dc414 Halloween Party!

Its time for Steph, Alex, and dc414’s annual Halloween party! 🙂 As usual, costumes are recommended but not required. Trick or treat runs 6-8pm – Watch for kids if you come during that time.

We will have chili and other food (and I promise, more dairy free options this time around!). Feel free to bring drinks or a dish to share.

Contact Anarchy Angel for directions – anarchy at dc414 dot org

halloweenjackolantern

Format string $20 challenge

At the last meeting I showed everyone how to use a format string vulnerability in a password storage app to bypass the master password and pull data out of memory. That is just one way to exploit this type of vulnerability so I challanged everyone at the meeting to get the app I used “code below” to execute their supplied input. The first person to let me know they got it and do a demo get $20! So it pays to be a little early.

#include < stdio.h >
#include < string.h >

int main (int argc, char *argv[])
{
char** spw = "dc414 pwnz";
char text[1025];
strcpy(text, argv[1]);
if (strcmp(text, "asd123")==0) {
printf("Correct the password is %s \n",spw);
return 0;
}
printf(text);
printf(" is wrong\n");
return 0;
}