Skip to content

Latest commit

 

History

History
54 lines (42 loc) · 1.51 KB

README.md

File metadata and controls

54 lines (42 loc) · 1.51 KB

General

Author

  • Josh McIntyre

Website

  • jmcintyre.net

Overview

  • OminousOverflow is a demo of a buffer overflow privilege escalation vulnerability

Development

Git Workflow

  • development for bugfixes and new features

Building

  • make build Build the utility
  • make Tests Build the unit tests
  • make clean Clean the build directory

Features

  • Demonstrate a privilege escalation vulnerability via a buffer overflow
  • Shows a secret value if password is correct, or if vulnerability is triggered
  • This is done via a password input - correct password is "abc123"
  • Incorrect password below 8 characters will reject user
  • Incorrect password above 8 characters (8-22 characters) will trigger the vulnerability, authenticating user and showing the secret
  • Use password of 8-22 characters for best results, seeing the secret. Longer will also overwrite the secret buffer.

Requirements

  • Requires a terminal emulator

Platforms

  • Windows
  • Linux
  • MacOSX

Usage

CLI Usage

  • Run ominousoverflow.exe and enter password
  • Enter password via command-line input - correct password is "abc123"
  • Incorrect password below 8 characters will reject user
  • Incorrect password above 8 characters (8-22 characters) will trigger the vulnerability, authenticating user and showing the secret
  • Use password of 8-22 characters for best results, seeing the secret. Longer will also overwrite the secret buffer.

Tests

  • Run test_ominousoverflow.exe to run unit tests