SlideShare a Scribd company logo

The problem is that I have to jump to the administrative function u.pdf

F
fazalenterprises

The problem is that I have to jump to the administrative function using buffer overflow but it is disabled in the code. I have to figure out how to bypass #undef ADMINISTRATIVE and get inside the function somehow. #include #include #include // define to allow administrative access, undef to restrict #undef ADMINISTRATIVE //#define ADMINISTRATIVE // function prototypes for \"main.c\" functions int main (int argc, char *argv[]); void list(void); void add(void); void quit(void); void delete(void); void deleteall(void); void normal(char *user); void administrative(char *nothing); void debug(char *nothing); void rot13(char *user, char *rot13pwd); typedef void (*menufunctype)(char *); typedef void (*userfunctype)(void); typedef void (*adminfunctype)(void); // jump table for non-administrative functions userfunctype userfunc[3] = {add, list, quit}; // jump table for administrative functions adminfunctype adminfunc[5] = {delete, deleteall, add, list, quit}; int main (int argc, char *argv[]) { menufunctype menufunc[3]={debug, administrative, normal}; char rot13pwd[20]; char user[20]; char pwd[20]; printf(\"Enter authorization code: \"); fflush(stdout); gets(pwd); printf(\"Enter username or \\\"admin\\\" for admin functions: \"); fflush(stdout); gets(user); // authenticate user rot13(user, rot13pwd); if (strcmp(pwd, rot13pwd)) { puts(\"Authentication FAILED. Access denied.\ \"); exit(1); } // passed authentication, now display debug, normal or // administrative menu. If administrative access is prohibited by // compile-time \"ADMINISTRATIVE\" symbol, then don\'t allow admin // under any circumstances. if (! strncmp(\"debug\", user, 5)) { (*menufunc[0])(user); } else if (! strncmp(\"admin\", user, 5)) { #if defined(ADMINISTRATIVE) (*menufunc[1])(0); #else puts(\"NO ADMINSTRATIVE ACCESS AVAILABLE--SEE YOUR SYSTEMS ADMINISTRATOR.\"); #endif } else { (*menufunc[2])(user); } } // menu for users with non-administrative access void normal(char *user) { char buf[40]; char normalaccessfile[20]=\".normal_access\"; char choice[2]; int ch; // audit trail sprintf(buf, \"echo %s >> %s\", user, normalaccessfile); system(buf); while (1) { puts(\"\ ##### MENU ######\ \"); puts(\"[0] Add a record\"); puts(\"[1] List all records\"); puts(\"[2] Exit\ \"); printf(\"Choice: \"); fflush(stdout); gets(choice); // audit trail sprintf(buf, \"echo %c >> %s\", choice[0], normalaccessfile); system(buf); ch = atoi(choice); if (ch < 0 || ch > 2) { puts(\"Invalid choice.\ \"); } else { (*userfunc[ch])(); } } } // menu for administrators void administrative(char *nothing) { char buf[80]; char administrativeaccessfile[80]=\".admin_access\"; char choice[2]; int ch; while (1) { puts(\"\ ----- RESTRICTED ADMIN MENU -----\ \"); puts(\"[0] Delete a record\"); puts(\"[1] Delete all records\"); puts(\"[2] Add a record\"); puts(\"[3] List all records\"); puts(\"[4] Exit\ \"); printf(\"Choice: \"); fflush(stdout); gets(choice); // audit trail sprintf(buf, \"echo %c >> %s\", choice[0], administr.

Education
1 of 2
Download to read offline
The problem is that I have to jump to the administrative function using buffer overflow but it is disabled in the code. I have to figure out how to bypass #undef ADMINISTRATIVE and get inside the function somehow. #include #include #include // define to allow administrative access, undef to restrict #undef ADMINISTRATIVE //#define ADMINISTRATIVE // function prototypes for "main.c" functions int main (int argc, char *argv[]); void list(void); void add(void); void quit(void); void delete(void); void deleteall(void); void normal(char *user); void administrative(char *nothing); void debug(char *nothing); void rot13(char *user, char *rot13pwd); typedef void (*menufunctype)(char *); typedef void (*userfunctype)(void); typedef void (*adminfunctype)(void); // jump table for non-administrative functions userfunctype userfunc[3] = {add, list, quit}; // jump table for administrative functions adminfunctype adminfunc[5] = {delete, deleteall, add, list, quit}; int main (int argc, char *argv[]) { menufunctype menufunc[3]={debug, administrative, normal}; char rot13pwd[20]; char user[20]; char pwd[20]; printf("Enter authorization code: "); fflush(stdout); gets(pwd); printf("Enter username or "admin" for admin functions: "); fflush(stdout); gets(user); // authenticate user rot13(user, rot13pwd); if (strcmp(pwd, rot13pwd)) { puts("Authentication FAILED. Access denied. "); exit(1); } // passed authentication, now display debug, normal or // administrative menu. If administrative access is prohibited by // compile-time "ADMINISTRATIVE" symbol, then don't allow admin // under any circumstances. if (! strncmp("debug", user, 5)) { (*menufunc[0])(user); } else if (! strncmp("admin", user, 5)) { #if defined(ADMINISTRATIVE) (*menufunc[1])(0); #else puts("NO ADMINSTRATIVE ACCESS AVAILABLE--SEE YOUR SYSTEMS ADMINISTRATOR."); #endif } else { (*menufunc[2])(user); } } // menu for users with non-administrative access void normal(char *user) { char buf[40]; char normalaccessfile[20]=".normal_access"; char choice[2]; int ch; // audit trail sprintf(buf, "echo %s >> %s", user, normalaccessfile); system(buf); while (1) { puts(" ##### MENU ###### "); puts("[0] Add a record"); puts("[1] List all records"); puts("[2] Exit "); printf("Choice: "); fflush(stdout); gets(choice); // audit trail sprintf(buf, "echo %c >> %s", choice[0], normalaccessfile); system(buf); ch = atoi(choice); if (ch < 0 || ch > 2) { puts("Invalid choice. "); } else { (*userfunc[ch])(); } } } // menu for administrators void administrative(char *nothing) { char buf[80]; char administrativeaccessfile[80]=".admin_access"; char choice[2]; int ch; while (1) { puts(" ----- RESTRICTED ADMIN MENU ----- "); puts("[0] Delete a record"); puts("[1] Delete all records"); puts("[2] Add a record"); puts("[3] List all records"); puts("[4] Exit "); printf("Choice: "); fflush(stdout); gets(choice); // audit trail sprintf(buf, "echo %c >> %s", choice[0], administrativeaccessfile); system(buf); ch = atoi(choice);
if (ch < 0 || ch > 4) { puts("Invalid choice. "); } else { (*adminfunc[ch])(); } } } // menu for debug account void debug(char *nothing) { // implement debug menu later... // Marjorie: CHANGE THIS BEFORE RELEASE: MAJOR SECURITY HOLE! system(nothing); } // USER FUNCTIONS // list all records void list() { puts("*** LIST ***"); } // add a record void add() { puts("*** ADD ***"); } // ADMINISTRATIVE FUNCTIONS // delete a record void delete() { puts("*** ADMIN: DELETE ***"); } // delete all record void deleteall() { puts("*** ADMIN: DELETE ALL ***"); } // UNRESTRICTED // quit void quit() { puts("*** BYE ***"); exit(1); } // ROT13 calculation void rot13(char *user, char *rot13pwd) { int i; char cap; for (i=0; i < 20; i++) { rot13pwd[i] = user[i]; cap = rot13pwd[i] & 32; rot13pwd[i] &= ~cap; rot13pwd[i] = ((rot13pwd[i] >= 'A') && (rot13pwd[i] <= 'Z') ? ((rot13pwd[i] - 'A' + 13) % 26 + 'A') : rot13pwd[i]) | cap; } rot13pwd[20]=0; } Solution Steps you need to follow: Try to use more than one fun to get data when u use the same same gets fun() its unimportant to overwrite the user defined array. You should put a break point inside the menu gdb should be used to print the administrative function Current stack frame has user buffer and the array called menufunc() but you didnt print these using gdb, so print these address using gdb. Correct user name should be given to the opt address Eg: address of administrative fun is fun[4] Calculation of consecutive positions , So we comes to know how much we should pass data at the end of the array of fuc[4].

Recommended

operating system ubuntu,linux,MacProgram will work only if you g.pdf
operating system ubuntu,linux,MacProgram will work only if you g.pdfoperating system ubuntu,linux,MacProgram will work only if you g.pdf
operating system ubuntu,linux,MacProgram will work only if you g.pdf
aptcomputerzone
 
Quiz using C++
Quiz using C++Quiz using C++
Quiz using C++
Sushil Mishra
 
operating system Linux,ubuntu,Mac#include stdio.h #include .pdf
operating system Linux,ubuntu,Mac#include stdio.h #include .pdfoperating system Linux,ubuntu,Mac#include stdio.h #include .pdf
operating system Linux,ubuntu,Mac#include stdio.h #include .pdf
aquazac
 
Add an interactive command line to your C++ application
Add an interactive command line to your C++ applicationAdd an interactive command line to your C++ application
Add an interactive command line to your C++ application
Daniele Pallastrelli
 
Qprgs
QprgsQprgs
Qprgs
Ssankett Negi
 
Writing MySQL UDFs
Writing MySQL UDFsWriting MySQL UDFs
Writing MySQL UDFs
Roland Bouman
 
VTU DSA Lab Manual
VTU DSA Lab ManualVTU DSA Lab Manual
VTU DSA Lab Manual
AkhilaaReddy
 
System programs in C language.
System programs in C language.System programs in C language.
System programs in C language.
Sudhakar Srivastava
 

Recommended

operating system ubuntu,linux,MacProgram will work only if you g.pdf
operating system ubuntu,linux,MacProgram will work only if you g.pdfoperating system ubuntu,linux,MacProgram will work only if you g.pdf
operating system ubuntu,linux,MacProgram will work only if you g.pdf
aptcomputerzone
 
Quiz using C++
Quiz using C++Quiz using C++
Quiz using C++
Sushil Mishra
 
operating system Linux,ubuntu,Mac#include stdio.h #include .pdf
operating system Linux,ubuntu,Mac#include stdio.h #include .pdfoperating system Linux,ubuntu,Mac#include stdio.h #include .pdf
operating system Linux,ubuntu,Mac#include stdio.h #include .pdf
aquazac
 
Add an interactive command line to your C++ application
Add an interactive command line to your C++ applicationAdd an interactive command line to your C++ application
Add an interactive command line to your C++ application
Daniele Pallastrelli
 
Qprgs
QprgsQprgs
Qprgs
Ssankett Negi
 
Writing MySQL UDFs
Writing MySQL UDFsWriting MySQL UDFs
Writing MySQL UDFs
Roland Bouman
 
VTU DSA Lab Manual
VTU DSA Lab ManualVTU DSA Lab Manual
VTU DSA Lab Manual
AkhilaaReddy
 
System programs in C language.
System programs in C language.System programs in C language.
System programs in C language.
Sudhakar Srivastava
 
Here is the code- I can't get it to work- I need a function that finds.pdf
Here is the code- I can't get it to work- I need a function that finds.pdfHere is the code- I can't get it to work- I need a function that finds.pdf
Here is the code- I can't get it to work- I need a function that finds.pdf
doshirajesh75
 
Assignment no39
Assignment no39Assignment no39
Assignment no39
Jay Patel
 
in this assignment you are asked to write a simple driver program an.pdf
in this assignment you are asked to write a simple driver program an.pdfin this assignment you are asked to write a simple driver program an.pdf
in this assignment you are asked to write a simple driver program an.pdf
michardsonkhaicarr37
 
-- This is the shell-c Test- --shell -test sub #include -ctype-h- -- C.pdf
-- This is the shell-c Test- --shell -test sub #include -ctype-h- -- C.pdf-- This is the shell-c Test- --shell -test sub #include -ctype-h- -- C.pdf
-- This is the shell-c Test- --shell -test sub #include -ctype-h- -- C.pdf
AdrianEBJKingr
 
Project fast food automaton
Project fast food automatonProject fast food automaton
Project fast food automaton
varun arora
 
M.TECH 1ST SEM COMPUTER SCIENCE AOS LAB PRGMS 2014
M.TECH 1ST SEM COMPUTER SCIENCE AOS LAB PRGMS 2014M.TECH 1ST SEM COMPUTER SCIENCE AOS LAB PRGMS 2014
M.TECH 1ST SEM COMPUTER SCIENCE AOS LAB PRGMS 2014
Supriya Radhakrishna
 
include ltiostreamgt include ltstringgt include .pdf
include ltiostreamgt include ltstringgt include .pdfinclude ltiostreamgt include ltstringgt include .pdf
include ltiostreamgt include ltstringgt include .pdf
contact32
 
systems programming lab programs in c
systems programming lab programs in csystems programming lab programs in c
systems programming lab programs in c
Meghna Roy
 
C program
C programC program
C program
Komal Singh
 
Zabbix LLD from a C Module by Jan-Piet Mens
Zabbix LLD from a C Module by Jan-Piet MensZabbix LLD from a C Module by Jan-Piet Mens
Zabbix LLD from a C Module by Jan-Piet Mens
NETWAYS
 
Write the definition of the linkedListKeepLast function- (Please write.docx
Write the definition of the linkedListKeepLast function- (Please write.docxWrite the definition of the linkedListKeepLast function- (Please write.docx
Write the definition of the linkedListKeepLast function- (Please write.docx
delicecogupdyke
 
20191116 custom operators in swift
20191116 custom operators in swift20191116 custom operators in swift
20191116 custom operators in swift
Chiwon Song
 
Rust LDN 24 7 19 Oxidising the Command Line
Rust LDN 24 7 19 Oxidising the Command LineRust LDN 24 7 19 Oxidising the Command Line
Rust LDN 24 7 19 Oxidising the Command Line
Matt Provost
 
week-16x
week-16xweek-16x
week-16x
KITE www.kitecolleges.com
 
Pratik Bakane C++
Pratik Bakane C++Pratik Bakane C++
Pratik Bakane C++
pratikbakane
 
Swift - the future of iOS app development
Swift - the future of iOS app developmentSwift - the future of iOS app development
Swift - the future of iOS app development
openak
 
PIC and LCD
PIC and LCDPIC and LCD
PIC and LCD
hairilfaiz86
 
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
fisher.w.y
 
Mca 2nd sem u-4 operator overloading
Mca 2nd sem u-4 operator overloadingMca 2nd sem u-4 operator overloading
Mca 2nd sem u-4 operator overloading
Rai University
 
Bca 2nd sem u-4 operator overloading
Bca 2nd sem u-4 operator overloadingBca 2nd sem u-4 operator overloading
Bca 2nd sem u-4 operator overloading
Rai University
 
Brett Donovan was the manager at Waltons Diner. He planned to promo.pdf
Brett Donovan was the manager at Waltons Diner. He planned to promo.pdfBrett Donovan was the manager at Waltons Diner. He planned to promo.pdf
Brett Donovan was the manager at Waltons Diner. He planned to promo.pdf
fazalenterprises
 
Being larger than the right ventricle, the left ventricle pumps more .pdf
Being larger than the right ventricle, the left ventricle pumps more .pdfBeing larger than the right ventricle, the left ventricle pumps more .pdf
Being larger than the right ventricle, the left ventricle pumps more .pdf
fazalenterprises
 

More Related Content

Similar to The problem is that I have to jump to the administrative function u.pdf

Here is the code- I can't get it to work- I need a function that finds.pdf
Here is the code- I can't get it to work- I need a function that finds.pdfHere is the code- I can't get it to work- I need a function that finds.pdf
Here is the code- I can't get it to work- I need a function that finds.pdf
doshirajesh75
 
Assignment no39
Assignment no39Assignment no39
Assignment no39
Jay Patel
 
in this assignment you are asked to write a simple driver program an.pdf
in this assignment you are asked to write a simple driver program an.pdfin this assignment you are asked to write a simple driver program an.pdf
in this assignment you are asked to write a simple driver program an.pdf
michardsonkhaicarr37
 
-- This is the shell-c Test- --shell -test sub #include -ctype-h- -- C.pdf
-- This is the shell-c Test- --shell -test sub #include -ctype-h- -- C.pdf-- This is the shell-c Test- --shell -test sub #include -ctype-h- -- C.pdf
-- This is the shell-c Test- --shell -test sub #include -ctype-h- -- C.pdf
AdrianEBJKingr
 
include ltiostreamgt include ltstringgt include .pdf
include ltiostreamgt include ltstringgt include .pdfinclude ltiostreamgt include ltstringgt include .pdf
include ltiostreamgt include ltstringgt include .pdf
contact32
 
systems programming lab programs in c
systems programming lab programs in csystems programming lab programs in c
systems programming lab programs in c
Meghna Roy
 
Zabbix LLD from a C Module by Jan-Piet Mens
Zabbix LLD from a C Module by Jan-Piet MensZabbix LLD from a C Module by Jan-Piet Mens
Zabbix LLD from a C Module by Jan-Piet Mens
NETWAYS
 
Write the definition of the linkedListKeepLast function- (Please write.docx
Write the definition of the linkedListKeepLast function- (Please write.docxWrite the definition of the linkedListKeepLast function- (Please write.docx
Write the definition of the linkedListKeepLast function- (Please write.docx
delicecogupdyke
 
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
fisher.w.y
 

Similar to The problem is that I have to jump to the administrative function u.pdf (20)

Here is the code- I can't get it to work- I need a function that finds.pdf
Here is the code- I can't get it to work- I need a function that finds.pdfHere is the code- I can't get it to work- I need a function that finds.pdf
Here is the code- I can't get it to work- I need a function that finds.pdf
 
Assignment no39
Assignment no39Assignment no39
Assignment no39
 
in this assignment you are asked to write a simple driver program an.pdf
in this assignment you are asked to write a simple driver program an.pdfin this assignment you are asked to write a simple driver program an.pdf
in this assignment you are asked to write a simple driver program an.pdf
 
-- This is the shell-c Test- --shell -test sub #include -ctype-h- -- C.pdf
-- This is the shell-c Test- --shell -test sub #include -ctype-h- -- C.pdf-- This is the shell-c Test- --shell -test sub #include -ctype-h- -- C.pdf
-- This is the shell-c Test- --shell -test sub #include -ctype-h- -- C.pdf
 
Project fast food automaton
Project fast food automatonProject fast food automaton
Project fast food automaton
 
M.TECH 1ST SEM COMPUTER SCIENCE AOS LAB PRGMS 2014
M.TECH 1ST SEM COMPUTER SCIENCE AOS LAB PRGMS 2014M.TECH 1ST SEM COMPUTER SCIENCE AOS LAB PRGMS 2014
M.TECH 1ST SEM COMPUTER SCIENCE AOS LAB PRGMS 2014
 
include ltiostreamgt include ltstringgt include .pdf
include ltiostreamgt include ltstringgt include .pdfinclude ltiostreamgt include ltstringgt include .pdf
include ltiostreamgt include ltstringgt include .pdf
 
systems programming lab programs in c
systems programming lab programs in csystems programming lab programs in c
systems programming lab programs in c
 
C program
C programC program
C program
 
Zabbix LLD from a C Module by Jan-Piet Mens
Zabbix LLD from a C Module by Jan-Piet MensZabbix LLD from a C Module by Jan-Piet Mens
Zabbix LLD from a C Module by Jan-Piet Mens
 
Write the definition of the linkedListKeepLast function- (Please write.docx
Write the definition of the linkedListKeepLast function- (Please write.docxWrite the definition of the linkedListKeepLast function- (Please write.docx
Write the definition of the linkedListKeepLast function- (Please write.docx
 
20191116 custom operators in swift
20191116 custom operators in swift20191116 custom operators in swift
20191116 custom operators in swift
 
Rust LDN 24 7 19 Oxidising the Command Line
Rust LDN 24 7 19 Oxidising the Command LineRust LDN 24 7 19 Oxidising the Command Line
Rust LDN 24 7 19 Oxidising the Command Line
 
week-16x
week-16xweek-16x
week-16x
 
Pratik Bakane C++
Pratik Bakane C++Pratik Bakane C++
Pratik Bakane C++
 
Swift - the future of iOS app development
Swift - the future of iOS app developmentSwift - the future of iOS app development
Swift - the future of iOS app development
 
PIC and LCD
PIC and LCDPIC and LCD
PIC and LCD
 
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
 
Mca 2nd sem u-4 operator overloading
Mca 2nd sem u-4 operator overloadingMca 2nd sem u-4 operator overloading
Mca 2nd sem u-4 operator overloading
 
Bca 2nd sem u-4 operator overloading
Bca 2nd sem u-4 operator overloadingBca 2nd sem u-4 operator overloading
Bca 2nd sem u-4 operator overloading
 

More from fazalenterprises

Brett Donovan was the manager at Waltons Diner. He planned to promo.pdf
Brett Donovan was the manager at Waltons Diner. He planned to promo.pdfBrett Donovan was the manager at Waltons Diner. He planned to promo.pdf
Brett Donovan was the manager at Waltons Diner. He planned to promo.pdf
fazalenterprises
 
C# using Visual studio - Windows Form. If possible step-by-step inst.pdf
C# using Visual studio - Windows Form. If possible step-by-step inst.pdfC# using Visual studio - Windows Form. If possible step-by-step inst.pdf
C# using Visual studio - Windows Form. If possible step-by-step inst.pdf
fazalenterprises
 
A number of philosophers held various versions of the view that lang.pdf
A number of philosophers held various versions of the view that lang.pdfA number of philosophers held various versions of the view that lang.pdf
A number of philosophers held various versions of the view that lang.pdf
fazalenterprises
 
Why phelogyny has to be this way not other way aroundExaplain bas.pdf
Why phelogyny has to be this way not other way aroundExaplain bas.pdfWhy phelogyny has to be this way not other way aroundExaplain bas.pdf
Why phelogyny has to be this way not other way aroundExaplain bas.pdf
fazalenterprises
 
What is John Tukeys relationship to the S language and to the R la.pdf
What is John Tukeys relationship to the S language and to the R la.pdfWhat is John Tukeys relationship to the S language and to the R la.pdf
What is John Tukeys relationship to the S language and to the R la.pdf
fazalenterprises
 
What do health care professionals need to remember when caring for p.pdf
What do health care professionals need to remember when caring for p.pdfWhat do health care professionals need to remember when caring for p.pdf
What do health care professionals need to remember when caring for p.pdf
fazalenterprises
 
This is sociology. Content Assessments Communications Resources He.pdf
This is sociology. Content Assessments Communications Resources He.pdfThis is sociology. Content Assessments Communications Resources He.pdf
This is sociology. Content Assessments Communications Resources He.pdf
fazalenterprises
 
There is an area that has been classified, according to the IEC requ.pdf
There is an area that has been classified, according to the IEC requ.pdfThere is an area that has been classified, according to the IEC requ.pdf
There is an area that has been classified, according to the IEC requ.pdf
fazalenterprises
 
The FASB has developed specific guidelines for what to include in in.pdf
The FASB has developed specific guidelines for what to include in in.pdfThe FASB has developed specific guidelines for what to include in in.pdf
The FASB has developed specific guidelines for what to include in in.pdf
fazalenterprises
 
Read and reflect on the case study involving the CEO of Xerox on pag.pdf
Read and reflect on the case study involving the CEO of Xerox on pag.pdfRead and reflect on the case study involving the CEO of Xerox on pag.pdf
Read and reflect on the case study involving the CEO of Xerox on pag.pdf
fazalenterprises
 
MULTIPLE CHOICESSolution5. Correct Answer B) Self Servicing.pdf
MULTIPLE CHOICESSolution5. Correct Answer B) Self Servicing.pdfMULTIPLE CHOICESSolution5. Correct Answer B) Self Servicing.pdf
MULTIPLE CHOICESSolution5. Correct Answer B) Self Servicing.pdf
fazalenterprises
 

More from fazalenterprises (20)

Brett Donovan was the manager at Waltons Diner. He planned to promo.pdf
Brett Donovan was the manager at Waltons Diner. He planned to promo.pdfBrett Donovan was the manager at Waltons Diner. He planned to promo.pdf
Brett Donovan was the manager at Waltons Diner. He planned to promo.pdf
 
Being larger than the right ventricle, the left ventricle pumps more .pdf
Being larger than the right ventricle, the left ventricle pumps more .pdfBeing larger than the right ventricle, the left ventricle pumps more .pdf
Being larger than the right ventricle, the left ventricle pumps more .pdf
 
C# using Visual studio - Windows Form. If possible step-by-step inst.pdf
C# using Visual studio - Windows Form. If possible step-by-step inst.pdfC# using Visual studio - Windows Form. If possible step-by-step inst.pdf
C# using Visual studio - Windows Form. If possible step-by-step inst.pdf
 
A number of philosophers held various versions of the view that lang.pdf
A number of philosophers held various versions of the view that lang.pdfA number of philosophers held various versions of the view that lang.pdf
A number of philosophers held various versions of the view that lang.pdf
 
Why phelogyny has to be this way not other way aroundExaplain bas.pdf
Why phelogyny has to be this way not other way aroundExaplain bas.pdfWhy phelogyny has to be this way not other way aroundExaplain bas.pdf
Why phelogyny has to be this way not other way aroundExaplain bas.pdf
 
Which of the following are tertiary activities A. Lead mining.pdf
Which of the following are tertiary activities A. Lead mining.pdfWhich of the following are tertiary activities A. Lead mining.pdf
Which of the following are tertiary activities A. Lead mining.pdf
 
What is John Tukeys relationship to the S language and to the R la.pdf
What is John Tukeys relationship to the S language and to the R la.pdfWhat is John Tukeys relationship to the S language and to the R la.pdf
What is John Tukeys relationship to the S language and to the R la.pdf
 
What do health care professionals need to remember when caring for p.pdf
What do health care professionals need to remember when caring for p.pdfWhat do health care professionals need to remember when caring for p.pdf
What do health care professionals need to remember when caring for p.pdf
 
What is the difference between a neurogenic and myogenic heart Plea.pdf
What is the difference between a neurogenic and myogenic heart Plea.pdfWhat is the difference between a neurogenic and myogenic heart Plea.pdf
What is the difference between a neurogenic and myogenic heart Plea.pdf
 
This is sociology. Content Assessments Communications Resources He.pdf
This is sociology. Content Assessments Communications Resources He.pdfThis is sociology. Content Assessments Communications Resources He.pdf
This is sociology. Content Assessments Communications Resources He.pdf
 
There is an area that has been classified, according to the IEC requ.pdf
There is an area that has been classified, according to the IEC requ.pdfThere is an area that has been classified, according to the IEC requ.pdf
There is an area that has been classified, according to the IEC requ.pdf
 
The IRS has the right to revoke an installment agreement for any of .pdf
The IRS has the right to revoke an installment agreement for any of .pdfThe IRS has the right to revoke an installment agreement for any of .pdf
The IRS has the right to revoke an installment agreement for any of .pdf
 
The FASB has developed specific guidelines for what to include in in.pdf
The FASB has developed specific guidelines for what to include in in.pdfThe FASB has developed specific guidelines for what to include in in.pdf
The FASB has developed specific guidelines for what to include in in.pdf
 
A difference between bacterial and eukaryotic transcriptionMultipl.pdf
A difference between bacterial and eukaryotic transcriptionMultipl.pdfA difference between bacterial and eukaryotic transcriptionMultipl.pdf
A difference between bacterial and eukaryotic transcriptionMultipl.pdf
 
Ten independent observations were made of the time to load a pallet..pdf
Ten independent observations were made of the time to load a pallet..pdfTen independent observations were made of the time to load a pallet..pdf
Ten independent observations were made of the time to load a pallet..pdf
 
Read and reflect on the case study involving the CEO of Xerox on pag.pdf
Read and reflect on the case study involving the CEO of Xerox on pag.pdfRead and reflect on the case study involving the CEO of Xerox on pag.pdf
Read and reflect on the case study involving the CEO of Xerox on pag.pdf
 
QUESTION 2 The current account is the record of O a. foreign investme.pdf
QUESTION 2 The current account is the record of O a. foreign investme.pdfQUESTION 2 The current account is the record of O a. foreign investme.pdf
QUESTION 2 The current account is the record of O a. foreign investme.pdf
 
MULTIPLE CHOICESSolution5. Correct Answer B) Self Servicing.pdf
MULTIPLE CHOICESSolution5. Correct Answer B) Self Servicing.pdfMULTIPLE CHOICESSolution5. Correct Answer B) Self Servicing.pdf
MULTIPLE CHOICESSolution5. Correct Answer B) Self Servicing.pdf
 
Mendel’s law of dominance supports thatOne person dominates over .pdf
Mendel’s law of dominance supports thatOne person dominates over .pdfMendel’s law of dominance supports thatOne person dominates over .pdf
Mendel’s law of dominance supports thatOne person dominates over .pdf
 
Many of the more industrialized countries have sought to reform thei.pdf
Many of the more industrialized countries have sought to reform thei.pdfMany of the more industrialized countries have sought to reform thei.pdf
Many of the more industrialized countries have sought to reform thei.pdf
 

Recently uploaded

Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading RoomSternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sean M. Fox
 
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community PartnershipsSpring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
expandedwebsite
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project research
CaitlinCummins3
 
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
中 央社
 
SPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code ExamplesSPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code Examples
Peter Brusilovsky
 

Recently uploaded (20)

e-Sealing at EADTU by Kamakshi Rajagopal
e-Sealing at EADTU by Kamakshi Rajagopale-Sealing at EADTU by Kamakshi Rajagopal
e-Sealing at EADTU by Kamakshi Rajagopal
 
8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital Management8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital Management
 
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
 
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading RoomSternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
 
An Overview of the Odoo 17 Knowledge App
An Overview of the Odoo 17 Knowledge AppAn Overview of the Odoo 17 Knowledge App
An Overview of the Odoo 17 Knowledge App
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
 
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community PartnershipsSpring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
 
How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project research
 
demyelinated disorder: multiple sclerosis.pptx
demyelinated disorder: multiple sclerosis.pptxdemyelinated disorder: multiple sclerosis.pptx
demyelinated disorder: multiple sclerosis.pptx
 
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
 
Đề tieng anh thpt 2024 danh cho cac ban hoc sinh
Đề tieng anh thpt 2024 danh cho cac ban hoc sinhĐề tieng anh thpt 2024 danh cho cac ban hoc sinh
Đề tieng anh thpt 2024 danh cho cac ban hoc sinh
 
SPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code ExamplesSPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code Examples
 
UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024
 
Basic Civil Engineering notes on Transportation Engineering & Modes of Transport
Basic Civil Engineering notes on Transportation Engineering & Modes of TransportBasic Civil Engineering notes on Transportation Engineering & Modes of Transport
Basic Civil Engineering notes on Transportation Engineering & Modes of Transport
 
The Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFThe Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDF
 
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
 
male presentation...pdf.................
male presentation...pdf.................male presentation...pdf.................
male presentation...pdf.................
 
An overview of the various scriptures in Hinduism
An overview of the various scriptures in HinduismAn overview of the various scriptures in Hinduism
An overview of the various scriptures in Hinduism
 
Book Review of Run For Your Life Powerpoint
Book Review of Run For Your Life PowerpointBook Review of Run For Your Life Powerpoint
Book Review of Run For Your Life Powerpoint
 

The problem is that I have to jump to the administrative function u.pdf

  • 1. The problem is that I have to jump to the administrative function using buffer overflow but it is disabled in the code. I have to figure out how to bypass #undef ADMINISTRATIVE and get inside the function somehow. #include #include #include // define to allow administrative access, undef to restrict #undef ADMINISTRATIVE //#define ADMINISTRATIVE // function prototypes for "main.c" functions int main (int argc, char *argv[]); void list(void); void add(void); void quit(void); void delete(void); void deleteall(void); void normal(char *user); void administrative(char *nothing); void debug(char *nothing); void rot13(char *user, char *rot13pwd); typedef void (*menufunctype)(char *); typedef void (*userfunctype)(void); typedef void (*adminfunctype)(void); // jump table for non-administrative functions userfunctype userfunc[3] = {add, list, quit}; // jump table for administrative functions adminfunctype adminfunc[5] = {delete, deleteall, add, list, quit}; int main (int argc, char *argv[]) { menufunctype menufunc[3]={debug, administrative, normal}; char rot13pwd[20]; char user[20]; char pwd[20]; printf("Enter authorization code: "); fflush(stdout); gets(pwd); printf("Enter username or "admin" for admin functions: "); fflush(stdout); gets(user); // authenticate user rot13(user, rot13pwd); if (strcmp(pwd, rot13pwd)) { puts("Authentication FAILED. Access denied. "); exit(1); } // passed authentication, now display debug, normal or // administrative menu. If administrative access is prohibited by // compile-time "ADMINISTRATIVE" symbol, then don't allow admin // under any circumstances. if (! strncmp("debug", user, 5)) { (*menufunc[0])(user); } else if (! strncmp("admin", user, 5)) { #if defined(ADMINISTRATIVE) (*menufunc[1])(0); #else puts("NO ADMINSTRATIVE ACCESS AVAILABLE--SEE YOUR SYSTEMS ADMINISTRATOR."); #endif } else { (*menufunc[2])(user); } } // menu for users with non-administrative access void normal(char *user) { char buf[40]; char normalaccessfile[20]=".normal_access"; char choice[2]; int ch; // audit trail sprintf(buf, "echo %s >> %s", user, normalaccessfile); system(buf); while (1) { puts(" ##### MENU ###### "); puts("[0] Add a record"); puts("[1] List all records"); puts("[2] Exit "); printf("Choice: "); fflush(stdout); gets(choice); // audit trail sprintf(buf, "echo %c >> %s", choice[0], normalaccessfile); system(buf); ch = atoi(choice); if (ch < 0 || ch > 2) { puts("Invalid choice. "); } else { (*userfunc[ch])(); } } } // menu for administrators void administrative(char *nothing) { char buf[80]; char administrativeaccessfile[80]=".admin_access"; char choice[2]; int ch; while (1) { puts(" ----- RESTRICTED ADMIN MENU ----- "); puts("[0] Delete a record"); puts("[1] Delete all records"); puts("[2] Add a record"); puts("[3] List all records"); puts("[4] Exit "); printf("Choice: "); fflush(stdout); gets(choice); // audit trail sprintf(buf, "echo %c >> %s", choice[0], administrativeaccessfile); system(buf); ch = atoi(choice);
  • 2. if (ch < 0 || ch > 4) { puts("Invalid choice. "); } else { (*adminfunc[ch])(); } } } // menu for debug account void debug(char *nothing) { // implement debug menu later... // Marjorie: CHANGE THIS BEFORE RELEASE: MAJOR SECURITY HOLE! system(nothing); } // USER FUNCTIONS // list all records void list() { puts("*** LIST ***"); } // add a record void add() { puts("*** ADD ***"); } // ADMINISTRATIVE FUNCTIONS // delete a record void delete() { puts("*** ADMIN: DELETE ***"); } // delete all record void deleteall() { puts("*** ADMIN: DELETE ALL ***"); } // UNRESTRICTED // quit void quit() { puts("*** BYE ***"); exit(1); } // ROT13 calculation void rot13(char *user, char *rot13pwd) { int i; char cap; for (i=0; i < 20; i++) { rot13pwd[i] = user[i]; cap = rot13pwd[i] & 32; rot13pwd[i] &= ~cap; rot13pwd[i] = ((rot13pwd[i] >= 'A') && (rot13pwd[i] <= 'Z') ? ((rot13pwd[i] - 'A' + 13) % 26 + 'A') : rot13pwd[i]) | cap; } rot13pwd[20]=0; } Solution Steps you need to follow: Try to use more than one fun to get data when u use the same same gets fun() its unimportant to overwrite the user defined array. You should put a break point inside the menu gdb should be used to print the administrative function Current stack frame has user buffer and the array called menufunc() but you didnt print these using gdb, so print these address using gdb. Correct user name should be given to the opt address Eg: address of administrative fun is fun[4] Calculation of consecutive positions , So we comes to know how much we should pass data at the end of the array of fuc[4].