Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-06-18 03:49:16 -04:00
Code Issues Projects Releases Packages Wiki Activity

disclaimer

Browse source
This commit is contained in:
Mari Wahl 2015-02-12 18:42:26 -08:00
parent ab05e249d4
commit 4863f37c43
1 changed files with 9 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

13
Memory_Exploits/README.md
View file

@ -5,7 +5,7 @@
* Unbounded data copying is bad. * Unbounded data copying is bad.
* Lots of APIs: * Lots of APIs:
- strcpy() - strcpy()
- strcat() - strcat()
- sprintf() - sprintf()
@ -151,10 +151,10 @@ return 1;
} }
``` ```
### Integer Overflow Exploitation ### Integer Overflow Exploitation
* In the code below, buf is intend to have enough space +1 to store a NULL byte for a string. * In the code below, buf is intend to have enough space +1 to store a NULL byte for a string.
* If the network data supplied is 0xFFFFFFF (max 32 bit value), when 1 is added, it will wrap to 0. This means that the length passed to malloc is zero bytes. * If the network data supplied is 0xFFFFFFF (max 32 bit value), when 1 is added, it will wrap to 0. This means that the length passed to malloc is zero bytes.
* malloc() will return an under-sized buffer that allows memory corruption in read(). * malloc() will return an under-sized buffer that allows memory corruption in read().
``` ```
@ -227,3 +227,8 @@ void extractUserZip(char *userFile)
### C-codes ### C-codes
- Get env variable - Get env variable
----
## Disclaimer
Some of these scripts are older and some of them are not mine. If you see code you recognize here please let me know in a Issue so I can assign proper credit.