#define STRING "pword"
#define NUMBER 3591337
#ifndef SOMETHING
#ifdef SOMETHING
code...
#else
code...
#endif
#if defined(hpux) || defined(NeXT) || defined(ultrix) || defined(POSIX)
memcpy((caddr_t)&sa.sin_addr, hp->h_addr_list[0], hp->h_length);
#else
bcopy(hp->h_addr_list[0], &sa.sin_addr, hp->h_length);
#endif
code...
goto abc
code...
abc:
code...
char *bar;
bar = malloc(4096);
if(!bar) {
fprintf(stderr, "failed to malloc memory\n");
exit(1);
}
a = inet_addr(argv[3]);
struct hostent *h;
unsigned long a;
if(!(h = gethostbyname(argv[3])) && (h = gethostbyaddr(&a, 4, AF_INET))) {
perror(argv[3]);
}
buf = malloc(4096);
i = BUFFER_SIZE-strlen(execshell);
memset(buf, 0x90, i);
ptr = buf + i;
setenv("HOME", buf, 1);
setuid(0);
setgid(0);
rem_len = sizeof(rem_addr);
#include
#include
#include
char filename[FILENAME_MAX];
FILE *ifp;
long len;
unsigned char *file_data = 0;
unsigned char *token = 0;
unsigned char line_sep[3] = { 0x0a, 0x0d, 0x00 };
fgets(filename, sizeof(filename), stdin); - command line input
if(filename[strlen(filename) - 1] == '\n') {
filename[strlen(filename) - 1] = 0;
}
if((ifp = fopen(filename, "rb")) == 0) {
fprintf(stderr, "Error opening file '%s'\n",filename);
return(1);
}
/* figure out the size of the file and malloc space to hold its data */
if(fseek(ifp, 0, SEEK_END) == -1) {
fprintf(stderr,"Error determining file size for file '%s'",filename);
return(1);
}
len = ftell(ifp);
rewind(ifp);
file_data = (unsigned char *)malloc(len * sizeof(unsigned char));
/* now read it in */
if(fread(file_data, sizeof(unsigned char), len, ifp) == 0) {
perror("Error reading file");
}
/*
* process each line of the file, looking for the lines that start with
* "LogFileUsername" or "LogFilePassword". These are the ones to crack.
*/
token = (unsigned char *)strtok(file_data, line_sep);
while (token != 0) {
if((strncmp(token,"LogFileUsername",strlen("LogFileUsername")) == 0){
/* found a relevant line */
unsigned char *encrypt_start = (unsigned char *)strchr(token, '=') + 1;
}
token = (unsigned char *)strtok(0, line_sep);
free(file_data);
return(0);
-----------------------------------------------------------------------------
printf("string");
-----------------------------------------------------------------------------
execv(const char *path, char *const argv[]);
execl(const char *path, const char *arg, ...);
execl("/path/to/file","file",NULL);
The initial argument for these functions is the pathname of a file which is
to be executed.
The const char *arg and subsequent ellipses in the execl(), execlp(), and
execle() functions can be thought of as arg0, arg1, ..., argn. Together
they describe a list of one or more pointers to null-terminated strings
that represent the argument list available to the executed program. The
first argument, by convention, should point to the file name associated
with the file being executed. The list of arguments must be terminated
by a null pointer.
#define RUN "/bin/sh"
execl(RUN,RUN,NULL);
-----------------------------------------------------------------------------
system(const char *string); - pass a command to the shell
The system() function hands the argument string to the command interpreter
sh(1). The calling process waits for the shell to finish executing the
command, ignoring SIGINT and SIGQUIT, and blocking SIGCHLD.
Never supply the system() function with a command containing any part of an
unsanitized user-supplied string. Shell meta-characters present will be
honored by the sh(1) command interpreter.
system("chown root /tmp/x ;chmod 4755 /tmp/x");