Problème serveur et shellcode

Fermé
yaia987 Messages postés 1 Date d'inscription lundi 25 novembre 2013 Statut Membre Dernière intervention 25 novembre 2013 - Modifié par yaia987 le 25/11/2013 à 17:14
Bonjour,
J'aurai besoin d'aide pour un serveur.. On a un exercice de virologie, on doit trouver une faille dans ce code C++.. cependant le prof nous aide vraiment pas et je n'ai aucune idée de cette faille, j'aimerai la trouver pour pouvoir ensuite passer au Shellcode pour pénétrer cette faille.

Voici mon code C++ :

#include <stdio.h>
#include <winsock2.h>

#define BUF_SIZE 0x410

#define RECVBUF_SIZE 0x1000

char recvbuf[RECVBUF_SIZE];



void serv(int argc, char *argv[]) {

int i;

WSADATA wsaData;
int iResult = WSAStartup( MAKEWORD(2,2), &wsaData );
if ( iResult != NO_ERROR )
printf("[ERRR] Error at WSAStartup()\n");


SOCKET m_socket;
m_socket = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP );

if ( m_socket == INVALID_SOCKET ) {
printf( "[ERRR] Error at socket(): %ld\n", WSAGetLastError() );
WSACleanup();
return;
}


sockaddr_in service;

service.sin_family = AF_INET;
service.sin_addr.s_addr = inet_addr( "127.0.0.1" );
service.sin_port = htons( 27015 );

if ( bind( m_socket, (SOCKADDR*) &service, sizeof(service) ) == SOCKET_ERROR ) {
printf( "[ERRR] bind() failed.\n" );
closesocket(m_socket);
return;
}


if ( listen( m_socket, 1 ) == SOCKET_ERROR )
printf( "[ERRR] Error listening on socket.\n");


SOCKET AcceptSocket;

printf( "[INFO] waiting connection...\n" );


char buf[BUF_SIZE];
printf("[INFO] buffer address in memory: %p\n", buf);


while (1) {
AcceptSocket = SOCKET_ERROR;
while ( AcceptSocket == SOCKET_ERROR ) {
AcceptSocket = accept( m_socket, NULL, NULL );
}
printf( "[INFO] client connection.\n");
m_socket = AcceptSocket;
break;
}


int bytesSent;
int bytesRecv = SOCKET_ERROR;
char sendbuf[4];
sendbuf[0]=(unsigned int)buf&0xFF;
sendbuf[1]=((unsigned int)buf >>8)&0XFF;
sendbuf[2]=((unsigned int)buf>>16)&0XFF;
sendbuf[3]=((unsigned int)buf>>24)&0XFF;

bytesSent = send( m_socket, sendbuf, strlen(sendbuf), 0 );

printf( "[INFO] send buffer address: %02X%02X%02X%02X (%ld octets)\n", sendbuf[3]&0xFF, sendbuf[2]&0xFF, sendbuf[1]&0xFF, sendbuf[0]&0xFF, bytesSent );

bytesRecv = recv( m_socket, recvbuf, RECVBUF_SIZE, 0 );

for (int i=0; i<bytesRecv; i++){
if (i%16==0) printf("\n %08X : ", buf + i);
printf("%02X ", *(recvbuf + i)&0xFF);
}

strcpy(buf, recvbuf);

printf("\nend of connection\n");

return;
}

void __cdecl main(int argc, char *argv[]){
serv(argc, argv);
return;
}

Je vous remercie beaucoup.