long int array3 1 Exploit 0 1 long int Youve been hacked n 2 Provide pointer

Long int array3 1 exploit 0 1 long int youve been

This preview shows page 2 - 5 out of 7 pages.

long int array[3] = // 1. Exploit { 0, 1, (long int)"!!!!!!!!!!!!! You've been hacked !!!!!!!!!!!!!\n" // 2. Provide pointer
Image of page 2
}; // exploit it subterfugeVulnerability(array, 3); } /************************************************************** ************************************************************** ******************** ARRAY ************************** ************************************************************** **************************************************************/ /************************************* * ARRAY VULNERABILTY * 1. There must be an array and an array index variable * 2. The array index variable must be reachable through external input. * 3. There must not be bounds checking on the array index variable. ************************************/ void arrayVulnerability(int i, bool hack/* feel free to add parameters */) { char arr[4] = {}; bool safe = true; arr[i] = hack; if (safe) cout << "All is safe; nothing bad happened\n"; else { cout << "!!!!!!!!!!!!! You've been hacked !!!!!!!!!!!!!\n"; } } /************************************** * ARRAY EXPLOIT * 1. The attacker provides an array index value outside the expected range * 2. The attacker must be able to provide input or redirect * existing input into the array at the index he provided * 3. The injected value must alter program state in a way * that is desirable to the attacker *************************************/ void arrayExploit() { bool hack = false; arrayVulnerability(4, hack); //1. range in 3, 2. input is a bool true } /************************************************************** ************************************************************** ******************** ARC ************************** ************************************************************** **************************************************************/ /********************************* * ARC VULNERABILITY * 1. There must be a function pointer used in the code. * 2. Through some vulnerability, there must be a way for user input * to overwrite the function pointer. This typically happens through * a stack buffer vulnerability. * 3. After the memory is overwritten, the function pointer must
Image of page 3
* be dereferenced ********************************/ void arcVulnerability(long* arr, int size/* feel free to add parameters */) { long int buffer[2]; long(*pointerFunction)() = safe; for (int i = 0; i < size; i++) { buffer[i] = arr[i]; } pointerFunction(); } /********************************* * ARC EXPLOIT * 1. The attacker must exploit a vulnerability allowing * unintended access to the function pointer * 2. The attacker must have the address to another function * which is to be used to replace the existing function pointer ********************************/ void arcExploit() { long int arr[3] = { 0,1,(long int)hacked }; arcVulnerability(arr, 3); } /************************************************************** ************************************************************** ******************** VTABLE ************************** ************************************************************** **************************************************************/ /*********************************** * VULNERABILITY * 1. The vulnerable class must be polymorphic.
Image of page 4
Image of page 5

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture