Environment variables - System Security

x3n0n

Everyone knows environment variables (PATH, USER, LOGNAME, etc...)
Well you can overwrite these variables (export <VAR>="<new content>") and that can be quite handy with buffer overflows.
But what I find hard is after I run a program (say I did a buffer overflow) and I want to find the environment variable USER and it's content in the stack.

I had some piece of code that supposed to get me the address (in hex):

char *address = (char *)getenv(\"USER\");
printf(\"Address&#58; %x\n\", &address);

but when I look at the returned address, its all 'random' shit I don't need.

So does anybody know how I can find the address of the env variable?

Thx up front ;)

x3n0n

nvm, figured it out ;)

Sh3llc0d3

Guessing this was for STS :p

CrashOverron

if you figured it out why dont you post the answer in case someone else has a similar problem?

Null Set

Seems like it's from STS actually. :P

x3n0n

Yeah, it's STS :p But I was passing on the environment variables the wrong way. Once you pass them on correctly (with execve()) they are quite easy to find ;)

Null Set

said:

if you figured it out why dont you post the answer in case someone else has a similar problem?

People would be able to just look at this for the answer and no longer think for themselves. :P

x3n0n

said:

said:

if you figured it out why dont you post the answer in case someone else has a similar problem?

People would be able to just look at this for the answer and no longer think for themselves. :P

I <3 my brainZzz :p

Howdy, Stranger!

Top Posters

Who's Online (1)