but these errors were encountered: