memory – Format string exploit length

i’m new to Software security and i’m studying it now at university.
I had some doubts about the Format String exploit, in particular how to count the length (in number of bytes) of a format string exploit.

Suppose that i have the following vulnerable code:

04 int guess(char *user) {
05     struct {
06          int n;
08          char usr(16);
09          char buf(16);
10      } s;
11
12      snprintf (s.usr, 16, "%s", user);
13
14      do {
15          scanf ("%s", s.buf);
16          if ( strncmp (s.buf, "DEBUG", 5) == 0) {
17              scanf ("%d", &s.n);
18              for ( int i = 0; i < s.n; i++) {
19                  printf ("%x", s.buf(i));
20              }
21          } else {
22              if ( strncmp (s.buf, "pass", 4) == 0 && s.usr(0) == '_') {
23                  return 1;
24          } else {
25              printf ("Sorry User: ");
26              printf (s.usr);
27              printf ("nThe secret is wrong! n");
28              abort ();
29          }
30          }
31      } while ( strncmp (s.buf, "DEBUG", 5) == 0);
32  }
33
34 int main(int argc, char** argv) {
35      guess(argv(1));
36 }

And the code is compiled in a IA-32 architecture (32 bit) with cdecl calling convenction and there’s no attack mitigation implemented (no stack canary, no ALSR ecc…, i’m in a complete vulnerable machine)

At line 26 there’s a format string vulnerability since the placeholder is missing ( printf (s.usr); ).

I’d like to overwrite the EIP with the address of an environmental variable that contains my shellcode.

I’m supposing (this is a theoretical exercise, i’m aware that in practice there are many other implications) that the address of my envirormental variable is 0x44674234, the address of the EIP is 0x42414515 and the displacement on the stack of my format string is 7.

So my format string exploit will be x15x45x41x42x17x45x41x42%16940c%7$hn%563c%8$hn, i’ll place it into user and then it will be copied into s.usr and executed by printf (s.usr);

Now what i noticed is that only 16 char are copied into s.usr from user.

Is my format string not exploitable? I counted 30 characters in my exploit, therefore the strcpy will copy only half of my exploit.

Is the number of char i counted correct? How should i count them?

html – Como transformar valores booleanos de Inputs para valores em string usando C# (MVC)?

Estou tendo dificuldades pra conseguir transformar valores de um input Toggle em um valor em string para ser armazenado em um um BD. O objetivo é fazer um Toggle de Compra/Venda que mostra o tipo da operação que o usuario está inserindo as informações, retornando, em string, um “C” ou “V” dependendo da opção:

Basicamente esse o botão

Mas não estou conseguindo pegar o valor do Toggle!

Esse é o codigo que estou fazendo para pegar o que o botão sai e transformá-lo nas strings

<script>
$(document).ready(function () {
        if ($("Tipo_ope").val().toLowerCase() === 'true')
            return "C"
        else
            return "V"
    }
 );
 </script>

Também tentei fazer pelo Controller, porém não consigo pegar o resultado pelo parâmetro, e não deu certo também…
Eu sou iniciante ainda nesse método MVC e ainda não entendo algumas coisas, por isso pergunto se há alguém que saiba como devo resolver isso?

mvc – C# – Transformar CUIL/CUIT numerico pasandole a string y agregandole los 2 guiones (-) que lleva

quisiera saber cual es la mejor forma para poder hacer lo siguiente en C#
Recibo los CUIL/CUIT de la siguiente forma numerica. Ejemplo: 20354002003
y quisiera pasarlo a string y a su vez agregarle los dos guines que lleva y que quede de la forma: 20-35400200-3

Muchas gracias!

python – TypeError: cannot use a string pattern on a bytes-like object

I am doing HackTheBox Web Challenge & I have to write a Python Script in order to solve it.
I am writing a python script to fetch the HTML code of the website & remove the unnecessary HTML tags.

This is the script:


import requests
import hashlib
import re

req = requests.session()
url = "http://docker.hackthebox.eu:30596/"


rget = req.get(url)
html = rget.content


def html_tags(html):
    clean = re.compile('<.*?>')
    return re.sub(clean, '', html)

print(html_tags(html))

Unfortunately, I am getting an error.

Traceback (most recent call last):
  File "1.py", line 19, in <module>
    print(html_tags(html))
  File "1.py", line 17, in html_tags
    return re.sub(clean, '', html)
  File "/usr/lib/python3.8/re.py", line 210, in sub
    return _compile(pattern, flags).sub(repl, string, count)
TypeError: cannot use a string pattern on a bytes-like object

A guy did the same script, but mine is giving error. What could be the cause. Please help me with this.

PHP Reemplazar String por otro String usando Regex (Con texto variable)

Tengo el siguiente texto en una variable en PHP:

(e https://google.es)Lorem ipsum(/e)

Y quiero transformarlo en:

<a href="https://google.es">Lorem ipsum</a>

Tengo otras etiquetas que no son tan complejas y he podido hacerlas con un simple str_replace, pero esta requiere de regex (supongo) y hacer que entre (e y ) pueda haber cualquier contenido, ya me entienden.

python – raise TypeError(“first argument must be string or compiled pattern”)

This code is used for data mining and displaying it in text boxes. I keep receiving this error when I’m trying to run it. SKT group results not displayed due to this. Is anyone able to point out my mistake and help me out?

Thank you.

First part: LB Grp (displayed)

Second part: SKT Grp (unable to display)

Code:

#LB Grp
a = 0
column = df2.columns
# print(column)
lb_df = pd.DataFrame(df2, columns = ('HARDWAREGROUP'))
lb_df.columns = ('LB Group')
df111 = pd.DataFrame(columns=('LB Group'))
while(a < rows):   
    s = x.loc(a)('LOADBOARDGRPNAME')
    y = lb_df(df2('HARDWAREGROUP').str.contains(s))
    df111 = df111.append(y)
    df111.reset_index(drop=True, inplace=True)
    a += 1
print(df111)

if df111.empty:
    print("No results found for Loadboard Group.")
load_box.delete("1.0", "end")
load_box.insert(tk.END, df111)

#skt grp
b=0
df4 = pd.DataFrame(df2, columns = ('HARDWAREGROUP'))
df4.columns = ('Socket Group')
df222 = pd.DataFrame(columns=('Socket Group'))
while(b < rows):
    k = x.loc(b)('SOCKETGRPNAME')
    z = df4(df2('HARDWAREGROUP').str.contains(k))
    df222 = df222.append(z)
    df222.reset_index(drop=True, inplace=True)
    b += 1
print(df222) #Print Socket Details Dataframe

if df222.empty:
    print("No results found for Socket Group.")
skt_box.delete("1.0", "end")
skt_box.insert(tk.END, df222)

Shell:

Traceback (most recent call last):
  File "N:TESTTEST UTILIZATIONIA 2020Clauminecode.py", line 326, in <module>
    z = df4(df2('HARDWAREGROUP').str.contains(k))
  File "C:UserssgtiocqnAppDataLocalProgramsThonnylibsite-packagespandascorestrings.py", line 1954, in wrapper
    return func(self, *args, **kwargs)
  File "C:UserssgtiocqnAppDataLocalProgramsThonnylibsite-packagespandascorestrings.py", line 2763, in contains
    self._parent, pat, case=case, flags=flags, na=na, regex=regex
  File "C:UserssgtiocqnAppDataLocalProgramsThonnylibsite-packagespandascorestrings.py", line 441, in str_contains
    regex = re.compile(pat, flags=flags)
  File "C:UserssgtiocqnAppDataLocalProgramsThonnylibre.py", line 234, in compile
    return _compile(pattern, flags)
  File "C:UserssgtiocqnAppDataLocalProgramsThonnylibre.py", line 285, in _compile
    raise TypeError("first argument must be string or compiled pattern")
TypeError: first argument must be string or compiled pattern

Creating a graph out of a string list ? Julia language

This is my first post here, I hope I’m going to do it right 🙂

Here’s my problem, I have a list of string:

(” ‘DataManager’ “, ” ‘LauncherFrame’ “, ” ‘DataManager’ “, ” ‘DataManager’ “, ” ‘DataManager’ “, ” ‘DataManager’ “, ” ‘DataManager’ “, ” ‘DataManager’ “, ” ‘DataManager’ “, ” ‘DataManager’ “, ” ‘ToolBox’ “, ” ‘ToolBox’ “, ” ‘ToolBox’ “, ” ‘ToolBox’ “, ” ‘ToolBox’ “, ” ‘MonoWellInterpretationView’ “, ” ‘MonoWellInterpretationView’ “, ” ‘MonoWellInterpretationView’ “, ” ‘MonoWellInterpretationView’ “, ” ‘MonoWellInterpretationView’ “, ” ‘MonoWellInterpretationView’ “, ” ‘MonoWellInterpretationView’ “, ” ‘MonoWellInterpretationView’ “, ” ‘MonoWellInterpretationView’ “, ” ‘MonoWellInterpretationView’ “, ” ‘MonoWellInterpretationView’ “, ” ‘ToolBox’ “, ” ‘DataManager’ “, ” ‘DataManager’ “, ” ‘DataManager’ “, ” ‘DataManager’ “)

This list corresponds to the names of all the windows opened during a log(session ?) on the software I am working on. The order of the names is important since it corresponds to the sequences between the windows for example the window “DataManager” was opened first then “LauncherFrame” and then again DataManager etc …

I’m trying to make a directed graph with this list where the nodes are the different types of windows and the edges are the possible transitions from one window to another (for example here there would be an arrow from DataManager to LauncherFrame etc…).
Here’s what I have done so far :

frame = countmap(WindowsType)

Dict{Any,Int64}(” ‘MonoWellInterpretationView’ ” => 11,” ‘DataManager’ ” => 13,” ‘LauncherFrame’ ” => 1,” ‘ToolBox’ ” => 6)

FrameLabel=
for i in keys(frame)
FrameLabel = (FrameLabel;i)
end

A = (0 0 2 3
0 0 0 0
1 3 0 0
0 0 3 0)

  G = DiGraph(A)
  # save to png
draw(PNG(“graph.png”, 100, 100),gplot(G, nodelabel=FrameLabel))

Graph Test

As you can see I managed to create a graph with arrows and with a node for each type of window, the problem is the matrix A of the edges. How could I “automate” it without having to create it “by hand” for each string list that I will have? How could I create this matrix A (for edges) directly from my list of string with inside the transitions between the windows and their frequency for each type of transitions?

I hope I have been clear and not asked a stupid question !

Thank you in advance for your answers,

Have a good day, Valentine
PS : Sorry if my english is bad :sweat_smile: