Null pointer dereference :FF
0day ? DOS ?
Music ?
http://www.youtube.com/watch?v=pfOvDJNt2uA
Yeaaah :D
ENTER
DEMO :FFFFFF
int* x; // Allocate the pointers x and y
int* y; // (but not the pointees)
x = malloc(sizeof(int)); // ...
int *ptr, a = 12
ptr = &a; /* ptr buffer a variable shows
ptr = NULL; /* ptr set NULL */
*ptr = 8 /* crash! NULL pointer!!...
NULL Pointer Dereference
vulnerablity :S
size_t size = strlen(input_str)+1;
str = (char *)malloc(size);
input_str is copie...
/home/te~wnyou.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(char *argc,char *argv[])
{
char *str;...
Reversing ?
EAX: 0x0
EBX: 0xb7fbe000 --> 0x1a5d7c
ECX: 0x0
EDX: 0xbffff204 --> 0xb7fbe000 --> 0x1a5d7c
ESi: 0x0
EDi: 0x0 <...
Referecens
http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=null+pointer+d
=
https://www.s...
End
@st1ll_di3
#eminghuliev
Upcoming SlideShare
Loading in …5
×

eminghuliev #nullpd

602 views

Published on

Published in: Technology, Design
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
602
On SlideShare
0
From Embeds
0
Number of Embeds
301
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

eminghuliev #nullpd

  1. 1. Null pointer dereference :FF 0day ? DOS ? Music ? http://www.youtube.com/watch?v=pfOvDJNt2uA Yeaaah :D
  2. 2. ENTER DEMO :FFFFFF int* x; // Allocate the pointers x and y int* y; // (but not the pointees) x = malloc(sizeof(int)); // Allocate an int pointee, // and set x to point to it *x = 42; // Dereference x to store 42 in its pointer *y = 13; // CRASH -- y does not have a pointer yet
  3. 3. int *ptr, a = 12 ptr = &a; /* ptr buffer a variable shows ptr = NULL; /* ptr set NULL */ *ptr = 8 /* crash! NULL pointer!!! value can not be determined*/ Sizede bi eğrilik görsendimi amk ?
  4. 4. NULL Pointer Dereference vulnerablity :S size_t size = strlen(input_str)+1; str = (char *)malloc(size); input_str is copied into dynamically allocated memory referenced by str memcpy(str, input_str, size); If malloc() fails, it returns a null pointer that is assigned to str When str is dereferenced in memcpy()
  5. 5. /home/te~wnyou.c #include <stdio.h> #include <stdlib.h> #include <string.h> int main(char *argc,char *argv[]) { char *str; char *input_string=argv[1]; size_t size = strlen(input_string)+1; str = (char *) malloc(size); memcpy(str, input_string,size); printf("%sn",str); free(str); ... return(0); } Insecure Codes ?
  6. 6. Reversing ? EAX: 0x0 EBX: 0xb7fbe000 --> 0x1a5d7c ECX: 0x0 EDX: 0xbffff204 --> 0xb7fbe000 --> 0x1a5d7c ESi: 0x0 EDi: 0x0 <======= EBP: 0xbffff1d8 --> 0x0 ESP: 0xbffff1a4 --> 0x0 EiP: 0xb7e9c756 (movdqu xmm1,XMMWORD PTR [edi]) =================== ======> 0xb7e9c756: movdqu xmm1,XMMWORD PTR [edi] CRASH !!!!!!!!!!!!!!!!!!! Reversing ?Reversing ?Reversing ?
  7. 7. Referecens http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=null+pointer+d = https://www.securecoding.cert.org/confluence/display/seccode/EXP34-C.+Do+not+dereference+n https://www.securecoding.cert.org/confluence/display/seccode/MEM32-C.+Detect+and+handle+m http://xinyiding.net/index.php?interface=view&id=17 http://lwn.net/Articles/342330/ http://psomas.wordpress.com/tag/null-pointer-dereference/
  8. 8. End @st1ll_di3 #eminghuliev

×