johntheripper 0 Report post Posted September 8, 2007 aku rasa dah sampai masa utk blajar programming balik... dulu masa kt univ. penah study tapi sume dah lupa...nyesal tak blajo c sungguh2 dulu...bak kata pepatah "andai dapat ku underkan waktu" aku refer kt tutorial ni..http://www.infosecwriters.com/texts.php?op...play&id=134soklan aku,1. biasa klu nak write code pakai program apa yg best? skrg aku pakai dev-c++ utk windows & vi utk Backtrack2. code yg bawah ni aku follow bulat2 tapi time compile ade error...mm..??#include#includeint main(int argc, char **argv){char buff[512];if(argc < 2){printf('Usage: %s \n', argv[0]);exit(0);}strcpy(buff, argv[1]);printf('Your name: %s\n', buff);return 0;} Quote Share this post Link to post Share on other sites
Paralys3r 0 Report post Posted September 8, 2007 baik jugak kalau awak sertakan exact error message yg dikeluarkan oleh compiler... dan kod yang lengkap. missing include kat atas, try guna tag code, e.g#include <stdio.h> Quote Share this post Link to post Share on other sites
encik pot pet 0 Report post Posted September 8, 2007 selain tambah header stdio.h tu,printf('Usage: %s \n', argv[0]); sepatutnya printf("Usage: %s \n", argv[0]);BoF exploit ek?AppName: code.exe AppVer: 0.0.0.0 ModName: unknownModVer: 0.0.0.0 Offset: 41414141 Quote Share this post Link to post Share on other sites
johntheripper 0 Report post Posted September 8, 2007 BoF exploit ek?AppName: code.exe AppVer: 0.0.0.0 ModName: unknownModVer: 0.0.0.0 Offset: 41414141 Quote Share this post Link to post Share on other sites
encik pot pet 0 Report post Posted September 8, 2007 (edited) printf declared dalam stdio.h, kena tambah#include <stdio.h>anyway, iostream.h tak digunakan pun dalam program di atas. selamat utk dibuang. Edited September 8, 2007 by encik pot pet Quote Share this post Link to post Share on other sites
johntheripper 0 Report post Posted September 8, 2007 ok..tq..code dah perfect, xde error dlm windows and bole run aku letak #include <stdio.h>#include <string.h>dlm note asal x nampak sbb dia consider cam html code <> ... kena view source baru ok... tq 1kHz... tapi bole test cam ni jugak ke?vuln1 `perl -e'print 'A' x 516'`aku ade install perl dlm windows ni....kt backtrack, code yg sama bila compile ade error sket...gcc vuln1.c -o vuln1vuln1.c:In function 'main'vuln1.c:7: warning: comparison between pointer and integern bila aku nk test macam kt atas tu dia cuma kuar > je Quote Share this post Link to post Share on other sites
Paralys3r 0 Report post Posted September 9, 2007 itu cuma warning.. dalam 32-bit machine, pointer dan integer sama saiz.. so warning ni boleh diabaikan.. tapi pointer dalam 64-bit machine tak sama dengan integer, so warning ni kena ambil kira. btw.. maner code yg dikompil ni (vuln1.c)? vuln1 `perl -e'print 'A' x 516'`backtick ` adalah command substitution dalam linux (bash).. awak boleh gunakannya dalam Windows's command prompt. Quote Share this post Link to post Share on other sites
encik pot pet 0 Report post Posted September 9, 2007 ntxploits: shortcut ni memang bagus dan boleh mempercepatkan perjalanan anda. tapi ada kalanya jalan shortcut tu berbatu2, bukan bertar mcm biasa. oleh itu, masa yang di ambil utk sampai mungkin lebih lama.demikian juga belajar vuln exploiting ni. kalau terus masuk kepada topik, macam la jugak belajar calculus tanpa belajar algebra terlebih dahulu.nasihat, ikut learning curve. bukak balik buku the c programming language, belajar guna debugger serta assembly language. kemudian baru la cuba utk try menjadi seorang reverser. Quote Share this post Link to post Share on other sites
johntheripper 0 Report post Posted September 9, 2007 itu cuma warning.. dalam 32-bit machine, pointer dan integer sama saiz.. so warning ni boleh diabaikan.. tapi pointer dalam 64-bit machine tak sama dengan integer, so warning ni kena ambil kira. btw.. maner code yg dikompil ni (vuln1.c)? vuln1 `perl -e'print 'A' x 516'`backtick ` adalah command substitution dalam linux (bash).. awak boleh gunakannya dalam Windows's command prompt.yap...aku sedang try code kt atas tu...kalu ikutkan manual, command `perl -e'print 'A' x 516'` akan print 516 A, so takyah la nak taip 'A' 516 kali untuk test buffer overflow ni....tapi aku try kt windows, backtrack and fedora sume x jadik.... hmmm Quote Share this post Link to post Share on other sites
johntheripper 0 Report post Posted September 9, 2007 ntxploits: shortcut ni memang bagus dan boleh mempercepatkan perjalanan anda. tapi ada kalanya jalan shortcut tu berbatu2, bukan bertar mcm biasa. oleh itu, masa yang di ambil utk sampai mungkin lebih lama.demikian juga belajar vuln exploiting ni. kalau terus masuk kepada topik, macam la jugak belajar calculus tanpa belajar algebra terlebih dahulu.nasihat, ikut learning curve. bukak balik buku the c programming language, belajar guna debugger serta assembly language. kemudian baru la cuba utk try menjadi seorang reverser.tq...skrg ni aku tgh refer kt Buffer Overflow Attacks - Detect, Exploit, Prevent, The Shellcoder's Handbook tapi penin sket maybe sbb assembly language kot...kena study balik...benda2 yg ko ckp tu aku tgh dlm proses blaja jugak ni...tapi sbb Daniel Hodson ckp, "asm knowledge is helpfull though not essential. (I always wanted to say that heh)", mm...ok la kot. lagipun tutorial dia ni cam senang sket nk paham compare tu lain2...wikipedia pun penin sket, biasa yg tu paling senang nk pahamanyway, aku still prosess nk start, maybe it would takes time, but i'm sure it will works...gdb tu kena run serentak ke...ni yg aku test gdb dalam windows...code kt atas aku dah ubah sketchar buff[512]; kepada char buff[5];sbb nak pakai print 'A' x 516 tu tak jadiktest balik, vuln1 AAAAAApas tu bukak satu lagi console, run gdbC:\ntxploits>gdb -c vuln1.exeGNU gdb 20040521Copyright 2004 Free Software Foundation, Inc.GDB is free software, covered by the GNU General Public License, and you arewelcome to change it and/or distribute copies of it under certain conditions.Type "show copying" to see the conditions.There is absolutely no warranty for GDB. Type "show warranty" for details.This GDB was configured as "i686-pc-mingw32".warning: "C:\ntxploits/vuln1.exe": no core file handler recognizes format, using defaultwarning: Couldn't find general-purpose registers in core file.warning: Couldn't find general-purpose registers in core file.#0 0x00000000 in ?? ()(gdb)mm...mcm x jadik je gdb ni?? Quote Share this post Link to post Share on other sites
mchammer 0 Report post Posted September 9, 2007 Cuba gantikanvuln1 `perl -e'print 'A' x 516'` dengan vuln1 `perl -e 'print "A" x 516'` Quote Share this post Link to post Share on other sites
Paralys3r 0 Report post Posted September 15, 2007 rasanya better awak guna linux kalau awak gunakan gnu tools cam gdb dan sebagainya. kalau awak nak gunakan Windows, cari tutorial khas untuk Windows dan gunakan native tools untuk Windows. Ada banyak debugger Windows yang dikhususkan untuk asm-level debugging. gdb untuk asm-level debugging tak bagus untuk kesihatan awak... percayalah . Quote Share this post Link to post Share on other sites