so i had an assignment requiring me to 'break' a piece of vulnerable code. snippet:
int main(int argc, char **argv)
{
/*...*/
while(i < argc-1)
{
switch(argv[i][0]-48)
{
case 1:
SmashHeap(argc,argv);
break;
/*...*/
case 8:
PrintfVulnerability(argv[++i]);
break;
default:
printf("%s is not recognized by this program",argv[i++]);
/*...*/
}
i++;
}
return (1);
}
void PrintfVulnerability(char *F)
{
printf(F);
}
in the end, i found it was so amazingly simple that im afraid i might get a poor grade... my solution:
- copypasta an executable into the home directory... i used freecell.exe
- $ ./VulnerableCode 8 [backtick]freecell.exe[backtick]
poof!! im playing freecell. why did this work???