From: Mart Lubbers Date: Mon, 9 Mar 2015 12:38:26 +0000 (+0100) Subject: update ass5a X-Git-Url: https://git.martlubbers.net/?a=commitdiff_plain;h=b52a25fcab9415d369407d620d33196ce9b909a6;p=sws1-1415.git update ass5a --- diff --git a/ass5a/sws1-assignment5-s4109503-s4202015/exercise1a b/ass5a/sws1-assignment5-s4109503-s4202015/exercise1a new file mode 100644 index 0000000..fb50d36 --- /dev/null +++ b/ass5a/sws1-assignment5-s4109503-s4202015/exercise1a @@ -0,0 +1,19 @@ +#include + +int main(void) +{ + char buf[20]; + int ok = 0; + int i = 0; + for(i = 0; i < 20; i++) + buf[i] = 0; + + printf("Please enter your password: "); + gets(buf); + + if(hash_equal("\x75\x97\xf6\x8c\x1c\x45\xb1\x1a\xde\x48\xa8\xd0\xb3\xe1\xdb\x1c\xec\xbe\x2d", sha256(buf))) + printf("You're root!\n"); + else + printf("Wrong password\n"); + return 0; +} diff --git a/ass5a/sws1-assignment5-s4109503-s4202015/exercise1b b/ass5a/sws1-assignment5-s4109503-s4202015/exercise1b new file mode 100644 index 0000000..82f6259 --- /dev/null +++ b/ass5a/sws1-assignment5-s4109503-s4202015/exercise1b @@ -0,0 +1,13 @@ +You will get root by entiring a password of which the sha256 hash is: + 7597f68c1c45b11ade48a8d0b3e1db1cecbe2d + +However. There are several variables declared +buf: array of 20 characters for holding our input +ok: integer that stores to which function we jump +i: integer used to loop through the buffer to clear it initially + +ok is allocated 28 bytes after buffer. When okay is non-falsey we will gain +'root access' so putting any non-null byte there will make us gain root. So an +input of 29 characters where the last characters is not null will give you +root. For example: + 11111111111111111111111111111