Malware Domain List
Malware Related => Malware Analysis => Topic started by: mystery_reverse on May 18, 2010, 02:19:23 pm
-
#include <stdio.h>
#include <stdlib.h>
void
display ( char *string )
{
printf(string);
}
int
main ( int argc, char **argv )
{
int authorized = 0;
int tries = 0;
char input[64];
printf(" Password checker \n");
while ( tries != 3 ) {
printf("Enter Your Password -> ");
if ( gets(input) == NULL ) {
display("Failed call to gets(), aborting.\n");
break;
}
if ( strcmp(input, "malware") == 0 ) {
display("Correct password detected!\n");
authorized = 1;
break;
} else {
display(input);
display(" : Incorrect password, please retry.\n");
tries++;
}
}
if ( authorized )
display("You have been given access to our system!\n");
else
display("You have not been given access to our system.\n");
exit(0);
}
-
i'm just a newbie in this area but the only vuln i (think) i spotted is a buffer overflow in if ( gets(input) == NULL ) { which causes abnormal exit if input is bigger than 64 bytes
-
Hello,
#include <stdio.h>
#include <stdlib.h>
void
display ( char *string )
{
printf(string);
}
Here we have a format string bug.
int
main ( int argc, char **argv )
{
int authorized = 0;
int tries = 0;
char input[64];
printf(" Password checker \n");
while ( tries != 3 ) {
printf("Enter Your Password -> ");
if ( gets(input) == NULL ) {
display("Failed call to gets(), aborting.\n");
break;
}
if ( strcmp(input, "malware") == 0 ) {
display("Correct password detected!\n");
authorized = 1;
break;
}
And here buffer overflow.