andrewlsd | Morning #ubuntu-za | 06:44 |
---|---|---|
nsnzero | morning andrewlsd | 06:48 |
andrewlsd | \o nsnzero | 06:48 |
theblazehen | Hi all | 07:17 |
andrewlsd | o/ theblazehen | 07:18 |
Kilos | morning andrewlsd paddatrapper nsnzero smile divansantana_ ambo theblazehen thatgraemeguy tumbleweed and other lurking types | 07:38 |
Kilos | oh and of course old inetpro | 07:38 |
Kilos | and MaNI | 07:39 |
inetpro | oh hi Kilos | 07:39 |
Kilos | haha | 07:39 |
inetpro | and good mornings to all else | 07:39 |
Kilos | running the router off the ups works, now just still to see how long it can power a batteryless lappy and the router | 07:40 |
thatgraemeguy | morning peoples | 07:41 |
pavlushka | Mornings | 07:47 |
pavlushka | :p | 07:47 |
paddatrapper | Morning Kilos, inetpro, thatgraemeguy, pavlushka | 07:48 |
pavlushka | Hey paddatrapper, how is it going? | 07:49 |
andrewlsd | Morning Kilos thatgraemeguy pavlushka pavlushka inetpro | 07:52 |
Kilos | hmm... stuttering a bit there | 08:03 |
theblazehen | Can I just brag for a second here? http://imgur.com/a/hI95e Maybe it isn't that impressive, but it is for me | 08:10 |
theblazehen | Took most of my afternoon yesterday to get it working though... | 08:11 |
magespawn | good morning all | 08:13 |
theblazehen | hi magespawn | 08:13 |
nsnzero | awesome stuff theblazehen - but what is it ? | 08:40 |
theblazehen | nsnzero: Shellcode execution from a buffer overflow :D | 08:41 |
theblazehen | Basically just a NOP sled, then my code, then overwriting the return address of the strcpy into my buffer, (Think it was the strcpy at least, pretty sure it was) | 08:43 |
theblazehen | I never though I'd ever get to writing assembly myself... Nevermind exploting a buffer overflow with it | 08:43 |
nsnzero | now i see it .... impressive indeed | 08:44 |
theblazehen | ty nsnzero :) | 08:44 |
theblazehen | nsnzero: It's just level 2 of http://overthewire.org/wargames/narnia though, and with ASLR, stack protection, etc disabled | 08:45 |
theblazehen | Still, from having no experience with assembly, except for "This looks hard...", to getting it to run by exploiting a buffer overflow is kinda cool | 08:47 |
magespawn | hi theblazehen, does it gain you a privilage escalation? | 08:58 |
theblazehen | hi magespawn. If it's a setuid binary (which it is), yes. Or if you have a restricted shell it could give you an unrestricted shell if it isn't setuid. Or if you have a sudoers rule for that single application | 08:59 |
theblazehen | You can see how I was narnia2, binary was setuid narnia3, and I became narnia3 | 09:01 |
magespawn | theblazehen: i did not see the original post :) | 09:53 |
nsnzero | theblazehen: thats a nice tutorial site btw - do you need to sign up first to play ? | 09:58 |
nsnzero | hi magespawn | 09:58 |
magespawn | hi nsnzero | 10:03 |
magespawn | theblazehen: can you repost the original link. | 10:16 |
nsnzero | http://overthewire.org/wargames/bandit/bandit0.html | 10:31 |
nsnzero | there magespawn | 10:31 |
pavlushka | andrewlsd: Good day andrewlsd :) | 11:35 |
nsnzero | have a good afternoon everyone | 12:16 |
nsnzero | evening folks | 17:34 |
inetpro | hi nsnzero | 17:38 |
nsnzero | good evening inetpro | 17:38 |
Langjan | Hello, how is everybody | 18:13 |
nsnzero | hi Langjan | 18:16 |
nsnzero | doing well and yourself Langjan ? | 18:16 |
Langjan | Good, also well thks nsnzero | 18:18 |
nsnzero | good to hear that Langjan | 18:24 |
Langjan | Thks nsnzero, much to be grateful for | 18:25 |
Langjan | You there Kilos? And hi inetpro, chesedo, pavlushka, smile, theblazehen | 18:26 |
Langjan | and paddatrapper | 18:27 |
smile | hi Langjan | 18:27 |
Langjan | hi young man | 18:27 |
smile | Hi old man | 18:28 |
Langjan | lmga! | 18:28 |
Langjan | Wie's jou ou man jou klein parmant! | 18:28 |
Langjan | Only turning 74 in a few days man | 18:29 |
nsnzero | still young Langjan | 18:31 |
Langjan | Yes, young at heart nsnzero | 18:33 |
Langjan | Where's my pal Kilos - no sheep to chase in Rustenburg | 18:34 |
Langjan | Verstaan jy Afrikaans smile ? | 18:35 |
smile | Langjan: I'm only 21 (for now) | 18:36 |
smile | Langjan: ja, ek verstaan Afrikaans, hoekom vraag jy? | 18:36 |
Langjan | Net gewonder oor jy so stil is | 18:37 |
smile | hehe | 18:37 |
smile | Ek verstaan parmant ni, maar ek weet wa jy bedoel hĂȘt | 18:37 |
Langjan | lmga, jys dieselfde ouderdom as my oudste kleinkind | 18:37 |
Langjan | means cheeky | 18:37 |
smile | omg o.O | 18:37 |
smile | I'm cheeky o.O | 18:38 |
smile | I was just stating the obvious. | 18:38 |
smile | You're old, I'm young. | 18:38 |
Langjan | Just pulling your leg young man | 18:38 |
smile | Don't, it hurts enough already | 18:38 |
smile | :P | 18:38 |
Langjan | To be young? | 18:39 |
Langjan | hurts? Why | 18:39 |
smile | It doesn't hurt to be young, it hurts because I went badmintonning for over 2 hours :P | 18:39 |
Langjan | oh ok good | 18:39 |
smile | nah XD | 18:40 |
Langjan | Great game | 18:40 |
smile | I lost :P | 18:40 |
smile | So not so great either | 18:40 |
Langjan | well next time... | 18:40 |
smile | :D | 18:41 |
Langjan | somebody has to lose so someone else can win, we all have our days | 18:41 |
smile | when's my day? | 18:41 |
Langjan | When you win | 18:41 |
smile | When do I win? | 18:42 |
Langjan | When it's your day | 18:42 |
smile | Seems like a circular reference to me. | 18:42 |
smile | A stack overflow will soon follow. | 18:43 |
Langjan | lmga, and when you've practised enough | 18:43 |
smile | In software, a stack overflow occurs if the call stack pointer exceeds the stack bound. The call stack may consist of a limited amount of address space, often determined at the start of the program. The size of the call stack depends on many factors, including the programming language, machine architecture, multi-threading, and amount of available memory. | 18:43 |
smile | = you run out of memory | 18:43 |
Langjan | phew! | 18:44 |
Langjan | glad I'm not in software | 18:44 |
smile | I do understand what's being sad, but I hardly ever need that knowledge to do my job | 18:45 |
smile | * said | 18:45 |
Langjan | All I know is I'm running at 4% CPU usage and 38% free memory | 18:45 |
smile | That means you will reach a stackoverflow soon after you fill another 62% of your memory :P | 18:46 |
Langjan | Which will hopefully never happen | 18:46 |
MaNI | you don't need to exhaust your entire computers memory to have a stack overflow | 18:48 |
smile | Yeah. And if it does, you reach out to me and I'll just say "buy some more memory" | 18:48 |
smile | MaNI: true, but if you do, it's far more likely | 18:48 |
MaNI | not really, most programs have a fixed stack size thats measured in mbs | 18:49 |
MaNI | e.g. on windows with MSVC compiler by default a c++ program will have a stack limit of 1Mb | 18:49 |
MaNI | if the program exceeds 1Mb on the stack there will be an overflow | 18:50 |
smile | but you can increase it before a stack overflow occurs, right? | 18:50 |
smile | that's where malloc/alloc/... comes in? | 18:50 |
MaNI | no it's usually a fixed limit set at compile time | 18:50 |
MaNI | most large memory allocations are not done on the stack malloc/alloc allocates on the heap not on the stack | 18:50 |
smile | Okay. I do agree with you | 18:50 |
MaNI | stack overflow is usually a result of unbounded recursion | 18:51 |
smile | Correct. :) | 18:51 |
smile | That's the way I make those usually | 18:52 |
smile | But I don't make that error often | 18:52 |
smile | But sometimes you're trying to do something crazy | 18:52 |
Langjan | smile, is your calculation correct? Do I not reach stack overflow if I use up 38% more memory? | 18:53 |
smile | Langjan: If you want to freeze your computer, you should use all available memory | 18:54 |
MaNI | ulimit -s 8192 - thats the default stack size for a linux program by the way, which is 8x larger than the windows default but still incredibly easy to exhaust | 18:54 |
smile | nice | 18:54 |
Langjan | I understand that but not your figure of 62% | 18:55 |
smile | Langjan: probably my calculation doesn't even make sense :P | 18:55 |
smile | MaNI: does that mean a Linux program uses that memory if it doesn't need it? | 18:55 |
MaNI | it's a maximum so it doesn't have to be available at launch - AFAIK, I'm not sure if in practice it is or isn't though | 18:56 |
MaNI | quite possibly | 18:57 |
nsnzero | linux is designed to prevent memory getting full - its will swapped out ram and then kill userspace apps | 18:57 |
nsnzero | MaNI: isnt the stack just a temp storage for return addresses from loops and subroutines ? | 19:00 |
MaNI | call stack, temporary variables etc. | 19:00 |
Langjan | OK guys you're way above my head, let me leave you to it | 19:01 |
Langjan | take care and watch out for the pretty girls smile | 19:02 |
smile | Langjan: I'm in the process of catching one | 19:02 |
smile | good night! | 19:02 |
MaNI | I've only once ever in my programming career found a legitimate reason to mess around with the stack size of a program - as opposed to just fixing a bug like too much recursion, 8Mb is usually more than sufficient for a properly designed program :) | 19:02 |
Langjan | well dont say you were not warned | 19:02 |
smile | MaNI: when was that? | 19:02 |
smile | Langjan: lol | 19:02 |
Langjan | good luck my friend | 19:03 |
smile | thanks | 19:03 |
nsnzero | take care Langjan | 19:03 |
Langjan | go well nsnzero and smile, plse give Kilos my regards if and when he wakes up | 19:04 |
smile | sure | 19:04 |
Langjan | Tell him I have not broken anything for a while, maybe its time...lmga! | 19:05 |
nsnzero | nowdays the stack and other low level memory fiddling isnt necessary with compilers having memmory management builtin | 19:05 |
nsnzero | i was just going to ask you Langjan - : "whats need fixing ?" | 19:05 |
MaNI | For a FSN parser I wrote for a specific project using boost::xpressive - because xpressive uses templates and is quite complex, and the parser rules themselves were very complex, and recursed quite a bit, it was easily exhausting stack space. Because it was special purpose code it was better to increase the stack size than to rewrite the code and/or slow it down by reducing stack allocation. | 19:05 |
Langjan | Only Kilos's kde nsnzero! | 19:06 |
smile | MaNI: well done :) | 19:06 |
nsnzero | c++ mani -> its so complex | 19:06 |
Kilos | im here | 19:07 |
Kilos | ai! | 19:07 |
nsnzero | evening Kilos - you just missed lanjan | 19:08 |
smile | Kilos: you have the greetings from Langjan :P | 19:08 |
Kilos | yes i see so | 19:08 |
Kilos | ill mail him ty nsnzero | 19:09 |
smile | He warned me about pretty girls, is he right? | 19:09 |
Kilos | lol | 19:09 |
nsnzero | how you doing Kilos ? | 19:11 |
nsnzero | i just learnt the benefits of using ssh-agent together with ssh-add - no need to type pass phrases over and over again | 19:15 |
nsnzero | good night all | 19:38 |
smile | Good night :-) | 21:05 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!