Stack overflow exercise.
A code prompts for password, reads it from keyboard, and gives the root shell.
char buff; //Defines the input array buff of 10 Bytes size
int pass = 0;
printf("\n Enter the password : \n");
if(strcmp(buff, "Password1") != 0)
printf ("\n Wrong Password \n");
printf ("\n Correct Password \n");
pass = 1;
if(pass != 0)
printf ("pass=, %3d", pass); //See how variable 'pass' is corrupted
/* Now Give root or admin rights to user*/
printf ("\n Root privileges given to the user \n");
Any given password string, exceeding 11 letters, would corrupt the memory region, containing variable pass, therefore cause the code to
give the root shell.
Download the source code and the Makefile:
Compile the source code, and assigne setuid root to the compiled executable:
Run the executable:
When prompted for password, type in a long string:
Notice, you got the root shell.