What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.

2012-09-19

Hack This Site! - Extbasic 1

Description:

Over and Over?

Level 1

You have to give input to a C program which gives you the length of the string. How would you crash it?
here is the function:

void blah(char *str)
 {
         char lol[200];
         strcpy(lol, str);
 }
 
 ___________________
|___________________|check

Solution:
  1. This program utilizes the strcpy function call. And since the limited length of the character string is 200, we could input a string with length greater than 200 to crash the C program.
  2. Input '111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111' and check.
  3. It's done!
Posted by at Labels: , , ,