miércoles, 11 de marzo de 2009

Get codes and passwords unprotected program

This is a simple example of how it could violate an application to request password or keys, and that is not protected.

The example of the application binary that would be the following code:

easyKey.c
Código
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
 
char *password = "A9D6B4C3E2F1";
 
int main(int argc, char **argv) {
if(argc == 2) {
if(strncmp(password,argv[1],strlen(password) ) == 0)
printf("ok\n");
else
printf("no\n");
}
else {
printf("Use:\n\t%s <key>\n",argv[0]);
}
return 0;
}
 
 

After compile and run:

Código
Anon@localhost % gcc -o easyKey easyKey.c
Anon@localhost % ./easyKey
Use:
   ./easyKey <key>
Anon@localhost % ./easyKey xD
no
Anon@localhost % ./easyKey 1234
no
 

Can see that the code "key" we can get using the strings that come in most Unix environments

Código:
Anon@localhost % strings easyKey
/libexec/ld-elf.so.1
FreeBSD
_Jv_RegisterClasses
libc.so.7
printf
puts
environ
__progname
strncmp
_init_tls
atexit
strlen
_end
FBSD_1.0
$FreeBSD: src/lib/csu/i386-elf/crti.S,v 1.7 2005/05/19 07:31:06 dfr Exp $
A9D6B4C3E2F1
Use:
    %s <key>
$FreeBSD: src/lib/csu/i386-elf/crtn.S,v 1.6 2005/05/19 07:31:06 dfr Exp $
Anon@localhost % ./easyKey A9D6B4C3E2F1
ok

I hope and will help you someday.

Regards

--
- Anon

No hay comentarios:

Populares Siempre