include ctype h tolower include string h strcmp sfp
play

#include <ctype.h> // tolower #include <string.h> // - PowerPoint PPT Presentation

Sep 23, 2023 •256 likes •438 views

#include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include <stdio.h> // fgets, fputs void reveal_secret() login { fputs("SUPER SECRET = 42\n", stdout); } login int verify(const char*

  1. #include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include <stdio.h> // fgets, fputs void reveal_secret() login { fputs("SUPER SECRET = 42\n", stdout); } login int verify(const char* name) rip %esp { char user[256]; sfp %ebp verify() int i; 256 bytes %eip for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user user[i] = '\0'; return strcmp(user, "xyzzy") == 0; } i int main() name[i] { rip char login[512]; fgets(login, 512, stdin); sfp if (! verify(login)) return 1; reveal_secret(); return 0; }

  2. #include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include <stdio.h> // fgets, fputs void reveal_secret() login { fputs("SUPER SECRET = 42\n", stdout); } login int verify(const char* name) rip %esp { char user[256]; sfp %ebp verify() int i; 256 bytes %eip for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user user[i] = '\0'; a0 return strcmp(user, "xyzzy") == 0; } i = 0 int main() name[i] { rip char login[512]; fgets(login, 512, stdin); sfp if (! verify(login)) return 1; reveal_secret(); return 0; }

  3. #include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include <stdio.h> // fgets, fputs void reveal_secret() login { fputs("SUPER SECRET = 42\n", stdout); } login int verify(const char* name) rip %esp { char user[256]; sfp %ebp verify() int i; 256 bytes %eip for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user user[i] = '\0'; c2 a0 return strcmp(user, "xyzzy") == 0; } i = 1 int main() name[i] { rip char login[512]; fgets(login, 512, stdin); sfp if (! verify(login)) return 1; reveal_secret(); return 0; }

  4. #include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include <stdio.h> // fgets, fputs void reveal_secret() login { fputs("SUPER SECRET = 42\n", stdout); } login int verify(const char* name) rip %esp { char user[256]; sfp %ebp verify() int i; 256 bytes %eip for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user user[i] = '\0'; d7 c2 a0 return strcmp(user, "xyzzy") == 0; } i = 2 int main() name[i] { rip char login[512]; fgets(login, 512, stdin); sfp if (! verify(login)) return 1; reveal_secret(); return 0; }

  5. #include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include <stdio.h> // fgets, fputs void reveal_secret() login { fputs("SUPER SECRET = 42\n", stdout); } login int verify(const char* name) rip %esp { char user[256]; sfp %ebp verify() int i; 256 bytes %eip for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user user[i] = '\0'; 82 d7 c2 a0 return strcmp(user, "xyzzy") == 0; } i = 3 int main() name[i] { rip char login[512]; fgets(login, 512, stdin); sfp if (! verify(login)) return 1; reveal_secret(); return 0; }

  6. #include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include <stdio.h> // fgets, fputs void reveal_secret() login { fputs("SUPER SECRET = 42\n", stdout); 93 f7 e1 } 7a 7b ab 62 int verify(const char* name) 08 64 ff 7e %esp { char user[256]; cc d5 70 e3 %ebp verify() int i; 256 bytes 91 06 b3 6b %eip for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user user[i] = '\0'; 82 d7 c2 a0 return strcmp(user, "xyzzy") == 0; } i int main() name[i] { rip char login[512]; fgets(login, 512, stdin); sfp if (! verify(login)) return 1; Exploit reveal_secret(); a0c2d782 return 0; ffa86db2 } 307abba9 ad7c

  7. #include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include <stdio.h> // fgets, fputs void reveal_secret() login { fputs("SUPER SECRET = 42\n", stdout); 00 93 f7 e1 } 7a 7b ab 62 int verify(const char* name) 08 64 ff 7e %esp { char user[256]; cc d5 70 e3 %ebp verify() int i; 256 bytes 91 06 b3 6b %eip for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user user[i] = '\0'; 82 d7 c2 a0 return strcmp(user, "xyzzy") == 0; } i int main() name[i] { rip char login[512]; fgets(login, 512, stdin); sfp if (! verify(login)) return 1; reveal_secret(); return 0; }

  8. #include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include <stdio.h> // fgets, fputs void reveal_secret() login { fputs("SUPER SECRET = 42\n", stdout); 00 93 f7 e1 } 7a 7b ab 62 int verify(const char* name) 08 64 ff 7e %esp { char user[256]; cc d5 70 e3 %ebp verify() int i; 256 bytes 91 06 b3 6b %eip for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user user[i] = '\0'; 82 d7 c2 a0 return strcmp(user, "xyzzy") == 0; } i int main() &"xyzzy" { user char login[512]; fgets(login, 512, stdin); rip if (! verify(login)) strcmp() sfp return 1; s reveal_secret(); t r c m p return 0; }

  9. #include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include <stdio.h> // fgets, fputs void reveal_secret() login { fputs("SUPER SECRET = 42\n", stdout); 00 93 f7 e1 } 7a 7b ab 62 int verify(const char* name) 08 64 ff 7e %esp { char user[256]; cc d5 70 e3 %ebp verify() int i; 256 bytes 91 06 b3 6b %eip for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user user[i] = '\0'; 82 d7 c2 a0 return strcmp(user, "xyzzy") == 0; } i int main() &"xyzzy" { user char login[512]; fgets(login, 512, stdin); rip if (! verify(login)) sfp return 1; reveal_secret(); return 0; }

  10. #include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include <stdio.h> // fgets, fputs void reveal_secret() login { fputs("SUPER SECRET = 42\n", stdout); 00 93 f7 e1 } 7a 7b ab 62 int verify(const char* name) 08 64 ff 7e %esp { char user[256]; cc d5 70 e3 %ebp verify() int i; 256 bytes 91 06 b3 6b %eip for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user user[i] = '\0'; 82 d7 c2 a0 return strcmp(user, "xyzzy") == 0; } i int main() &"xyzzy" { user char login[512]; fgets(login, 512, stdin); rip if (! verify(login)) sfp return 1; reveal_secret(); return 0; }

  11. #include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include <stdio.h> // fgets, fputs void reveal_secret() login { fputs("SUPER SECRET = 42\n", stdout); 00 93 f7 e1 } 7a 7b ab 62 int verify(const char* name) 08 64 ff 7e %esp { char user[256]; cc d5 70 e3 %ebp verify() int i; 256 bytes 91 06 b3 6b %eip for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user user[i] = '\0'; 82 d7 c2 a0 return strcmp(user, "xyzzy") == 0; } i int main() &"xyzzy" { user char login[512]; fgets(login, 512, stdin); rip if (! verify(login)) sfp return 1; reveal_secret(); return 0; }

  12. #include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include <stdio.h> // fgets, fputs void reveal_secret() login { fputs("SUPER SECRET = 42\n", stdout); 00 93 f7 e1 } 7a 7b ab 62 int verify(const char* name) 08 64 ff 7e %esp { char user[256]; cc d5 70 e3 %ebp verify() int i; 256 bytes 91 06 b3 6b %eip for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user user[i] = '\0'; 82 d7 c2 a0 return strcmp(user, "xyzzy") == 0; } i int main() &"xyzzy" { user char login[512]; fgets(login, 512, stdin); rip if (! verify(login)) sfp return 1; reveal_secret(); return 0; }

  13. #include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include <stdio.h> // fgets, fputs void reveal_secret() login { fputs("SUPER SECRET = 42\n", stdout); 00 93 f7 e1 } 7a 7b ab 62 int verify(const char* name) 08 64 ff 7e %esp { char user[256]; cc d5 70 e3 %ebp verify() int i; 256 bytes 91 06 b3 6b %eip for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user user[i] = '\0'; 82 d7 c2 a0 return strcmp(user, "xyzzy") == 0; } i int main() &"xyzzy" { user char login[512]; fgets(login, 512, stdin); rip if (! verify(login)) sfp return 1; Exploit reveal_secret(); a0c2d782 return 0; ffa86db2 } 307abba9 ad7c

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

#include &lt;ctype.h&gt; // tolower #include &lt;string.h&gt; // strcmp sfp main() #include

#include &lt;ctype.h&gt; // tolower #include &lt;string.h&gt; // strcmp sfp main() #include

#include &lt;ctype.h&gt; // tolower #include &lt;string.h&gt; // strcmp sfp main() #include &lt;stdio.h&gt; // fgets, fputs void reveal_secret() login { fputs(&quot;SUPER SECRET = 42\n&quot;, stdout); } login int verify(const char*

641 views • 15 slides
f } g e t int main() s { char login[512]; fgets(login, 512, stdin); if (! verify(login))

f } g e t int main() s { char login[512]; fgets(login, 512, stdin); if (! verify(login))

#include &lt;ctype.h&gt; // tolower #include &lt;string.h&gt; // strcmp sfp main() #include &lt;stdio.h&gt; // fgets, fputs void reveal_secret() login { fputs(&quot;SUPER SECRET = 42\n&quot;, stdout); } stdin int verify(const char*

556 views • 28 slides
Strings and File I/O Strings Java String objects are immutable Common methods include:

Strings and File I/O Strings Java String objects are immutable Common methods include:

Strings and File I/O Strings Java String objects are immutable Common methods include: boolean equalsIgnoreCase(String str) String toLowerCase() String substring(int offset, int endIndex) String replace(char oldChar,

638 views • 11 slides
SQL with C Test Program 1: Select a row with one column #include &lt;stdio.h&gt; #include

SQL with C Test Program 1: Select a row with one column #include &lt;stdio.h&gt; #include

SQL with C Test Program 1: Select a row with one column #include &lt;stdio.h&gt; #include &lt;string.h&gt; #include &lt;stdlib.h&gt; EXEC SQL BEGIN DECLARE SECTION; VARCHAR userid[20]; VARCHAR passwd[20]; int value; EXEC SQL END DECLARE

550 views • 6 slides
INCLUDE INTERDISCIPLINARY NETWORK OF SPECIAL &amp; INTERCULTURAL EDUCATION About INCLUDE is a

INCLUDE INTERDISCIPLINARY NETWORK OF SPECIAL &amp; INTERCULTURAL EDUCATION About INCLUDE is a

INCLUDE INTERDISCIPLINARY NETWORK OF SPECIAL &amp; INTERCULTURAL EDUCATION About INCLUDE is a Scientific Association. Year of foundation: 2011 INCLUDE is working towards an INCLUSIVE COMMUNITY. Investigates, implements and evaluates

808 views • 27 slides
PHP include file 1 CS380 PHP Include File 2 Insert the content of one PHP file into another

PHP include file 1 CS380 PHP Include File 2 Insert the content of one PHP file into another

PHP include file 1 CS380 PHP Include File 2 Insert the content of one PHP file into another PHP file before the server executes it Use the include() generates a warning, but the script will continue execution require()

354 views • 31 slides
Strings Advanced String Expressions An Interesting Problem Characters include punctuation (

Strings Advanced String Expressions An Interesting Problem Characters include punctuation (

Module 6 Strings Advanced String Expressions An Interesting Problem Characters include punctuation ( 'Hello!' ) What if we want to put a quote in a string? Example : D o n ' t Problem : 'Don't' ????

703 views • 37 slides
.include &quot;defines.h&quot; .data hello: ta8 .string &quot;hello

.include &quot;defines.h&quot; .data hello: ta8 .string &quot;hello

System call example .include &quot;defines.h&quot; .data hello: ta8 .string &quot;hello world\n&quot; .text .globl _start _start: movl $SYS_write,%eax // SYS_write = 4 Spring 200 6 movl $STDOUT,%ebx // fd =

84 views • 4 slides
Extension of String Waves Include Friction &amp; Gravity Rubin H Landau Sally Haerer,

Extension of String Waves Include Friction &amp; Gravity Rubin H Landau Sally Haerer,

Friction T ( x ) Catenary Extension of String Waves Include Friction &amp; Gravity Rubin H Landau Sally Haerer, Producer-Director Based on A Survey of Computational Physics by Landau, Pez, &amp; Bordeianu with Support from the National

408 views • 8 slides
Argument Example #include &lt;stdio.h&gt; #include &lt;stdlib.h&gt; Computer Programming: Skills

Argument Example #include &lt;stdio.h&gt; #include &lt;stdlib.h&gt; Computer Programming: Skills

Argument Example #include &lt;stdio.h&gt; #include &lt;stdlib.h&gt; Computer Programming: Skills &amp; Concepts (CP) Giving Arguments to Programs; int main(int argc, char *argv[]) { What is there still to C? int i; printf(&quot;There are %d

383 views • 4 slides
Digital Social Innovation INCLUDE INTERDISCIPLINARY NETWORK OF SPECIAL &amp; INTERCULTURAL

Digital Social Innovation INCLUDE INTERDISCIPLINARY NETWORK OF SPECIAL &amp; INTERCULTURAL

Digital Social Innovation INCLUDE INTERDISCIPLINARY NETWORK OF SPECIAL &amp; INTERCULTURAL EDUCATION About INCLUDE is a Scientific Association. Year of foundation: 2011 INCLUDE is working towards an INCLUSIVE COMMUNITY. Investigates,

399 views • 25 slides
String and Character Manipulation http://cs.mst.edu C-style Strings (ntcas) char name[10] =

String and Character Manipulation http://cs.mst.edu C-style Strings (ntcas) char name[10] =

String and Character Manipulation http://cs.mst.edu C-style Strings (ntcas) char name[10] = Clayton; C++ Standard Library Strings (a.k.a. Standard String Class) #include &lt;string&gt; using std::string; ... string name =

852 views • 58 slides
Java Applications FYI FYI for now for now Java Applications Always include a class

Java Applications FYI FYI for now for now Java Applications Always include a class

Java Applications FYI FYI for now for now Java Applications Always include a class with a main method e.g., public static void main(String args[]){ } Huh? public can be invoked from another package static same for all

206 views • 16 slides
Topics in String Phenomenology Angel Uranga Abstract Notes taken by Cristina Timirgaziu of

Topics in String Phenomenology Angel Uranga Abstract Notes taken by Cristina Timirgaziu of

Topics in String Phenomenology Angel Uranga Abstract Notes taken by Cristina Timirgaziu of lectures by Angel Uranga in June 2009 at the Galileo Galilei Institute School New Perspectives in String Theory. Topics include in- tersecting

740 views • 15 slides
C LANGUAGE INTRODUCTION, PART 2 (INPUT VIA SCANF, WHILE LOOPS) POINTERS, PART 1 CSSE 120

C LANGUAGE INTRODUCTION, PART 2 (INPUT VIA SCANF, WHILE LOOPS) POINTERS, PART 1 CSSE 120

C LANGUAGE INTRODUCTION, PART 2 (INPUT VIA SCANF, WHILE LOOPS) POINTERS, PART 1 CSSE 120 Rose Hulman Institute of Technology Some ways in which C #include &lt;stdio.h&gt; differs from Python: #include &lt;stdlib.h&gt; #include

280 views • 17 slides
Michel Steuwer http://homepages.inf.ed.ac.uk/msteuwer/ S KEL CL:

Michel Steuwer http://homepages.inf.ed.ac.uk/msteuwer/ S KEL CL:

Michel Steuwer http://homepages.inf.ed.ac.uk/msteuwer/ S KEL CL: Algorithmic Skeletons for GPUs X a i b i = reduce (+) 0 (zip ( ) A B) i #include &lt;SkelCL/SkelCL.h&gt; #include &lt;SkelCL/Zip.h&gt; #include

437 views • 22 slides
Na.ve POSIX Threading Library (NPTL) Don Porter 1 CSE 506: Opera.ng Systems Logical Diagram

Na.ve POSIX Threading Library (NPTL) Don Porter 1 CSE 506: Opera.ng Systems Logical Diagram

CSE 506: Opera.ng Systems Na.ve POSIX Threading Library (NPTL) Don Porter 1 CSE 506: Opera.ng Systems Logical Diagram Binary Memory Threads Formats Allocators User Todays Lecture Kernel System Calls Scheduling threads RCU File

318 views • 31 slides
Approximating the covariance matrix with heavy tailed columns and RIP. Alexander Litvak

Approximating the covariance matrix with heavy tailed columns and RIP. Alexander Litvak

Approximating the covariance matrix with heavy tailed columns and RIP. Alexander Litvak University of Alberta based on a joint work with O. Gudon, A. Pajor and N. Tomczak-Jaegermann (the paper On the interval ... available at:

853 views • 71 slides
Bounds on Sparse Recovery with Additional Structures Abbas Kazemipour University of Maryland.

Bounds on Sparse Recovery with Additional Structures Abbas Kazemipour University of Maryland.

Bounds on Sparse Recovery with Additional Structures Abbas Kazemipour University of Maryland. College Park kaazemi@umd.edu March 23, 2015 Abbas Kazemipour (UMD) Sparse Recovery with Side Info. March 23, 2015 1 / 19 Overview 1 Restricted

599 views • 42 slides
Deep Compressed Sensing Yan Wu, Mihaela Rosca, Tim Lillicrap Compressed Sensing A Brief Review

Deep Compressed Sensing Yan Wu, Mihaela Rosca, Tim Lillicrap Compressed Sensing A Brief Review

Deep Compressed Sensing Yan Wu, Mihaela Rosca, Tim Lillicrap Compressed Sensing A Brief Review An underdetermined problem: random projection signal, e.g, vectorised image measurements M x y Reconstruction of x is possible when the signal

345 views • 6 slides
Control flow (1) Condition codes Conditional and unconditional jumps Loops Conditional moves

Control flow (1) Condition codes Conditional and unconditional jumps Loops Conditional moves

Control flow (1) Condition codes Conditional and unconditional jumps Loops Conditional moves Switch statements 1 Conditionals and Control Flow Two key pieces 1. Comparisons and tests: check conditions 2. Transfer control: choose next

482 views • 37 slides
Processes pid = 1000 pid = 1001 stack stack heap heap data/globals data/globals code code

Processes pid = 1000 pid = 1001 stack stack heap heap data/globals data/globals code code

Processes pid = 1000 pid = 1001 stack stack heap heap data/globals data/globals code code file descriptor table: file descriptor table: 1 2 3 1 2 3 saved registers: saved registers: %rax %rbx %rcx %rax %rbx %rcx

715 views • 7 slides
Analyzing the Traits and Anomalies of Political Discussions on Reddit Anna Guimar aes, Oana

Analyzing the Traits and Anomalies of Political Discussions on Reddit Anna Guimar aes, Oana

Analyzing the Traits and Anomalies of Political Discussions on Reddit Anna Guimar aes, Oana Balalau, Erisa Terolli, Gerhard Weikum Max Planck Institute for Informatics June 14, 2019 Posted by u/NovelGrass 47.9k New Filipino law requires

848 views • 25 slides
Adding 32-bit Mode to the ACL2 Model of the x86 ISA Alessandro Coglio Shilpi Goel Kestrel

Adding 32-bit Mode to the ACL2 Model of the x86 ISA Alessandro Coglio Shilpi Goel Kestrel

Adding 32-bit Mode to the ACL2 Model of the x86 ISA Alessandro Coglio Shilpi Goel Kestrel Centaur Technology Technology Workshop 2018 x86 Modes of Operation larger addresses and operands, memory management, simplified memory management

437 views • 25 slides

More recommend