Last active
September 21, 2017 03:51
-
-
Save jda0/db90d809da6b6a819e6e834b2894a6ad to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <cstdio> | |
| #include <cstring> | |
| #include <cstdlib> | |
| using namespace std; | |
| void login1(char * input1, char * input2) { | |
| struct { | |
| char username[20]; | |
| char password[30]; | |
| char canary; | |
| char good_username[20]; | |
| char good_password[30]; | |
| char goodcanary; | |
| } v; | |
| v.canary = 'a'; | |
| v.goodcanary = 'a'; | |
| //read correct username and password | |
| FILE * fp = fopen("password", "r"); | |
| fgets(v.good_username, 20, fp); | |
| fgets(v.good_password, 30, fp); | |
| fclose(fp); | |
| v.good_username[strlen(v.good_username)-1] = '\0'; | |
| v.good_password[strlen(v.good_password)-1] = '\0'; | |
| strcpy(v.username, input1); | |
| strcpy(v.password, input2); | |
| //terminate strings properly | |
| v.username[19] = '\0'; | |
| v.password[29] = '\0'; | |
| v.good_username[19] = '\0'; | |
| v.good_password[29] = '\0'; | |
| //check login success | |
| if (v.canary != v.goodcanary) { | |
| printf("Stack overflow detected, exiting.\n"); | |
| exit(-1); | |
| } | |
| if (strcmp(v.username, v.good_username) == 0 && strcmp(v.password, v.good_password) == 0) printf("Login successful!\n"); | |
| } | |
| void login2(char * input1, char * input2) { | |
| struct { | |
| int goodcanary; | |
| char username[20]; | |
| char password[30]; | |
| int canary; | |
| char good_username[20]; | |
| char good_password[30]; | |
| } v; | |
| //read correct username and password | |
| FILE * fp = fopen("password", "r"); | |
| fgets(v.good_username, 20, fp); | |
| fgets(v.good_password, 30, fp); | |
| fclose(fp); | |
| v.good_username[strlen(v.good_username)-1] = '\0'; | |
| v.good_password[strlen(v.good_password)-1] = '\0'; | |
| v.goodcanary = input1[1]*256*256*257 + (input1[0]-20)*256 + 67; | |
| v.canary = v.goodcanary; | |
| strcpy(v.username, input1); | |
| strcpy(v.password, input2); | |
| //set up canary | |
| // v.goodcanary = v.username[1]*256*256*257 + (v.username[0]-20)*256 + 67; | |
| // v.canary = v.goodcanary; | |
| //terminate strings properly | |
| v.username[19] = '\0'; | |
| v.password[29] = '\0'; | |
| v.good_username[19] = '\0'; | |
| v.good_password[29] = '\0'; | |
| //check login success | |
| if (v.canary != v.goodcanary) { | |
| printf("Stack overflow detected, exiting.\n"); | |
| exit(-1); | |
| } | |
| if (strcmp(v.username, v.good_username) == 0 && strcmp(v.password, v.good_password) == 0) printf("Login successful!\n"); | |
| } | |
| void login3(char * input1, char * input2) { | |
| struct { | |
| char username[20]; | |
| char password[30]; | |
| char good_username[20]; | |
| char good_password[30]; | |
| char good; | |
| } v; | |
| v.good = -1; | |
| //read correct username and password | |
| FILE * fp = fopen("password", "r"); | |
| fgets(v.good_username, 20, fp); | |
| fgets(v.good_password, 30, fp); | |
| fclose(fp); | |
| v.good_username[strlen(v.good_username)-1] = '\0'; | |
| v.good_password[strlen(v.good_password)-1] = '\0'; | |
| strcpy(v.username, input1); | |
| strcpy(v.password, input2); | |
| //terminate strings properly | |
| v.username[19] = '\0'; | |
| v.password[29] = '\0'; | |
| v.good_username[19] = '\0'; | |
| v.good_password[29] = '\0'; | |
| //check login success | |
| if (strcmp(v.username, v.good_username) == 0 && strcmp(v.password, v.good_password) == 0) v.good = 0; | |
| if (v.good == 0) printf("Login successful!\n"); | |
| } | |
| int main(int argc, char* argv[]) { | |
| char helpstr[] = "Use: login -? <input file or username password>\nOptions are: -i, -j, -k (see manual)\n"; | |
| if (argc < 3) { | |
| printf("%s\n", helpstr); | |
| return -1; | |
| } | |
| if (strlen(argv[1]) < 2) { | |
| printf("%s\n", helpstr); | |
| return -1; | |
| } | |
| switch(argv[1][1]) { | |
| case 'i': | |
| if (argc < 4) { | |
| break; | |
| } | |
| login1(argv[2], argv[3]); | |
| break; | |
| case 'j': | |
| if (argc < 4) { | |
| break; | |
| } | |
| login2(argv[2], argv[3]); | |
| break; | |
| case 'k': | |
| if (argc < 4) { | |
| break; | |
| } | |
| login3(argv[2], argv[3]); | |
| break; | |
| default: | |
| printf("%s\n", helpstr); | |
| return -1; | |
| } | |
| return 0; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <obfuscated input> | |
| J-PC j /mnt/c/Users/J/Desktop/comp3632_a1 gcc -g -o login2 login.cpp | |
| J-PC j /mnt/c/Users/J/Desktop/comp3632_a1 ./login2 -j █a█d█l█0█0█0█0█0█0█0 █0█0█0█0█0█0█0█0█0█0█0█0█0█0█0█0CVaa█a█d█l█0█0█0█0█0█0█0█0█0█0█0█0█0█0█0█0█0█0█0█0█0█0█0 | |
| Login successful! | |
| J-PC j /mnt/c/Users/J/Desktop/comp3632_a1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment