Explore more articles in the Let's Program Electronics series

And we have another vulnerability in program X that could allow attacker Y to run malicious code Z. This is how every news article from the world of computer security and from vulnerability, malicious code and his startup they have, in fact, become meaningless words for many.

To give these words real shape and content, let’s try it all today. But don’t worry, a doctorate from MIT won’t be needed, your grandmother can handle this practically insight into computer (in) security with a little diligence.

We bypass the password overflow bypass the password

In today’s sequel to our series on electronics programming, we will not flash any small chip, but create an application for control fictitious nuclear power plants in Havlíčková Brod with a primitive registration form for its director, engineer Papoušek.

Take a look at our attack in practice. For a detailed step-by-step explanation, see the article for subscribers below:

Well, and then – without knowing Parrot’s password – we get to the control panel as well. We are demonstrating on it textbook attack from the buffer / stack overflow family. As always, the complete and annotated source code of the program will be missing. So, enough theoretical sauces and cheers to Havlíčkův Brod.

Havlickuv Brod Nuclear Power Plant

A power plant with a pair of VVER 440 Milada-I3A and Zuzana-I3B reactors has been standing near the confluence of the Šlapanka and Sázava rivers since 1986. An adjacent water tank with a fairly apt name Kafíčko is then used to produce steam in the generators.

Click for larger image
Havlíčkův Brod Nuclear Power Plant with Kafíčko Reservoir on Mapy.cz

JEHB (Havlíčkův Brod Nuclear Power Plant) underwent extensive modernization in the 1990s and was the first in the then young Czech Republic to receive a new computer system, the author of which was the State Institute of Digital, sp

It includes a text and multiplatform terminal for remote access via the Internet written in C. And we will play with him today, because the program was born almost 30 years ago, and its naive security corresponds to that.

Click for larger image
Text terminal for the access of Director Papoušek

Text terminal for the director Parrot

The terminal will ask you for a password when it starts up, and if it does, Engineer Parrot will be able to perform a bunch of operations. He could, for example, overload the Zuzana-I3B secondary reactor from the heat of his bed and turn the picturesque Vysočina into a radioactive wasteland for hundreds of years.

Click for larger image
Successful login to the secure terminal of the power plant

The continuation of the article belongs to the premium content

Get unlimited access and Live without ads for 41 CZK monthly

Leave a Reply