The following C code lacks appropriate bound checking to enforce variable size restrictions on a copy. This is a rudimentary example of poor programming, but it is the basis for many exploits that are part of the Metasploit framework.
#include <string.h> #include <stdio.h> int main (int argc, char *argv[]) { if (argc!=2) return 1; char copyto[12]; strcpy(copyto, argv[1]); // failure to enforce size restrictions printf("The username you provided is %s", copyto); return 0; }
We take this code and place it into a file called username_test.cpp
, and then compile it with MinGW, as shown following:
We can then run newly compiled program to see it returns whatever text we provide it.
Now, start Immunity and open the username_test.exe
binary with the argument test, as seen below. This does functionally the same thing as both the Python script and running it from the command line, which means that you can monitor the output from the...