How to bypass Visual C++ security cookies

[s0suk3]

Does anybody know how to bypass Visual C++ security cookies (generated by the /GS switch) in order to exploit a buffer overrun vulnerability in a program compiled with Visual C++?

 

[Ian Collins]

On 09/18/12 02:23 PM, (e-mail address removed) wrote:

Please wrap lines to a sensible length.

Does anybody know how to bypass Visual C++ security cookies (generated by the /GS switch) in order to exploit a buffer overrun vulnerability in a program compiled with Visual C++?

Probably. Now what was your C++ question?

 

[1 2]

On 09/18/12 02:23 PM, (e-mail address removed) wrote:

Please wrap lines to a sensible length.

I'll try the old Google Groups.

Probably.  Now what was your C++ question?

I know that this group doesn't deal with specific environments but
I've asked in other forums and haven't gotten answers.

Cross-posted to comp.lang.c in case someone there knows the answer.

 

[James Kuyper]

I'll try the old Google Groups.


I know that this group doesn't deal with specific environments but
I've asked in other forums and haven't gotten answers.

It not just the environmental specificity of your question. It's also
the content. People like yourself don't generally use these forums to
discuss such matters. I'm sure there are other forums where such issues
are discussed, but I've no idea where. If I knew of one that was being
carefully watched by the authorities or unusually heavily infested with
malware, I'd recommend it to you, but I don't - sorry!

 

[1 2]

If I knew of one that was being
carefully watched by the authorities

There's nothing illegal about exploiting vulnerabilities as long as
you don't do it to make any actual crimes.

or unusually heavily infested with
malware, I'd recommend it to you, but I don't - sorry!

Well that'd just make you an asshole, sorry.

 

[Jorgen Grahn]

It not just the environmental specificity of your question. It's also
the content. People like yourself don't generally use these forums to
discuss such matters.

You mean you think he's a cracker? Personally, if I was using Visual
C++ and there /were/ ways to bypass that thing, I'd like to know too,
and I'd like to know how they worked.
Legitimate users need to know about vulnerabilities.

/Jorgen

 

[James Kuyper]

On 09/18/2012 10:19 AM, Jorgen Grahn wrote:
....

You mean you think he's a cracker? Personally, if I was using Visual
C++ and there /were/ ways to bypass that thing, I'd like to know too,
and I'd like to know how they worked.
Legitimate users need to know about vulnerabilities.

His response to my message says that he considers it perfectly
acceptable to exploit such a vulnerability - that is not the attitude of
someone looking for information to help defend against such exploits.

 

[red floyd]

I'll try the old Google Groups.


I know that this group doesn't deal with specific environments but
I've asked in other forums and haven't gotten answers.

I wanted some meat, but the butcher shop was closed, so I figured
I'd get my meat at the greengrocers.

 

[Jorgen Grahn]

On 09/18/2012 10:19 AM, Jorgen Grahn wrote:
...

His response to my message

That would be his "There's nothing illegal about exploiting
vulnerabilities as long as you don't do it to make any actual crimes".

says that he considers it perfectly
acceptable to exploit such a vulnerability - that is not the attitude of
someone looking for information to help defend against such exploits.

Why not? To fix such a problem, you must be able to recreate it.
We cannot protect ourselves from attackers if we are ignorant of the
techniques they use.

/Jorgen

 

[James Kuyper]

That would be his "There's nothing illegal about exploiting
vulnerabilities as long as you don't do it to make any actual crimes".


Why not? To fix such a problem, you must be able to recreate it.
We cannot protect ourselves from attackers if we are ignorant of the
techniques they use.

I'd have expected substantially different wording from someone with the
motives you're suggesting. I'd have expected such a person to mention
his legitimate motives, to counter suspicions that they might be
illegitimate.

To be fair, I'd expect exactly the same kind of disclaimer from any
sufficiently intelligent cracker, in order to masquerade as someone with
a legitimate motive (unless he knew that he was in a cracker forum). The
wording actually used suggests, to me, a cracker wannabe with
insufficient intelligence to recognize the desirability of acquiring
such camouflage. If you're right, then he's a good guy with insufficient
intelligence to recognize the need for such disclaimers.

 

[1 2]

I'd have expected substantially different wording from someone with the
motives you're suggesting. I'd have expected such a person to mention
his legitimate motives, to counter suspicions that they might be
illegitimate.

To be fair, I'd expect exactly the same kind of disclaimer from any
sufficiently intelligent cracker, in order to masquerade as someone with
a legitimate motive (unless he knew that he was in a cracker forum). The
wording actually used suggests, to me, a cracker wannabe with
insufficient intelligence to recognize the desirability of acquiring
such camouflage. If you're right, then he's a good guy with insufficient
intelligence to recognize the need for such disclaimers.

That would be deception, which I don't do. The fact that you don't
have any pride or self-respect doesn't mean everyone else is like you.

 

[Jorgen Grahn]

I'd have expected substantially different wording from someone with the
motives you're suggesting.

Yeah, well, I didn't care so much about his motives. Whatever they
are, what he would have learned from an answer, the rest of us would
have learned too. (And the *real* crackers already know, of course.)

But let's agree to disagree. There's that whole debate about how open
you should be with disclosing vulnerabilities, and it won't be settled
here.

/Jorgen

 

[Nick Keighley]

That would be deception, which I don't do.

so you *are* doing this illegitimate reasons?

The fact that you don't
have any pride or self-respect doesn't mean everyone else is like you.

but we don't try and hack things

 

[Ben Bacarisse]

That would be deception, which I don't do. The fact that you don't
have any pride or self-respect doesn't mean everyone else is like you.

Your parents, the 2s, must have had a cruel streak to name you 1. Or
maybe you do just a little deception? As for pride and self-respect I
have enough of each to stand by what I write here using my real name.

 

[Valentin Bernard]

Le jeudi 20 septembre 2012 12:51:23 UTC+2, Ben Bacarisse a écrit :

Your parents, the 2s, must have had a cruel streak to name you 1. Or

maybe you do just a little deception? As for pride and self-respect I

have enough of each to stand by what I write here using my real name.

Really, I can't see the problem here. We're in a C++ group; if someone asksa C++ question, we just answer him as well as we can, and whatever is he going to do with our help is not our concern. Who knows, maybe the guy who asked an innocent question yesterday was an engineer working on the next Iranian bomb? And maybe the one we're dealing with here is a Chinese dissidenttrying to bypass some censorship thing? We don't know, and we're not thereto judge.

Also I don't know what OP's motives are, but I certainly know I would have been interested by the answer.

That said, I agree that this group is not the right one to ask this, but that's another problem.

 

[Stuart]

Really, I can't see the problem here. We're in a C++ group;
if someone asks a C++ question, we just answer him as well
as we can, and whatever is he going to do with our help
is not our concern. Who knows, maybe the guy who asked an
innocent question yesterday was an engineer working on
the next Iranian bomb?

Some may consider this an easy way out (or the Feynman attitude). Many
German scientists who took part in constructing the atomic bomb had a
similar attitude, and after some 100's of thousands of Japanese people
had to give their lives for an "extended unit test", they suddenly
changed their minds. General Grove, military supervisor of the
construction team, called them "fools that lay Golden eggs".

Just something to think about, no criticism. I would only ever give such
information to people I really know well (for example, someone who wants
to know whether a security mechanism must be improved because it has a
weak spot), certainly not to someone I met in a newsgroup.

Regards,
Stuart

 

[Valentin Bernard]

Le jeudi 20 septembre 2012 15:16:18 UTC+2, Stuart a écrit :

Some may consider this an easy way out (or the Feynman attitude). Many
German scientists who took part in constructing the atomic bomb had a
similar attitude, and after some 100's of thousands of Japanese people
had to give their lives for an "extended unit test", they suddenly
changed their minds. General Grove, military supervisor of the
construction team, called them "fools that lay Golden eggs".

Just something to think about, no criticism. I would only ever give such
information to people I really know well (for example, someone who wants
to know whether a security mechanism must be improved because it has a
weak spot), certainly not to someone I met in a newsgroup.

Regards,
Stuart

This is a good point, but I think I wasn't clear. Of course, I would never help someone that is constructing an atomic bomb, if I knew he was. What I meant is that we almost never know who we're really talking to on a newsgroup. When someone comes up with a simple, innocent question, nothing tells up that he's not actually up to something bad. Here we have a user who's asking how to circumvent a compiler security. He's not asking how to infect someone with a trojan, or how to infiltrate the DoD. So it is my opinion thatwe shouldn't try to work out his motives. But well, as Jorgen said, it comes down to how open we should be with disclosing vulnerabilities - and I simply think we should be as much as possible.

Regards,

Valentin.

 

[Valentin Bernard]

Le jeudi 20 septembre 2012 15:16:18 UTC+2, Stuart a écrit :

Some may consider this an easy way out (or the Feynman attitude). Many
German scientists who took part in constructing the atomic bomb had a
similar attitude, and after some 100's of thousands of Japanese people
had to give their lives for an "extended unit test", they suddenly
changed their minds. General Grove, military supervisor of the
construction team, called them "fools that lay Golden eggs".

Just something to think about, no criticism. I would only ever give such
information to people I really know well (for example, someone who wants
to know whether a security mechanism must be improved because it has a
weak spot), certainly not to someone I met in a newsgroup.

Regards,
Stuart

This is a good point, but I think I wasn't clear. Of course, I would never help
someone that is constructing an atomic bomb, if I knew he was. What I meantis
that we almost never know who we're really talking to on a newsgroup. When
someone comes up with a simple, innocent question, nothing tells up that he's
not actually up to something bad. Here we have a user who's asking how to
circumvent a compiler security. He's not asking how to infect someone with a
trojan, or how to infiltrate the DoD. So it is my opinion that we shouldn'ttry
to work out his motives. But well, as Jorgen said, it comes down to how open we
should be with disclosing vulnerabilities - and I simply think we should beas
much as possible.

Regards,

Valentin.

(Reposting with better column width and deleting the previous message.)

 

[BruceS]

Your parents, the 2s, must have had a cruel streak to name you 1. Or
maybe you do just a little deception? As for pride and self-respect I
have enough of each to stand by what I write here using my real name.

This is getting a bit OT (though not as much as the personal attacks),
but I'd like to point out that even some of us with plenty of pride and
self respect avoid using our full real names on Usenet. Call it
cowardice if you like, but for me it's to avoid having some loon track me
down in real life. I would say "1 2"s online behavior is far more
telling than his nym. As for Mr. Kuyper, I doubt he needs any defense
from such attacks, tempting as it is.

 

[James Kuyper]

I've frequently been accused of having an unjustified amount of pride in
my abilities; but this is the first time that I can remember being
accused of being lacking in pride. As far as self-respect is concerned:
there are things about myself that I don't like, but none that were
exposed by anything I've written in this thread. I've no idea what he
was on about. I've even asked him about that by e-mail, with no response.

This is getting a bit OT (though not as much as the personal attacks),
but I'd like to point out that even some of us with plenty of pride and
self respect avoid using our full real names on Usenet. Call it
cowardice if you like, but for me it's to avoid having some loon track me
down in real life. ...

I can understand that, but I don't like letting those loons control my
life. I've always used not only a valid e-mail address but also my real
name when posting to usenet.

That's not quite true - I once used an anonymous re-mailer when asking
for advice about a problem involving some friends of mine. But that was
done to protect my friends, not me. A significant fraction of the people
who knew both them and me did use the internet, and could have figured
out who I was talking about if they had known that it was me who was
asking for advice. It's a bit ironic - more than a decade later, issues
related to the problem I was asking about got a LOT worse. Details far
worse than any I'd risked revealing became part of official court
records and ended up in local newspapers.