current community

your communities

more stack exchange communities

Stack Exchange
tour help
stack overflow careers
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

Which input string should an attacker enter to get exactely the content of pw ?

void func(char *in)
{
  char *pw = "53cr37p455";
  printf(in);
}

void func2(void)
{
  printf("Dummy string.\n");
}

int main(int argc, char *argv[])
{
  char in[512];
  printf("Buffer located at: 0x%x\n", &in[0]);
  printf("Type in data: ");
  fgets(in, 511, stdin);
  func(in);

return 0;
}

Thanks in advance

share|improve this question
1  
What do you mean by "get exactely the content of the pw" ?? I would have answered "53cr37p455", but i guess that isn't what you want to hear. –  Guntram Blohm Dec 10 '13 at 18:34
    
When a user runs this code fragment, then he would be prompt, from the command line, to enter a string. This string is asked –  user2315181 Dec 10 '13 at 18:42
    
The string the user should enter is 53cr37p455. –  Guntram Blohm Dec 10 '13 at 18:43
    
do you know something about format string vulnerability ? –  user2315181 Dec 10 '13 at 18:45
    
Why didn't you ask for that in the first place .. A string like "%s%s%s%s%s%s%s%s%s%s%s" has a good chance to catch the password somewhere, because pw should be on the stack, a few frames above the 1st argument to printf. But which of the "%s"s catches the password depends a lot on architecture, 32 vs 64 bit, compiler version, optimizer flags and the like. –  Guntram Blohm Dec 10 '13 at 18:52

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.