Last active
August 29, 2015 14:06
-
-
Save leonjza/3d9781e19d08b8f1aa27 to your computer and use it in GitHub Desktop.
BOF Sample
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <string.h> | |
| /* | |
| * Overly complex BOF example code. | |
| * Leon Jacobs - 2014 | |
| * | |
| * The reason for this is to try get some more useful assembly | |
| * out of the program so that we can get some interesting POC's | |
| */ | |
| /* strlen code from http://fxr.watson.org/fxr/source/libkern/strlen.c?v=DFBSD */ | |
| size_t strlen(const char *str ) | |
| { | |
| const char *s; | |
| for (s = str; *s; ++s); | |
| return(s - str); | |
| } | |
| /* check that the string matches our minimum len requirement */ | |
| int check_string( const char *string_to_check ) | |
| { | |
| int len; | |
| len = strlen(string_to_check); | |
| if (len <= 5) { | |
| printf("The string is not long enoug! Provide at least 5 chars.\n"); | |
| return 0; | |
| } | |
| return 1; | |
| } | |
| int main( int argc, char *argv[] ) | |
| { | |
| /* arg check */ | |
| if (argc < 2) { | |
| printf("You need to provide a string. Usage is %s <string>\n", argv[0]); | |
| return 1; | |
| } | |
| /* Copy 500 bytes into recieved */ | |
| char received[500]; | |
| strncpy(received, argv[1], 500); | |
| /* test this string meets min len */ | |
| int len_ok = check_string(received); | |
| if (len_ok) { | |
| char buffer[20]; | |
| strcpy(buffer, argv[1]); /* BOF! */ | |
| printf("String is %d characters long and is: %s.\n", strlen(buffer), buffer); | |
| } | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment