October 2016
Beginner to intermediate
650 pages
14h 43m
English
The following C code lacks appropriate bound checking to enforce variable size restrictions on a copy. This is a rudimentary example of poor programming, but it is the basis for many exploits that are part of the Metasploit framework.
#include <string.h>
#include <stdio.h>
int main (int argc, char *argv[])
{
if (argc!=2) return 1;
char copyto[12];
strcpy(copyto, argv[1]); // failure to enforce size restrictions
printf("The username you provided is %s", copyto);
return 0;
}We take this code and place it into a file called username_test.cpp, and then compile it with MinGW, as shown following:
We can then run newly ...
Read now
Unlock full access