Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "buffer overflow"
-
A group of Security researchers has officially fucked hardware-level Intel botnet officially branded as "Intel Management Engine" they did so by gathering it all the autism they were able to get from StackOverflow mods... though they officially call it a Buffer Overflow.
On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.
Two weeks ago, the pair received thanks from Intel for working with the company to disclose the bugs responsibility. At the time, Chipzilla published 10 vulnerability notices affecting its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE).
The Intel Management Engine, which resides in the Platform Controller Hub, is a coprocessor that powers the company's vPro administrative features across a variety of chip families. It has its own OS, MINIX 3, a Unix-like operating system that runs at a level below the kernel of the device's main operating system.
It's a computer designed to monitor your computer. In that position, it has access to most of the processes and data on the main CPU. For admins, it can be useful for managing fleets of PCs; it's equally appealing to hackers for what Positive Technologies has dubbed "God mode."
The flaws cited by Intel could let an attacker run arbitrary code on affected hardware that wouldn't be visible to the user or the main operating system. Fears of such an attack led Chipzilla to implement an off switch, to comply with the NSA-developed IT security program called HAP.
But having identified this switch earlier this year, Ermolov and Goryachy contend it fails to protect against the bugs identified in three of the ten disclosures: CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707.
The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.
For more of the complete story go here:
https://blackhat.com/eu-17/...
https://theregister.co.uk/2017/12/...
I post mostly daily news, commentaries and such on my site for anyone that wish to drop by there19 -
!rant
A rather long(it's 8 hrs long to be precise) story
So I just finished an amazing homework assignment. The goal was to open a new shell on Linux using a C program. We were asked to follow instructions from http://phrack.org/issues/49/14.html . However the instructions given were for 32 bit processors and we had to do same for 64 bit machines. In a nutshell we had to write a 64 bit shell code and use buffer-overflow technique to change the return address if the function to our shell code.
I was able to write my own shellcode within 1hr and was able to confirm that it's working by compiling with nasm and all. Also the "show-off-dev" inside me told me to execute "/bin/bash" instead of "/bin/sh"(which everyone else was going to do). After my assembly code was properly executing shellcode, I was excited to put it in my C code.
For that, I needed opcodes of assembly code in a string. Following again the "show-off-dev" inside me, I wrote a shell script which would extract the exact opcodes out of objdump output. After this I put it in my C code, call my friend and tell him that "hell yeah bro, I did it. Pretty sure sir is gonna give me full marks etc etc etc". I compiled the code and BOOM, IT SEGFAULTS RIGHT IN FRONT OF MY FRIEND. Worst, friend had copied a "/bin/sh" code from shellstorm and already had it working.
Really burned my ego, I sat continuously for 8 hrs in front of my laptop and didn't talk to anyone. I was continuously debugging the code for 8 hrs. Just a few minutes ago, I noticed that the shellcode which I'm actually putting in my C code is actually 2 bytes shorter than actual code length. WHAT THE F. I ran objdump manually and copied the opcodes one by one into the string (like a noob) and VOILA ! IT WORKED !!!
TURNS OUT I DIDN'T CUT THE LAST COLUMN OF OPCODES IN MY SHELL SCRIPT. I FIXED THAT AND IT WORKED !!
THE SINGLE SHITTY NUMBER MADE ME STRUGGLE 8 HRS OF MY LIFE !! SMH
Lessons learnt :
1)Never have such an ego that makes you think you're perfect, cuz you're retarded not perfect
2)Examine your scripts properly before using them
3)Never, I repeat NEVER!! brag about your code before compiling and testing it.
That's it!
If you've read this long story, you might as well press the "++" button.6 -
Starting a new project in a new company. After 4 hours of training and receiving all kinds of new information another collegue passes by and says:
"Hey! So where are you from?"
"I... Don't know..."2 -
Agh, holy shit. devRant, I need some love.
I have successfully double-buffered the Windows console (cmd.exe) but all hell breaks loose when you resize the fucking window. The currently active buffer will receive the change in dimensions while the inactive buffer will not, resulting in the window quickly oscillating between the two sizes as the buffers change size.
That got me stuck for about a day. Today, I got it sort of working but it wasn't satisfying at all. I can get it to resize LARGER, but if you resize the window SMALLER, the actual buffer inside the window doesn't change size, so scrollbars appear and I have NO IDEA HOW TO FIX THAT. I somehow need to calculate, or use the API to find, the perfect dimensions (In rows and columns) for the console buffer INSIDE the window buffer for them to not have scrollbars.
And I just - -
I cannot gather the energy to do so right now.
I spent hours finding the solution to this bullshit and ONLY SOLVED HALF MY PROBLEM.
And stack overflow isn't exactly helpful. My problem is so specific that nobody even writes comments on the question.
I guess I need to calculate the amount of characters the screen can hold given the font size and the window size, but fuck, that's a lot of work to do just for something that probably won't even work anyways.
Well, off to the code editor again. Time to inevitably waste my time doing something that won't work.
Yay, programming.27 -
May the people responsible for the decision to let Windows 10 wake up people's PCs from sleep mode in the middle of the night to install patches and then force-restart be tortured for eternity in hell. All of the hells. Of every religion. At the same time. While having to stare at a Windows ME bluescreen of death without the ability to blink or look away. For 65535 eternities. Followed by a buffer overflow.5
-
Just got an amazing lecture by text from a university mentor of mine on some of the coolest shit to do with cat in linux, and why you can do things like open a shell with cat /bin/sh (or in my case, use it to stall a program and keep open a shell in a simple buffer overflow task).
God bless all you mentors out there who take the time to explain exactly how all this stuff works. It feels so good to have an idea on the mechanisms on "WHY" something works, not just that it does and that you should use it. As someone new, it makes all the difference.5 -
I found this on a wiki with Haskell Humor... it's interesting...
How to Shoot Your Self in the Foot With Haskell: Putting the unsafe in unsafePerformIO!
You shoot the gun, but the bullet gets trapped in the IO monad.
Couldn't match expected type 'Deer' against inferred type 'Foot'.
While compiling your program the compiler produces a type error long enough to overflow a kernel buffer, overwrite the trigger control register and shoot you in the foot.
After trying to decipher the type errors from the compiler, your head explodes.
After you've finally found a way to circumvent the type system and shoot yourself in the foot, Oleg appears out of nothing and shoots you in the foot for coming up with it before him.
You shoot the gun but nothing happens (Haskell is pure, after all).
Your foot is fine, until you try to walk on it, at which point it becomes mangled.
You have a shootFoot function which you've proven correct. QuickCheck validates it for arbitrary you-like values. It will be evaluated only when you end up at the hospital. You hope this doesn't come to pass, as it actually returns a bullet-ridden copy of yourself and you don't want to be garbage-collected.
foreign import ccall "shootparts.h shootfoot" shoot_foot :: Gun -> Programmer -> IO ()
shootSelfInFoot = unsafePerformIO . shoot . foot $ self -- Shoot self in foot 0 or more times depending on evaluation order
No instance for (Target Foot)
arising from use of `shoot' at SelfInflictedInjury.hs:1:0
Possible fix: add an instance declaration for (Target Foot)
In the expression: shoot foot
You go to shoot yourself in the foot but the bullet is in the ST monad and the gun is in the IO monad, so you can't.
You ask Haskell to shoot you in the foot but by the rules of lazy evaluation you don't need the result yet so it doesn't happen.
You decide to shoot yourself in the foot but get distracted devising a ballistics algebra and wondering if you can do the calculations in the type system.
You want to shoot yourself in the foot but realize there is no Gun datatype so use Arrows instead.
You shoot in the direction of your foot, but since you are inside the STM monad you can just retry until you figure out what to do.
You shoot yourself in the foot, but you are perfectly fine as long you just don't evaluate the foot.
You shoot yourself in the foot, but nothing happens unless you start walking.
Don't forget about memory consumption! If you don't look, the bullet causes heap overflow. If you look, the bullet causes stack overflow.
You *appear* to have deliberately shot yourself in the foot, and yet your program actually runs perfectly OK due to lazy evaluation. (So long as you remember to not look at your foot...)
You aim the gun at your foot, pull the trigger and remove the clip. When you look at your undamaged foot, the hammer clicks on an empty barrel.1 -
Windows decides to finish faulty programs whenever it likes. İt's so annoying, I did just one small mistake in c++. I wrote "new char(length);" instead of "new char[length];" and I have been dealing with this shit for three days. Then I run the program on Linux and boom it failed in the same spot, which I fixed. But in Windows it sometimes runs, sometimes fails or sometimes even fails on unrelated places. Wtf windows? How about security and shit. There was literally a buffer overflow and you still keep running the program. And why GCC didn't even popped a warning. I hate developing c :(8
-
For those of you who still refuse to accept that safety features in languages are useful and important:
https://daniel.haxx.se/blog/2023/...
The author of curl himself admits that this security flaw could have been prevented if he had used a memory safe language.
I‘m not blaming the author for making this mistake and I‘m not saying that curl should be rewritten in another language.
I just want to rub this in the faces of people who argue that "bugs are always the developer’s fault, therefore it’s perfectly fine to keep using unsafe languages"4 -
I fucking hate this low level programming shit. The fucking buffer overflow attacks and the whole understanding of the system architecture just goes over my mind. Can anyone who has found relatively useful resources be kind enough to refer them to me so my stupid mind can understand that better?15
-
Talking about adrenaline sports in a class and our favorites.
Me ? Writing C code without checking for null pointers!
What about you ?1 -
When someone (and this is typically someone non-dev and not a very structured person) says "Can I ask you a question" and, upon an affirmative answer to that, fires away a whole bunch of questions without waiting for an answer to the first of the questions.
Pleeeease! If you expect an answer, ask me one. question. at. a. time. Or write a freaking e-mail.3 -
Got an assignment last year to use a buffer overflow to "hack" a series of problems within some kind of assembly code. There were 2 required problems, but 6 in total. I completed all 7 (one hidden bonus problem).
The teacher that gave that assignment ended up writing me a letter of recommendation for my masters program -
Lately nothing compares to the excitement and happiness of executing my first successful buffer overflow.
-
CVE-2019-3568
Description: A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
NSO group even sell a spyware application based on that vulnerability to governments.
Listen!!!!! I'm going to the toilet with my phone!!! Listen!!!3 -
I was programming in java, C# and similar languages for years now and I never knew how the buffer overflow exploits would work, then I started C and saw the fixed size char arrays. After puking on my keyboard I realized that most of the vulerable programs were indeed written in C or similar languages.11
-
The day I read The Simulation Argument, by Nick Bostrom, a thought popped into my mind: "if we are made of code, maybe there are ways to hack life as you would hack some random program", I started thinking privilege escalation over the simulation, buffer overflow, picking signals as if I was eavesdropping... it was an epiphany and also fun10
-
In a Computer Systems class, we had a project to debug and buffer-overflow a program written in x86 Assembly. There were 2 mandatory problems we had to figure out, but the teacher told us there were 6 in total that can be solved. Not only did I complete all 6 on the next day (the project was due 2 weeks from then), I also noticed something looked weird in the code, so I investigated and found a hidden 7th problem and solved that too. Only one in the class to do so, and the teacher said I was the best student in any of her classes this year.
-
Stack overflow is full of useless assholes, like I asked a specific question about a problem I am having that is similar to another problem that exists but it is not the same at all in terms of how to fix and instead of helping I’ve got 2 downvotes on it and a comment linking me to a completely unrelated stylistic based question based on something I SAID I HAD ALREADY TRIED CHANGING IN MY QUESTION!!! Here’s my question btw in case anyone can help here before I smash up my laptop 😑:
I have a piece of code in which I am trying to read in words which have been categorised using a number and then placed in a text file in the following format "word-number-" with a new line for each word. However, despite not mixing cin>> and getline and having tried a number of methods I still cannot get it working.
So far I have attempted using a cin.ignore() call to clear any '\n' char's from the buffer, as well as checking if the file is opening in the first place (it is), and using the >> operator instead throughout my code however I could not get that working either. When I place the get line call inside the condition of the while loop, the while loop doesn't run, however when I make the while loop condition a .eof() call it will run once however when I try to print the text that has been read from the getline call it just prints a blank line.
if(file.is_open()){
while(!file.eof()){
getline(file, text, '-');
count++;
cout<<count<<endl;
cout<<text<<endl;
if(count%2 == 1){
wordBuff = text;
}else if(count%2 == 0){
if(stoi(text) == wordClass){
wordList.push_back(wordBuff);
}
}
}
file.close();
}
While I recognise there are a lot of other questions on this out there I cannot seem to get any of their solutions to work and the vast number being related to people mixing the >> operator and getline doesn't help, so any tips or solutions will be of great help -
Q: You know it's Monday when...
A: (typing)... (buffer overflow)
Because you had a bad.. *Segfault*.
Well fyck, spilled me coffee now tho.. -
Man my gf is awesome and actually takes interest in my tech adventures, but she gets so angry when I stay up late coding. So I wrote in a extra line of code in her software to make her more happy. Unfortunately it caused a buffer overflow.
-
Difference between security threat and programming bug ?
Found a cool paper about format string attacks which mentioned buffer Overflow is a security threat while format string is a programming bug.
Had no idea what that really meant.
Tnx1 -
You can have the best test coverage - even building your own fuzzing framework on the way.
You can have top notch devs adhering to state of the art development processes.
You can have as big a community and as well-funded a bugbounty program as you want...
All of that doesn't matter if you have chosen the wrong language:
https://googleprojectzero.blogspot.com/...
This would just have been an out-of-bounds exception instead of a buffer overflow using an attacker-controlled payload in any memory-safe language.
Language choice matters!
Choose wisely!13 -
Thought I was a full stack developer for my company with only android and sails js until I was also told to design the website.