/srv/irclogs.ubuntu.com/2017/03/27/#ubuntu-za.txt

andrewlsdMorning #ubuntu-za06:44
nsnzeromorning andrewlsd 06:48
andrewlsd\o nsnzero06:48
theblazehenHi all07:17
andrewlsdo/ theblazehen07:18
Kilosmorning andrewlsd paddatrapper nsnzero smile divansantana_ ambo theblazehen thatgraemeguy tumbleweed and other lurking types07:38
Kilosoh and of course old inetpro 07:38
Kilosand MaNI 07:39
inetprooh hi Kilos07:39
Kiloshaha07:39
inetproand good mornings to all else07:39
Kilosrunning the router off the ups works, now just still to see how long it can power a batteryless lappy and the router07:40
thatgraemeguymorning peoples07:41
pavlushkaMornings07:47
pavlushka:p07:47
paddatrapperMorning Kilos, inetpro, thatgraemeguy, pavlushka07:48
pavlushkaHey paddatrapper, how is it going?07:49
andrewlsdMorning Kilos thatgraemeguy pavlushka pavlushka inetpro07:52
Kiloshmm... stuttering a bit there08:03
theblazehenCan I just brag for a second here? http://imgur.com/a/hI95e Maybe it isn't that impressive, but it is for me08:10
theblazehenTook most of my afternoon yesterday to get it working though...08:11
magespawngood morning all08:13
theblazehenhi magespawn08:13
nsnzeroawesome stuff theblazehen - but what is it ? 08:40
theblazehennsnzero: Shellcode execution from a buffer overflow :D08:41
theblazehenBasically just a NOP sled, then my code, then overwriting the return address of the strcpy into my buffer, (Think it was the strcpy at least, pretty sure it was)08:43
theblazehenI never though I'd ever get to writing assembly myself... Nevermind exploting a buffer overflow with it08:43
nsnzeronow i see it .... impressive indeed08:44
theblazehenty nsnzero :)08:44
theblazehennsnzero: It's just level 2 of http://overthewire.org/wargames/narnia though, and with ASLR, stack protection, etc disabled08:45
theblazehenStill, from having no experience with assembly, except for "This looks hard...", to getting it to run by exploiting a buffer overflow is kinda cool08:47
magespawnhi theblazehen, does it gain you a privilage escalation?08:58
theblazehenhi magespawn. If it's a setuid binary (which it is), yes. Or if you have a restricted shell it could give you an unrestricted shell if it isn't setuid. Or if you have a sudoers rule for that single application08:59
theblazehenYou can see how I was narnia2, binary was setuid narnia3, and I became narnia309:01
magespawntheblazehen: i did not see the original post :)09:53
nsnzerotheblazehen: thats a nice tutorial site btw - do you need to sign up first to play ?09:58
nsnzerohi magespawn 09:58
magespawnhi nsnzero 10:03
magespawntheblazehen: can you repost the original link.10:16
nsnzerohttp://overthewire.org/wargames/bandit/bandit0.html10:31
nsnzerothere magespawn 10:31
pavlushkaandrewlsd: Good day andrewlsd :)11:35
nsnzerohave a good afternoon everyone12:16
nsnzeroevening folks17:34
inetprohi nsnzero17:38
nsnzerogood evening inetpro 17:38
LangjanHello, how is everybody18:13
nsnzerohi Langjan 18:16
nsnzerodoing well and yourself Langjan ?18:16
LangjanGood, also well thks nsnzero 18:18
nsnzerogood to hear that Langjan 18:24
LangjanThks nsnzero, much to be grateful for 18:25
LangjanYou there Kilos? And hi inetpro, chesedo, pavlushka, smile, theblazehen      18:26
Langjanand paddatrapper 18:27
smilehi Langjan 18:27
Langjanhi young man18:27
smileHi old man18:28
Langjanlmga!18:28
LangjanWie's jou ou man jou klein parmant!18:28
LangjanOnly turning 74 in a few days man18:29
nsnzerostill young Langjan 18:31
LangjanYes, young at heart nsnzero 18:33
LangjanWhere's my pal Kilos - no sheep to chase in Rustenburg18:34
LangjanVerstaan jy Afrikaans smile ?18:35
smileLangjan: I'm only 21 (for now)18:36
smileLangjan: ja, ek verstaan Afrikaans, hoekom vraag jy?18:36
LangjanNet gewonder oor jy so stil is18:37
smilehehe18:37
smileEk verstaan parmant ni, maar ek weet wa jy bedoel hĂȘt18:37
Langjanlmga, jys dieselfde ouderdom as my oudste kleinkind18:37
Langjanmeans cheeky18:37
smileomg o.O18:37
smileI'm cheeky o.O18:38
smileI was just stating the obvious.18:38
smileYou're old, I'm young.18:38
LangjanJust pulling your leg young man18:38
smileDon't, it hurts enough already18:38
smile:P18:38
LangjanTo be young? 18:39
Langjanhurts? Why18:39
smileIt doesn't hurt to be young, it hurts because I went badmintonning for over 2 hours :P18:39
Langjanoh ok good18:39
smilenah XD18:40
LangjanGreat game18:40
smileI lost :P18:40
smileSo not so great either18:40
Langjanwell next time...18:40
smile:D18:41
Langjansomebody has to lose so someone else can win, we all have our days18:41
smilewhen's my day?18:41
LangjanWhen you win18:41
smileWhen do I win?18:42
LangjanWhen it's your day18:42
smileSeems like a circular reference to me.18:42
smileA stack overflow will soon follow.18:43
Langjanlmga, and when you've practised enough18:43
smileIn software, a stack overflow occurs if the call stack pointer exceeds the stack bound. The call stack may consist of a limited amount of address space, often determined at the start of the program. The size of the call stack depends on many factors, including the programming language, machine architecture, multi-threading, and amount of available memory.18:43
smile= you run out of memory18:43
Langjanphew! 18:44
Langjanglad I'm not in software18:44
smileI do understand what's being sad, but I hardly ever need that knowledge to do my job18:45
smile* said18:45
LangjanAll I know is I'm running at 4% CPU usage and 38% free memory 18:45
smileThat means you will reach a stackoverflow soon after you fill another 62% of your memory :P18:46
LangjanWhich will hopefully never happen18:46
MaNIyou don't need to exhaust your entire computers memory to have a stack overflow18:48
smileYeah. And if it does, you reach out to me and I'll just say "buy some more memory"18:48
smileMaNI: true, but if you do, it's far more likely18:48
MaNInot really, most programs have a fixed stack size thats measured in mbs18:49
MaNIe.g. on windows with MSVC compiler by default a c++ program will have a stack limit of 1Mb18:49
MaNIif the program exceeds 1Mb on the stack there will be an overflow18:50
smilebut you can increase it before a stack overflow occurs, right?18:50
smilethat's where malloc/alloc/... comes in?18:50
MaNIno it's usually a fixed limit set at compile time18:50
MaNImost large memory allocations are not done on the stack malloc/alloc allocates on the heap not on the stack18:50
smileOkay. I do agree with you18:50
MaNIstack overflow is usually a result of unbounded recursion18:51
smileCorrect. :)18:51
smileThat's the way I make those usually18:52
smileBut I don't make that error often18:52
smileBut sometimes you're trying to do something crazy18:52
Langjansmile, is your calculation correct? Do I not reach stack overflow if I use up 38% more memory? 18:53
smileLangjan: If you want to freeze your computer, you should use all available memory18:54
MaNIulimit -s 8192 - thats the default stack size for a linux program by the way, which is 8x larger than the windows default but still incredibly easy to exhaust18:54
smilenice18:54
LangjanI understand that but not your figure of 62%18:55
smileLangjan: probably my calculation doesn't even make sense :P 18:55
smileMaNI: does that mean a Linux program uses that memory if it doesn't need it?18:55
MaNIit's a maximum so it doesn't have to be available at launch - AFAIK, I'm not sure if in practice it is or isn't though18:56
MaNIquite possibly18:57
nsnzerolinux is designed to prevent memory getting full - its will swapped out ram and then kill userspace apps 18:57
nsnzeroMaNI: isnt the stack just a temp storage for return addresses from loops and subroutines ?19:00
MaNIcall stack, temporary variables etc.19:00
LangjanOK guys you're way above my head, let me leave you to it19:01
Langjantake care and watch out for the pretty girls smile 19:02
smileLangjan: I'm in the process of catching one19:02
smilegood night!19:02
MaNII've only once ever in my programming career found a legitimate reason to mess around with the stack size of a program - as opposed to just fixing a bug like too much recursion, 8Mb is usually more than sufficient for a properly designed program :)19:02
Langjanwell dont say you were not warned19:02
smileMaNI: when was that?19:02
smileLangjan: lol19:02
Langjangood luck my friend19:03
smilethanks19:03
nsnzerotake care Langjan 19:03
Langjango well nsnzero and smile, plse give Kilos  my regards if and when he wakes up19:04
smilesure19:04
LangjanTell him I have not broken anything for a while, maybe its time...lmga!19:05
nsnzeronowdays the stack and other low level memory fiddling isnt necessary with compilers having memmory management builtin 19:05
nsnzeroi was just going to ask you Langjan - : "whats need fixing ?"19:05
MaNIFor a FSN parser I wrote for a specific project using boost::xpressive - because xpressive uses templates and is quite complex, and the parser rules themselves were very complex, and recursed quite a bit, it was easily exhausting stack space. Because it was special purpose code it was better to increase the stack size than to rewrite the code and/or slow it down by reducing stack allocation.19:05
LangjanOnly Kilos's kde nsnzero! 19:06
smileMaNI: well done :)19:06
nsnzeroc++ mani -> its so complex 19:06
Kilosim here19:07
Kilosai!19:07
nsnzeroevening Kilos - you just missed lanjan19:08
smileKilos: you have the greetings from Langjan :P19:08
Kilosyes i see so19:08
Kilosill mail him ty nsnzero 19:09
smileHe warned me about pretty girls, is he right?19:09
Kiloslol19:09
nsnzerohow you doing Kilos ?19:11
nsnzeroi just learnt the benefits of using ssh-agent together with ssh-add - no need to type pass phrases over and over again19:15
nsnzerogood night all 19:38
smileGood night :-) 21:05

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!