有什么方法可以绕过这里的密码检查吗?
[英]Any way to bypass the password check here?
问题描述
static int checkPassword(char* user_pw) {
char dummy[128];
int accept = 0;
char pw[8];
char len;
char* correct_pw = "xf35+";
memset(pw, 0, sizeof(pw));
memset(dummy, 0, sizeof(dummy));
len = strlen(user_pw);
if (len < 8) {
strcpy(pw, user_pw);
}
if (strcmp(pw, correct_pw) == 0) {
accept = 1;
}
return accept;
}
int main(int argc, char* argv[]) {
// Where argv[3] should be password
// ...
if (strlen(argv[3]) > 128) {
fprintf(stderr, "Password is too long!\n");
return 1;
}
if (checkPassword(argv[3]) == 0) {
fprintf(stderr, "Password is incorrect!\n");
return 1;
}
// ...
}
The passwrod here is hard-coded but is there any way to bypass the password check?
这里的密码是硬编码的,但是有什么方法可以绕过密码检查吗? I noticed that "len" is declared as a char but still don't know exactly how to solve this我注意到“len”被声明为一个字符,但仍然不知道如何解决这个问题
0 个解决方案
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
这是逻辑错误吗? - Is here any logical error?
有什么方法可以检查C中的字符串中是否存在任何或所有字符? - Is there any way to check if any or all characters are present in a string in C?
有没有办法检查给定的 pid 是否与 kernel 空间中的任何进程匹配? - Is there a way to check whether a given pid matches any process in kernel space?
有什么方法可以检查向ObRegisterCallbacks注册的回调是否仍然有效? - Is any way to check if callbacks registered with ObRegisterCallbacks are still valid?
C-有什么方法可以使用位检查来检查数字是否等于1? - C - Is there any way to check if a number is equal to 1 using bit checks?
有什么方法可以检查功能是否已声明? - Is there any way to check whether a function has been declared?
如何在 macOS 上查看密码? - How to check password on macOS?
是否有任何 gcc 编译器选项或类似的东西来绕过 get function 的过时? - Is there any gcc compiler option or something similar to bypass the obsolesence of the gets function?
有什么建议可以改进和绕过这个主要查找器功能的超时错误测试吗? - any suggestions to improve and bypass timeout error test with this prime finder function?
这里的代码片段中是否存在语法错误? - Are there any syntax errors in the code snippet here?
相关标签