Using 'crash' file to exploit BoF

[caballomaldito]

Assuming an application that performs reading of files as example, how could it be analyzed with Zerotool using the 'crash' file to exploit the buffer overflow?

Example: filereadapp /dir/mycrashfileBoF.png

Thanks!

[ChrisTheCoolHut]

You'll need to modify three files:

inputDetector.py

You'll need to add a detection strategy for identifying file open operations. Checking for "open" or "fopen" will probably cover most CTF problems.

overflowDetector.py

In the checkOverflow function, you will need to add a condition to check for each open file descriptor somewhere on line 57

if state_copy.globals['inputType'] == "FILE":

Your check will likely look something like:

for fd in len(state.posix.files):
    if 'AAAA' in state.posix.dumps(fd):
        #Copy STIDN/LIBPWNABLE detection logic

And you'll do pretty much the same in

overflowExploiter.py

If you send the challenge I'd be happy to add these changes.

[caballomaldito]

Hi!

Here you have a simple parser of files with a buffer overflow vulnerability

create a fille called file.c with the following contents:

#include #include

using namespace std;

//int main() {

int main(int argc, char* argv[]) { if (argc > 1) { cout << "argv[1] = " << argv[1] << endl; } else { cout << "No file name entered. Exiting..."; return -1; } ifstream myReadFile; myReadFile.open(argv[1]); char output[10]; if (myReadFile.is_open()) { while (!myReadFile.eof()) {

myReadFile >> output;
cout<<output;

} } myReadFile.close(); return 0; }

You can compile with the following commands:

g++ file.c -o file

Now, create a file called "myfile.txt" with more than 10 chars

petar@ubuntu:~/Desktop$ cat myfile.txt AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

To exploit:

./file myfile.txt