Using 'crash' file to exploit BoF

[caballomaldito]

Assuming an application that performs reading of files as example, how could it be analyzed with Zerotool using the 'crash' file to exploit the buffer overflow?

Example: filereadapp /dir/mycrashfileBoF.png

Thanks!

[ChrisTheCoolHut]

You'll need to modify three files:

inputDetector.py

You'll need to add a detection strategy for identifying file open operations.
Checking for "open" or "fopen" will probably cover most CTF problems.

overflowDetector.py

In the checkOverflow function, you will need to add a
condition to check for each open file descriptor somewhere on line 57

if state_copy.globals['inputType'] == "FILE":

Your check will likely look something like:

for fd in len(state.posix.files):
    if 'AAAA' in state.posix.dumps(fd):
        #Copy STIDN/LIBPWNABLE detection logic

And you'll do pretty much the same in

overflowExploiter.py

If you send the challenge I'd be happy to add these changes.

[caballomaldito]

Hi!

Here you have a simple parser of files with a buffer overflow vulnerability

create a fille called file.c with the following contents:

#include
#include

using namespace std;

//int main() {

int main(int argc, char* argv[])
{
if (argc > 1) {
cout << "argv[1] = " << argv[1] << endl;
} else {
cout << "No file name entered. Exiting...";
return -1;
}
ifstream myReadFile;
myReadFile.open(argv[1]);
char output[10];
if (myReadFile.is_open()) {
while (!myReadFile.eof()) {

myReadFile >> output;
cout<<output;

}
}
myReadFile.close();
return 0;
}

You can compile with the following commands:

g++ file.c -o file

Now, create a file called "myfile.txt" with more than 10 chars

petar@ubuntu:~/Desktop$ cat myfile.txt
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

To exploit:

./file myfile.txt