Lesson 13

Date: 6/28/2017
Linux Network Security
Linux System Administration

Stack overflow exercise.

  • A code prompts for password, reads it from keyboard, and gives the root shell.
    #include <stdio.h>
    #include <string.h>
    int main()
        char buff[10]; //Defines the input array buff of 10 Bytes size 
        int pass = 0;
        printf("\n Enter the password : \n");
        if(strcmp(buff, "Password1") != 0)
            printf ("\n Wrong Password \n");
            printf ("\n Correct Password \n");
            pass = 1;
        if(pass != 0)
            printf ("pass=, %3d", pass); //See how variable 'pass' is corrupted
           /* Now Give root or admin rights to user*/
            printf ("\n Root privileges given to the user \n");
        return 0;

  • Any given password string, exceeding 11 letters, would corrupt the memory region, containing variable pass, therefore cause the code to give the root shell.

    Download the source code and the Makefile:
    wget http://linuxcourse.rutgers.edu/lessons/security_remote/Downloads/root_shell.c
    wget http://linuxcourse.rutgers.edu/lessons/security_remote/Downloads/Makefile  

    Compile the source code, and assigne setuid root to the compiled executable:

    Run the executable:
    When prompted for password, type in a long string:
    Notice, you got the root shell.

  • Take me to the Course Website