How to bypass Visual C++ security cookies

Discussion in 'C++' started by s0suk3@gmail.com, Sep 18, 2012.

  1. Guest

    Does anybody know how to bypass Visual C++ security cookies (generated by the /GS switch) in order to exploit a buffer overrun vulnerability in a program compiled with Visual C++?
     
    , Sep 18, 2012
    #1
    1. Advertising

  2. Ian Collins Guest

    On 09/18/12 02:23 PM, wrote:

    Please wrap lines to a sensible length.

    > Does anybody know how to bypass Visual C++ security cookies (generated by the /GS switch) in order to exploit a buffer overrun vulnerability in a program compiled with Visual C++?


    Probably. Now what was your C++ question?

    --
    Ian Collins
     
    Ian Collins, Sep 18, 2012
    #2
    1. Advertising

  3. 1 2 Guest

    On Sep 17, 11:05 pm, Ian Collins <> wrote:
    > On 09/18/12 02:23 PM, wrote:
    >
    > Please wrap lines to a sensible length.


    I'll try the old Google Groups.

    > > Does anybody know how to bypass Visual C++ security cookies (generated by the /GS switch) in order to exploit a buffer overrun vulnerability in a program compiled with Visual C++?

    >
    > Probably.  Now what was your C++ question?


    I know that this group doesn't deal with specific environments but
    I've asked in other forums and haven't gotten answers.

    Cross-posted to comp.lang.c in case someone there knows the answer.
     
    1 2, Sep 18, 2012
    #3
  4. James Kuyper Guest

    On 09/18/2012 01:36 AM, 1 2 wrote:
    > On Sep 17, 11:05�pm, Ian Collins <> wrote:
    >> On 09/18/12 02:23 PM, wrote:
    >>
    >> Please wrap lines to a sensible length.

    >
    > I'll try the old Google Groups.
    >
    >>> Does anybody know how to bypass Visual C++ security cookies (generated by the /GS switch) in order to exploit a buffer overrun vulnerability in a program compiled with Visual C++?

    >>
    >> Probably. �Now what was your C++ question?

    >
    > I know that this group doesn't deal with specific environments but
    > I've asked in other forums and haven't gotten answers.


    It not just the environmental specificity of your question. It's also
    the content. People like yourself don't generally use these forums to
    discuss such matters. I'm sure there are other forums where such issues
    are discussed, but I've no idea where. If I knew of one that was being
    carefully watched by the authorities or unusually heavily infested with
    malware, I'd recommend it to you, but I don't - sorry!
    --
    James Kuyper
     
    James Kuyper, Sep 18, 2012
    #4
  5. 1 2 Guest

    On Sep 18, 6:22 am, James Kuyper <> wrote:
    > If I knew of one that was being
    > carefully watched by the authorities


    There's nothing illegal about exploiting vulnerabilities as long as
    you don't do it to make any actual crimes.

    > or unusually heavily infested with
    > malware, I'd recommend it to you, but I don't - sorry!


    Well that'd just make you an asshole, sorry.
     
    1 2, Sep 18, 2012
    #5
  6. Jorgen Grahn Guest

    On Tue, 2012-09-18, James Kuyper wrote:
    > On 09/18/2012 01:36 AM, 1 2 wrote:
    >> On Sep 17, 11:05???pm, Ian Collins <> wrote:
    >>> On 09/18/12 02:23 PM, wrote:


    >>>> Does anybody know how to bypass Visual C++ security cookies
    >>>> (generated by the /GS switch) in order to exploit a buffer overrun
    >>>> vulnerability in a program compiled with Visual C++?
    >>>
    >>> Probably. ???Now what was your C++ question?

    >>
    >> I know that this group doesn't deal with specific environments but
    >> I've asked in other forums and haven't gotten answers.

    >
    > It not just the environmental specificity of your question. It's also
    > the content. People like yourself don't generally use these forums to
    > discuss such matters.


    You mean you think he's a cracker? Personally, if I was using Visual
    C++ and there /were/ ways to bypass that thing, I'd like to know too,
    and I'd like to know how they worked.
    Legitimate users need to know about vulnerabilities.

    /Jorgen

    --
    // Jorgen Grahn <grahn@ Oo o. . .
    \X/ snipabacken.se> O o .
     
    Jorgen Grahn, Sep 18, 2012
    #6
  7. James Kuyper Guest

    On 09/18/2012 10:19 AM, Jorgen Grahn wrote:
    ....
    > You mean you think he's a cracker? Personally, if I was using Visual
    > C++ and there /were/ ways to bypass that thing, I'd like to know too,
    > and I'd like to know how they worked.
    > Legitimate users need to know about vulnerabilities.


    His response to my message says that he considers it perfectly
    acceptable to exploit such a vulnerability - that is not the attitude of
    someone looking for information to help defend against such exploits.
     
    James Kuyper, Sep 18, 2012
    #7
  8. red floyd Guest

    On 9/17/2012 10:36 PM, 1 2 wrote:
    > On Sep 17, 11:05 pm, Ian Collins <> wrote:
    >> On 09/18/12 02:23 PM, wrote:
    >>
    >> Please wrap lines to a sensible length.

    >
    > I'll try the old Google Groups.
    >
    >>> Does anybody know how to bypass Visual C++ security cookies (generated by the /GS switch) in order to exploit a buffer overrun vulnerability in a program compiled with Visual C++?

    >>
    >> Probably. Now what was your C++ question?

    >
    > I know that this group doesn't deal with specific environments but
    > I've asked in other forums and haven't gotten answers.
    >


    I wanted some meat, but the butcher shop was closed, so I figured
    I'd get my meat at the greengrocers.
     
    red floyd, Sep 18, 2012
    #8
  9. Jorgen Grahn Guest

    On Tue, 2012-09-18, James Kuyper wrote:
    > On 09/18/2012 10:19 AM, Jorgen Grahn wrote:
    > ...
    >> You mean you think he's a cracker? Personally, if I was using Visual
    >> C++ and there /were/ ways to bypass that thing, I'd like to know too,
    >> and I'd like to know how they worked.
    >> Legitimate users need to know about vulnerabilities.

    >
    > His response to my message


    That would be his "There's nothing illegal about exploiting
    vulnerabilities as long as you don't do it to make any actual crimes".

    > says that he considers it perfectly
    > acceptable to exploit such a vulnerability - that is not the attitude of
    > someone looking for information to help defend against such exploits.


    Why not? To fix such a problem, you must be able to recreate it.
    We cannot protect ourselves from attackers if we are ignorant of the
    techniques they use.

    /Jorgen

    --
    // Jorgen Grahn <grahn@ Oo o. . .
    \X/ snipabacken.se> O o .
     
    Jorgen Grahn, Sep 18, 2012
    #9
  10. James Kuyper Guest

    On 09/18/2012 05:23 PM, Jorgen Grahn wrote:
    > On Tue, 2012-09-18, James Kuyper wrote:
    >> On 09/18/2012 10:19 AM, Jorgen Grahn wrote:
    >> ...
    >>> You mean you think he's a cracker? Personally, if I was using Visual
    >>> C++ and there /were/ ways to bypass that thing, I'd like to know too,
    >>> and I'd like to know how they worked.
    >>> Legitimate users need to know about vulnerabilities.

    >>
    >> His response to my message

    >
    > That would be his "There's nothing illegal about exploiting
    > vulnerabilities as long as you don't do it to make any actual crimes".
    >
    >> says that he considers it perfectly
    >> acceptable to exploit such a vulnerability - that is not the attitude of
    >> someone looking for information to help defend against such exploits.

    >
    > Why not? To fix such a problem, you must be able to recreate it.
    > We cannot protect ourselves from attackers if we are ignorant of the
    > techniques they use.


    I'd have expected substantially different wording from someone with the
    motives you're suggesting. I'd have expected such a person to mention
    his legitimate motives, to counter suspicions that they might be
    illegitimate.

    To be fair, I'd expect exactly the same kind of disclaimer from any
    sufficiently intelligent cracker, in order to masquerade as someone with
    a legitimate motive (unless he knew that he was in a cracker forum). The
    wording actually used suggests, to me, a cracker wannabe with
    insufficient intelligence to recognize the desirability of acquiring
    such camouflage. If you're right, then he's a good guy with insufficient
    intelligence to recognize the need for such disclaimers.
     
    James Kuyper, Sep 18, 2012
    #10
  11. 1 2 Guest

    On Sep 18, 4:48 pm, James Kuyper <> wrote:
    > On 09/18/2012 05:23 PM, Jorgen Grahn wrote:
    >
    >
    >
    >
    >
    > > On Tue, 2012-09-18, James Kuyper wrote:
    > >> On 09/18/2012 10:19 AM, Jorgen Grahn wrote:
    > >> ...
    > >>> You mean you think he's a cracker?  Personally, if I was using Visual
    > >>> C++ and there /were/ ways to bypass that thing, I'd like to know too,
    > >>> and I'd like to know how they worked.
    > >>> Legitimate users need to know about vulnerabilities.

    >
    > >> His response to my message

    >
    > > That would be his "There's nothing illegal about exploiting
    > > vulnerabilities as long as you don't do it to make any actual crimes".

    >
    > >> says that he considers it perfectly
    > >> acceptable to exploit such a vulnerability - that is not the attitude of
    > >> someone looking for information to help defend against such exploits.

    >
    > > Why not?  To fix such a problem, you must be able to recreate it.
    > > We cannot protect ourselves from attackers if we are ignorant of the
    > > techniques they use.

    >
    > I'd have expected substantially different wording from someone with the
    > motives you're suggesting. I'd have expected such a person to mention
    > his legitimate motives, to counter suspicions that they might be
    > illegitimate.
    >
    > To be fair, I'd expect exactly the same kind of disclaimer from any
    > sufficiently intelligent cracker, in order to masquerade as someone with
    > a legitimate motive (unless he knew that he was in a cracker forum). The
    > wording actually used suggests, to me, a cracker wannabe with
    > insufficient intelligence to recognize the desirability of acquiring
    > such camouflage. If you're right, then he's a good guy with insufficient
    > intelligence to recognize the need for such disclaimers.


    That would be deception, which I don't do. The fact that you don't
    have any pride or self-respect doesn't mean everyone else is like you.
     
    1 2, Sep 19, 2012
    #11
  12. Jorgen Grahn Guest

    On Tue, 2012-09-18, James Kuyper wrote:
    > On 09/18/2012 05:23 PM, Jorgen Grahn wrote:
    >> On Tue, 2012-09-18, James Kuyper wrote:
    >>> On 09/18/2012 10:19 AM, Jorgen Grahn wrote:
    >>> ...
    >>>> You mean you think he's a cracker? Personally, if I was using Visual
    >>>> C++ and there /were/ ways to bypass that thing, I'd like to know too,
    >>>> and I'd like to know how they worked.
    >>>> Legitimate users need to know about vulnerabilities.
    >>>
    >>> His response to my message

    >>
    >> That would be his "There's nothing illegal about exploiting
    >> vulnerabilities as long as you don't do it to make any actual crimes".
    >>
    >>> says that he considers it perfectly
    >>> acceptable to exploit such a vulnerability - that is not the attitude of
    >>> someone looking for information to help defend against such exploits.

    >>
    >> Why not? To fix such a problem, you must be able to recreate it.
    >> We cannot protect ourselves from attackers if we are ignorant of the
    >> techniques they use.

    >
    > I'd have expected substantially different wording from someone with the
    > motives you're suggesting.


    Yeah, well, I didn't care so much about his motives. Whatever they
    are, what he would have learned from an answer, the rest of us would
    have learned too. (And the *real* crackers already know, of course.)

    But let's agree to disagree. There's that whole debate about how open
    you should be with disclosing vulnerabilities, and it won't be settled
    here.

    /Jorgen

    --
    // Jorgen Grahn <grahn@ Oo o. . .
    \X/ snipabacken.se> O o .
     
    Jorgen Grahn, Sep 19, 2012
    #12
  13. On Sep 19, 2:22 am, 1 2 <> wrote:
    > On Sep 18, 4:48 pm, James Kuyper <> wrote:
    >
    >
    >
    >
    >
    > > On 09/18/2012 05:23 PM, Jorgen Grahn wrote:

    >
    > > > On Tue, 2012-09-18, James Kuyper wrote:
    > > >> On 09/18/2012 10:19 AM, Jorgen Grahn wrote:
    > > >> ...
    > > >>> You mean you think he's a cracker?  Personally, if I was using Visual
    > > >>> C++ and there /were/ ways to bypass that thing, I'd like to know too,
    > > >>> and I'd like to know how they worked.
    > > >>> Legitimate users need to know about vulnerabilities.

    >
    > > >> His response to my message

    >
    > > > That would be his "There's nothing illegal about exploiting
    > > > vulnerabilities as long as you don't do it to make any actual crimes"..

    >
    > > >> says that he considers it perfectly
    > > >> acceptable to exploit such a vulnerability - that is not the attitude of
    > > >> someone looking for information to help defend against such exploits..

    >
    > > > Why not?  To fix such a problem, you must be able to recreate it.
    > > > We cannot protect ourselves from attackers if we are ignorant of the
    > > > techniques they use.

    >
    > > I'd have expected substantially different wording from someone with the
    > > motives you're suggesting. I'd have expected such a person to mention
    > > his legitimate motives, to counter suspicions that they might be
    > > illegitimate.

    >
    > > To be fair, I'd expect exactly the same kind of disclaimer from any
    > > sufficiently intelligent cracker, in order to masquerade as someone with
    > > a legitimate motive (unless he knew that he was in a cracker forum). The
    > > wording actually used suggests, to me, a cracker wannabe with
    > > insufficient intelligence to recognize the desirability of acquiring
    > > such camouflage. If you're right, then he's a good guy with insufficient
    > > intelligence to recognize the need for such disclaimers.

    >
    > That would be deception, which I don't do.


    so you *are* doing this illegitimate reasons?

    > The fact that you don't
    > have any pride or self-respect doesn't mean everyone else is like you.


    but we don't try and hack things
     
    Nick Keighley, Sep 20, 2012
    #13
  14. 1 2 <> writes:
    <snip>
    > That would be deception, which I don't do. The fact that you don't
    > have any pride or self-respect doesn't mean everyone else is like you.


    Your parents, the 2s, must have had a cruel streak to name you 1. Or
    maybe you do just a little deception? As for pride and self-respect I
    have enough of each to stand by what I write here using my real name.

    --
    Ben.
     
    Ben Bacarisse, Sep 20, 2012
    #14
  15. Le jeudi 20 septembre 2012 12:51:23 UTC+2, Ben Bacarisse a écrit :
    > 1 2 <> writes:
    >
    > <snip>
    >
    > > That would be deception, which I don't do. The fact that you don't

    >
    > > have any pride or self-respect doesn't mean everyone else is like you.

    >
    >
    >
    > Your parents, the 2s, must have had a cruel streak to name you 1. Or
    >
    > maybe you do just a little deception? As for pride and self-respect I
    >
    > have enough of each to stand by what I write here using my real name.
    >
    >
    >
    > --
    >
    > Ben.


    Really, I can't see the problem here. We're in a C++ group; if someone asksa C++ question, we just answer him as well as we can, and whatever is he going to do with our help is not our concern. Who knows, maybe the guy who asked an innocent question yesterday was an engineer working on the next Iranian bomb? And maybe the one we're dealing with here is a Chinese dissidenttrying to bypass some censorship thing? We don't know, and we're not thereto judge.

    Also I don't know what OP's motives are, but I certainly know I would have been interested by the answer.

    That said, I agree that this group is not the right one to ask this, but that's another problem.

    --
    Valentin.
     
    Valentin Bernard, Sep 20, 2012
    #15
  16. Stuart Guest

    On 9/20/12 Valentin Bernard wrote:
    > Really, I can't see the problem here. We're in a C++ group;
    > if someone asks a C++ question, we just answer him as well
    > as we can, and whatever is he going to do with our help
    > is not our concern. Who knows, maybe the guy who asked an
    > innocent question yesterday was an engineer working on
    > the next Iranian bomb?


    Some may consider this an easy way out (or the Feynman attitude). Many
    German scientists who took part in constructing the atomic bomb had a
    similar attitude, and after some 100's of thousands of Japanese people
    had to give their lives for an "extended unit test", they suddenly
    changed their minds. General Grove, military supervisor of the
    construction team, called them "fools that lay Golden eggs".

    Just something to think about, no criticism. I would only ever give such
    information to people I really know well (for example, someone who wants
    to know whether a security mechanism must be improved because it has a
    weak spot), certainly not to someone I met in a newsgroup.

    Regards,
    Stuart
     
    Stuart, Sep 20, 2012
    #16
  17. Le jeudi 20 septembre 2012 15:16:18 UTC+2, Stuart a écrit :
    > On 9/20/12 Valentin Bernard wrote:
    > > Really, I can't see the problem here. We're in a C++ group;
    > > if someone asks a C++ question, we just answer him as well
    > > as we can, and whatever is he going to do with our help
    > > is not our concern. Who knows, maybe the guy who asked an
    > > innocent question yesterday was an engineer working on
    > > the next Iranian bomb?

    >
    > Some may consider this an easy way out (or the Feynman attitude). Many
    > German scientists who took part in constructing the atomic bomb had a
    > similar attitude, and after some 100's of thousands of Japanese people
    > had to give their lives for an "extended unit test", they suddenly
    > changed their minds. General Grove, military supervisor of the
    > construction team, called them "fools that lay Golden eggs".
    >
    > Just something to think about, no criticism. I would only ever give such
    > information to people I really know well (for example, someone who wants
    > to know whether a security mechanism must be improved because it has a
    > weak spot), certainly not to someone I met in a newsgroup.
    >
    > Regards,
    > Stuart


    This is a good point, but I think I wasn't clear. Of course, I would never help someone that is constructing an atomic bomb, if I knew he was. What I meant is that we almost never know who we're really talking to on a newsgroup. When someone comes up with a simple, innocent question, nothing tells up that he's not actually up to something bad. Here we have a user who's asking how to circumvent a compiler security. He's not asking how to infect someone with a trojan, or how to infiltrate the DoD. So it is my opinion thatwe shouldn't try to work out his motives. But well, as Jorgen said, it comes down to how open we should be with disclosing vulnerabilities - and I simply think we should be as much as possible.

    Regards,

    Valentin.
     
    Valentin Bernard, Sep 20, 2012
    #17
  18. Le jeudi 20 septembre 2012 15:16:18 UTC+2, Stuart a écrit :
    > On 9/20/12 Valentin Bernard wrote:
    > > Really, I can't see the problem here. We're in a C++ group;
    > > if someone asks a C++ question, we just answer him as well
    > > as we can, and whatever is he going to do with our help
    > > is not our concern. Who knows, maybe the guy who asked an
    > > innocent question yesterday was an engineer working on
    > > the next Iranian bomb?

    >
    > Some may consider this an easy way out (or the Feynman attitude). Many
    > German scientists who took part in constructing the atomic bomb had a
    > similar attitude, and after some 100's of thousands of Japanese people
    > had to give their lives for an "extended unit test", they suddenly
    > changed their minds. General Grove, military supervisor of the
    > construction team, called them "fools that lay Golden eggs".
    >
    > Just something to think about, no criticism. I would only ever give such
    > information to people I really know well (for example, someone who wants
    > to know whether a security mechanism must be improved because it has a
    > weak spot), certainly not to someone I met in a newsgroup.
    >
    > Regards,
    > Stuart


    This is a good point, but I think I wasn't clear. Of course, I would never help
    someone that is constructing an atomic bomb, if I knew he was. What I meantis
    that we almost never know who we're really talking to on a newsgroup. When
    someone comes up with a simple, innocent question, nothing tells up that he's
    not actually up to something bad. Here we have a user who's asking how to
    circumvent a compiler security. He's not asking how to infect someone with a
    trojan, or how to infiltrate the DoD. So it is my opinion that we shouldn'ttry
    to work out his motives. But well, as Jorgen said, it comes down to how open we
    should be with disclosing vulnerabilities - and I simply think we should beas
    much as possible.

    Regards,

    Valentin.

    (Reposting with better column width and deleting the previous message.)
     
    Valentin Bernard, Sep 20, 2012
    #18
  19. BruceS Guest

    On Thu, 20 Sep 2012 11:51:19 +0100, Ben Bacarisse wrote:

    > 1 2 <> writes:
    > <snip>
    >> That would be deception, which I don't do. The fact that you don't have
    >> any pride or self-respect doesn't mean everyone else is like you.

    >
    > Your parents, the 2s, must have had a cruel streak to name you 1. Or
    > maybe you do just a little deception? As for pride and self-respect I
    > have enough of each to stand by what I write here using my real name.


    This is getting a bit OT (though not as much as the personal attacks),
    but I'd like to point out that even some of us with plenty of pride and
    self respect avoid using our full real names on Usenet. Call it
    cowardice if you like, but for me it's to avoid having some loon track me
    down in real life. I would say "1 2"s online behavior is far more
    telling than his nym. As for Mr. Kuyper, I doubt he needs any defense
    from such attacks, tempting as it is.
     
    BruceS, Sep 20, 2012
    #19
  20. James Kuyper Guest

    On 09/20/2012 10:16 AM, BruceS wrote:
    > On Thu, 20 Sep 2012 11:51:19 +0100, Ben Bacarisse wrote:
    >
    >> 1 2 <> writes:
    >> <snip>
    >>> That would be deception, which I don't do. The fact that you don't have
    >>> any pride or self-respect doesn't mean everyone else is like you.


    I've frequently been accused of having an unjustified amount of pride in
    my abilities; but this is the first time that I can remember being
    accused of being lacking in pride. As far as self-respect is concerned:
    there are things about myself that I don't like, but none that were
    exposed by anything I've written in this thread. I've no idea what he
    was on about. I've even asked him about that by e-mail, with no response.

    >> Your parents, the 2s, must have had a cruel streak to name you 1. Or
    >> maybe you do just a little deception? As for pride and self-respect I
    >> have enough of each to stand by what I write here using my real name.

    >
    > This is getting a bit OT (though not as much as the personal attacks),
    > but I'd like to point out that even some of us with plenty of pride and
    > self respect avoid using our full real names on Usenet. Call it
    > cowardice if you like, but for me it's to avoid having some loon track me
    > down in real life. ...


    I can understand that, but I don't like letting those loons control my
    life. I've always used not only a valid e-mail address but also my real
    name when posting to usenet.

    That's not quite true - I once used an anonymous re-mailer when asking
    for advice about a problem involving some friends of mine. But that was
    done to protect my friends, not me. A significant fraction of the people
    who knew both them and me did use the internet, and could have figured
    out who I was talking about if they had known that it was me who was
    asking for advice. It's a bit ironic - more than a decade later, issues
    related to the problem I was asking about got a LOT worse. Details far
    worse than any I'd risked revealing became part of official court
    records and ended up in local newspapers.

    > ... I would say "1 2"s online behavior is far more
    > telling than his nym. As for Mr. Kuyper, I doubt he needs any defense
    > from such attacks, tempting as it is.

    --
    James Kuyper
     
    James Kuyper, Sep 20, 2012
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    1,372
  2. Andrew Thompson

    WebStart API development - bypass security

    Andrew Thompson, Sep 30, 2006, in forum: Java
    Replies:
    6
    Views:
    817
    Andrew Thompson
    Sep 30, 2006
  3. _Who
    Replies:
    7
    Views:
    2,768
  4. Larry Smith
    Replies:
    8
    Views:
    442
    Larry Smith
    Jan 7, 2009
  5. 1 2
    Replies:
    15
    Views:
    561
    Kenny McCormack
    Sep 20, 2012
Loading...

Share This Page