Mdthbs

A ​Note ​on ​N!

Is Electric Central Heating worth it if using Solar Panels?

Philosophical question on logistic regression: why isn't the optimal threshold value trained?

How do I reattach a shelf to the wall when it ripped out of the wall?

Creating a chemical industry from a medieval tech level without petroleum

Is there metaphorical meaning of "aus der Haft entlassen"?

What is the most expensive material in the world that could be used to create Pun-Pun's lute?

Is there a word for the censored part of a video?

How much cash can I safely carry into the USA and avoid civil forfeiture?

Cayley's Matrix Notation

Negative Resistance

How can I practically buy stocks?

Where was the County of Thurn und Taxis located?

How exactly does Hawking radiation decrease the mass of black holes?

Israeli soda type drink

Check if a string is entirely made of the same substring

"My boss was furious with me and I have been fired" vs. "My boss was furious with me and I was fired"

Why do distances seem to matter in the Foundation world?

How bug prioritization works in agile projects vs non agile

Zonal Statistics is returning null values in ArcGIS

Drawing a german abacus as in the books of Adam Ries

Rudin 2.10 (b) Example

Should the Product Owner dictate what info the UI needs to display?

Can someone publish a story that happened to you?

Memory Attack in C with Buffer Overflow

What is parallel memory allocation?very high buffer memory usageWriting to Arbitrary Memory Addressesbuffer cache and free memoryShared memory v/s physical memoryHow to identify cause of large buffer memory usage?Buffer memory increasedExecute command with memory constrainsMemory runs full over time, high “buffer/cache” usage, low “available” memoryMemory Attack(Buffer Overflow) in C

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

0

File q3:
I need to use memory exploit to read the content of file 'secret' that has no read permission for my group.

I tried using ./q3 $(python -c 'print "xadxddxba"*1024 ') to get the output from file 'secret' (look line 8), but probably I did some mistake. Please help

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <sys/types.h>

#include <unistd.h>

int secret_func() {

   setreuid(geteuid(), getegid());

   system("/bin/cat /home/q3/secret");

}

int main(int argc, char **argv) 

{

struct {

    char buffer[1024];

    volatile unsigned int (*fp)();

} locals;



locals.fp = 0;



if (argc != 2) {

   printf("Usage: q3 <some string>n");

   return -1;

}

strcpy(locals.buffer, argv[1]);



printf("Jumping to 0x%08x!!n", (unsigned int)locals.fp);

locals.fp();

return 0;

}

terminal memory c

share|improve this question

asked 12 mins ago

DanielDaniel

1

New contributor

Daniel is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

0

File q3:
I need to use memory exploit to read the content of file 'secret' that has no read permission for my group.

I tried using ./q3 $(python -c 'print "xadxddxba"*1024 ') to get the output from file 'secret' (look line 8), but probably I did some mistake. Please help

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <sys/types.h>

#include <unistd.h>

int secret_func() {

   setreuid(geteuid(), getegid());

   system("/bin/cat /home/q3/secret");

}

int main(int argc, char **argv) 

{

struct {

    char buffer[1024];

    volatile unsigned int (*fp)();

} locals;



locals.fp = 0;



if (argc != 2) {

   printf("Usage: q3 <some string>n");

   return -1;

}

strcpy(locals.buffer, argv[1]);



printf("Jumping to 0x%08x!!n", (unsigned int)locals.fp);

locals.fp();

return 0;

}

terminal memory c

share|improve this question

asked 12 mins ago

DanielDaniel

1

New contributor

Daniel is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

File q3:
I need to use memory exploit to read the content of file 'secret' that has no read permission for my group.

I tried using ./q3 $(python -c 'print "xadxddxba"*1024 ') to get the output from file 'secret' (look line 8), but probably I did some mistake. Please help

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <sys/types.h>

#include <unistd.h>

int secret_func() {

   setreuid(geteuid(), getegid());

   system("/bin/cat /home/q3/secret");

}

int main(int argc, char **argv) 

{

struct {

    char buffer[1024];

    volatile unsigned int (*fp)();

} locals;



locals.fp = 0;



if (argc != 2) {

   printf("Usage: q3 <some string>n");

   return -1;

}

strcpy(locals.buffer, argv[1]);



printf("Jumping to 0x%08x!!n", (unsigned int)locals.fp);

locals.fp();

return 0;

}

terminal memory c

share|improve this question

asked 12 mins ago

DanielDaniel

1

New contributor

Daniel is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <sys/types.h>

#include <unistd.h>

int secret_func() {

   setreuid(geteuid(), getegid());

   system("/bin/cat /home/q3/secret");

}

int main(int argc, char **argv) 

{

struct {

    char buffer[1024];

    volatile unsigned int (*fp)();

} locals;



locals.fp = 0;



if (argc != 2) {

   printf("Usage: q3 <some string>n");

   return -1;

}

strcpy(locals.buffer, argv[1]);



printf("Jumping to 0x%08x!!n", (unsigned int)locals.fp);

locals.fp();

return 0;

}

share|improve this question

asked 12 mins ago

DanielDaniel

1

New contributor

Daniel is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 12 mins ago

DanielDaniel

1

New contributor

Daniel is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 12 mins ago

DanielDaniel

1

New contributor

Daniel is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 12 mins ago

DanielDaniel

1