-
Notifications
You must be signed in to change notification settings - Fork 0
/
uaf.c
67 lines (62 loc) · 1.42 KB
/
uaf.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
// Inspired by https://exploit.education/phoenix/heap-two/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
typedef struct login {
char name[24];
int is_admin;
} login_t;
login_t* user = NULL;
char* service = NULL;
void help() {
printf("\n[1] Register\n");
printf("[2] Deactivate account\n");
printf("[3] Create service\n");
printf("[0] Admin area\n");
}
int main() {
char choice[3];
while(1) {
help();
printf("Enter your choice: ");
fgets(choice, 3, stdin);
switch(choice[0]) {
case '1': {
user = malloc(sizeof(login_t));
printf("Username: ");
fgets(user->name, 20, stdin);
user->name[strcspn(user->name, "\n")] = 0;
user->is_admin = 0;
printf("Welcome, %s\n", user->name);
break;
}
case '2': {
free(user);
printf("See you again!\n");
break;
}
case '3': {
printf("Service name: ");
service = malloc(0x24);
fgets(service, 0x24, stdin);
service[strcspn(service, "\n")] = 0;
printf("That's a cool name!\n");
break;
}
case '0': {
if (user && user->is_admin == 0xdeadbeef) {
printf("You are admin!\n");
return EXIT_SUCCESS;
}
else {
printf("Who are you?\n");
}
break;
}
default: {
printf("Unknown command\n");
}
}
}
return EXIT_SUCCESS;
}