News:

11 March 2016 - Forum Rules

Main Menu

Program abortion due to superior C compiler

Started by InfamousKnight, November 22, 2013, 03:56:48 PM

Previous topic - Next topic

InfamousKnight

I really don't like it when an OS has so much security that it takes the hacking away. As we all know(and should know) that hacking isn't bad or illegal it just depends on how you use it.

My definition of hacking is: Using technology for purposes other than what it was meant for.

Anyways, I tried doing some testing with smashing stacks with input functions that don't check bounds such as the gets function and the program that ran knew there was a buffer overrrun(as far as I know. idk if it was the OS) and it just aborted the program saying "***stack smashing detection*** aborting program. I just got really ticked that its so secure these days. I just get mad when theres some security flaw that can be used for good reason or bad reasons and they remove it.

I could give a lot of examples right now but you get the point.

Oh, and I'm running linux mint 15 when I did this.

Note: The idea of this came from an exploit for the original xbox that a game called Splinter cell had some vulnerable in the game where it might have used gets or some xbox api function that doesn't check bounds either. Usually it was loaded by using save files that were bigger than they should have been aka shellcode inserted.

FAST6191

Windows and raw sockets I might have seen and could stand to at least listen to a rant on, can't say I am all that upset about something stepping in when the program fails bounds checking. About the worst I can see it doing is messing up some old real mode dos stuff or maybe TSR stuff (the answer to both of which is typically "use dosbox", in a pinch I might listen to something about it making the compilation longer and the result bigger and slightly slower. However having lived through windows 95 and similar such things where checking and the like would have slowed everything to a crawl and the rather crash prone nature of things there I am certainly in no hurry to go back.

InfamousKnight

I would have to admit this "rant" wasn't very funny but it was pretty funny if you think about it. Basically what I was doing was trying to cause a hack(something not intended to happen by the maker) and get something not intended for the so called "hacker". That's pretty much the jist of the joke.

Bregalad

So basically you're writing terrible programs and then you blame the OS because it don't allow you to do what you want ?!

InfamousKnight

Quote from: Bregalad on November 23, 2013, 04:32:38 AM
So basically you're writing terrible programs and then you blame the OS because it don't allow you to do what you want ?!

It was really a test. I used gets because thats the only function I know that doesn't check bounds. And I blame the OS because on windows this actually would work. Not sure if its really my compiler though. I'm using gcc to compile it.

The test was to see buffer overruns. I just copied the example code from some cplusplus site.

BRPXQZME

Had you used Google, you would have quickly found the compiler flag to disable GCC's stack protection.

That said, there is very little good about smashable stacks; I'm afraid your disappointment is a small price to pay for a safer software ecosystem.
we are in a horrible and deadly danger

InfamousKnight

Quote from: BRPXQZME on November 23, 2013, 07:10:51 AM
Had you used Google, you would have quickly found the compiler flag to disable GCC's stack protection.

That said, there is very little good about smashable stacks; I'm afraid your disappointment is a small price to pay for a safer software ecosystem.

They actually have a flag to disable that? I wouldn't have even thought of that to be honest. I'll google it..

Revenant

#7
Quote from: InfamousKnight on November 23, 2013, 06:49:18 AM
It was really a test. I used gets because thats the only function I know that doesn't check bounds. And I blame the OS because on windows this actually would work. Not sure if its really my compiler though. I'm using gcc to compile it.

Using gcc on Windows will give you exactly the same results. Sorry!

edit: or maybe not, I probably hallucinated MinGW using glibc instead of msvcrt or something. Anyway, stop writing shitty code

cret

#8
don't use microsucks-products!!!

That sounds all like stack-canaries to me, look at the stack via gdb or better https://github.com/radare/radare2

what about gcc -fno-stack-protector ?
http://www.phrack.org/issues.html?issue=56&id=5 <--read this

maybe, it would be good to disable ASLR (ok, its not hard to break, but this could make it easier) : sudo echo "0" > /proc/sys/kernel/randomize_va_space this value is going to be reset after reboot

this might be interresting too: http://linux.die.net/man/8/execstack

hack fun


ps: you can even use cc instead of gcc, cc shouldn't have stackprotection


@BRPXQZME: "I'm afraid your disappointment is a small price to pay for a safer software ecosystem." WTF, a user should controle his machine, and if the user wants no canaries, there shouldnt be canaries. By the way, this is not really secure, once I wrote a program, that bypassed aslr in 18 minutes https://wk3.org/posts/730391
And even stack-canaries can be bypassed if a programmer uses printf(s); for example https://wk3.org/uploads/images/scaled_full_d9742473744565fda937.png
and what about overwriting the .dtor ?
go r2, use debug. .... White hand was fainted

BRPXQZME

This thread was almost dead.

THIS THREAD WAS ALMOST DEAAAAD
we are in a horrible and deadly danger

cret

go r2, use debug. .... White hand was fainted

BRPXQZME

Quote from: cret on December 18, 2013, 02:58:12 AM
WTF, a user should controle his machine, and if the user wants no canaries, there shouldnt be canaries.
A user should also know what the hell they're doing. Someone who can't look up the compiler flag from the given error alone doesn't.

For the record, I would not hand a firearm to someone who can't tell whether the safety is on or off, either.
we are in a horrible and deadly danger

cret

pain makes them learning, so its their fault if they crash their system. You're right, refering to a firearm.
go r2, use debug. .... White hand was fainted

henke37

The problem is that it's not their own system that they end up writing code for. They let others "experience" their "work".

cret

thats just what nintendo did on pokemon, after all its a big fun to do ingame-hacking.

Well, you should look at the source, sometimes
go r2, use debug. .... White hand was fainted