what is an example of out of bounds read in order to leak sensitive information?

I Am trying to understand a little bit better behind the scenes on bypassing aslr by reading the bytes in the memory of a process, but how can I make an example of an info leak in WIN32? my code does the leaks of bytes , but how can I check the image base based on those bytes?

#include <stdio.h> #include <string.h>  int main(int argc, char **argv) {     char a[16];      strncpy(a, "0123456789abcdef", sizeof(a));      //... lots of code passes, functions are called...     //... we finally come back to array a ...      printf("%s\n", a); } 

How do SRP (and PAKE generally) protect against verifier leak

I have been reading into PAKE protocols, specifically starting with SRP RFC2945

The gist of the requirement on the server is that the server saves triplet (username, verifier (v), salt (s)) in the credentials table.

Where verifier v = g^x % N (the ^ operator is the exponentiation operation) and x = SHA(<salt> | SHA(<username> | ":" | <raw password>))

Now during the authentication dance, the client obtains the salt (s) from the server and computes the same verifier (v) that the server is using. It can compute this value because it collects the username and password from the user themselves.

In the next few steps the client can subtract the component v from the servers challenge B = (v + g^b) % N and arrive at a key derived from S.

Client: S = (B - g^x) ^ (a + u * x) % N

My question is that if someone hacks my database and dumps the credential table with (username, verifier (v), salt (s)) they immediately have access to all verifiers for each username. Then what stops them from using the obtained verifiers to imitate a client and complete the client side authentication steps? So instead of computing the verifier (v) from the real username and password, they can simply use the verifier obtained maliciously from the server to continue the client side computation and arrive at the same key as the server.

i.e. In my reasoning if my server is hacked and credentials leaked the end result is no better than if I were saving plain text passwords.

Disclaimer: I admit I do not understand fully the maths but generally the concept that such crypto protocols rely on the property of exponents that (g^a)^b = (g^b)^a = g^ab

Does a revocation certificate leak information about the private key?

Kleopatra/ GPG can create revocation certificates, which look a lot like public/private keys. Obviously, these keys should not be shared or used unless one intends to revoke their keys. But assume that the revocation certificate were not secure. Would sharing this key with the world leak information about the private key which could be used to crack it? (obviously the denial-of-service/loss of trust would be a larger issue, but that’s not the point of this question)

Does Apple leak iCloud usernames?

I’ve just set up my first iPad, and first Apple device.

To be extra cautious when setting it up, I created a brand new @icloud.com username, to use as the Apple ID.

The username was 10 digits long, and included random alphanumeric characters.

The password was also completely random, and over 12 characters long.

Just one day after setting up the device, I received a message telling me that someone was attempting to sign into a device in another city, with my ID.

I obviously selected “Do not allow”, but I’m very concerned that this has happened at all.

The ID didn’t exist before yesterday, and the only place it has ever been used is on this particular device, and on my secure home network.

How is it possible that someone would be trying to use my ID? I really can’t believe that someone could have guessed such a unique username.

Does Apple publish their iCloud usernames somewhere?

Will using CTR mode with unique IVs, but only one password for encrypting multiple files, leak data or keys?

I’m working on a project to encrypt many files with a single password.

The steps I will employ to encrypt the files are:

  1. user will execute a command similar to tool --encrypt --recurse directories/to/recurse and-other-files.txt
  2. the user will be prompted for a password
  3. two 64 byte crypto random salts and a 16 byte crypto random IV will be generated
  4. no 2 files will ever use the same salts or IV
  5. each individual salt will be combined with the password to create to 2 separate argon2id keys
  6. one key will be 32 bytes long and is used for the AES-256 cipher block
  7. the other will be 64 bytes long and will be used as the key for a sha-512 hmac
  8. the resulting encrypted file will be written as 2ByteVersion:64ByteHMACSalt:64ByteCipherBlockSalt:16ByteIV:EncryptedData:64ByteHMACSignature

I believe this would result in a reasonably secure, set of encrypted files. My main concern though, is that because of the way that users will use this tool, there is a good chance that they will accidentally encrypt small, easily guessed files.

And since CTR mode doesn’t require padding, anyone with access to the encrypted file will know the length of the plaintext file. It seems that CTR mode is considered secure for files, provided the IV is unique for each encryption run and the file is authenticated.

Is there a chance that the cipher key, HMAC key, or password could be derived through a known plaintext attack from enough small guessable files? Are there any other glaring flaws in my methodology that could leak data?

Memory Leak al renderizar un largo arreglo de Objetos con VueJS

estoy teniendo serios problemas de memoria al cargar una larga lista de objectos y al momento de renderizarla en mi aplicación VueJS, más precisamente en un V-FOR anidado, queda así:

<div id="contenido" ref="refContenido" class="q-mt-lg" v-show="votantes.length > 0">   <div class="row q-mb-sm" v-for="(item, index) in votantes" :key="index">     <div class="col-12 text-bold bg-teal-3" style="height: 35px; line-height: 35px; border: 1px solid black;">       <p class="q-ml-sm">Provincia: {{ item.provincia }} ({{ CountByProvincias(item.municipios) }})</p>     </div>     <div class="col-12" v-for="(muns, idx1) in item.municipios" :key="idx1">       <div class="row">         <div class="col-12 text-bold" style="height: 35px; line-height: 35px; border: 1px solid black;"><p class="q-ml-sm">Municipio: {{ idx1 }} - ({{ CountElectores(muns) }})</p>         </div>         <div class="col-12">           <div class="row">             <div class="col-12 q-table-dense">               <table class="q-table q-table-horizontal-separator" style="border: 1px solid black">                 <thead>                 <tr class="text-center text-bold bg-primary">                   <th class="text-white">Nombres</th>                   <th class="text-white">Cédula</th>                   <th class="text-white">Teléfono</th>                   <th class="text-white">Recinto</th>                   <th class="text-white">Residencia</th>                 </tr>                 </thead>                 <tbody>                 <tr v-for="(voters, idx2) in muns" :key="idx2">                   <td class="text-center">{{ voters.nombres }}</td>                   <td class="text-center">{{ voters.cedula }}</td>                   <td class="text-center">{{ voters.telefono }}</td>                   <td class="text-center">{{ voters.recinto }}</td>                   <td class="text-center">{{ voters.municipioVive + ', ' + voters.provinciaVive }}</td>                 </tr>                 </tbody>               </table>             </div>           </div>         </div>       </div>     </div>   </div> </div> 

No logro indetificar en el Snapshot de Chrome, estoy seguro es la forma de cargar esa información, si es así por favor indíquenme la mejor manera de mostrar esa info.


Remote Buffer Overflow w/out Memory Leak

I’m working on an exploit development challenge right now in which I’ve been presented with a compiled binary and I have to exploit it on a remote server. No stack protections have been enabled and ASLR is disabled. I’ve written the exploit successfully and tested on my device and it works. However when I run it on the remote server it fails.

There aren’t any memory leaks so I can’t do a ret2libc style attack and I’m not very good at ROP. The buffer overflows by quite a bit and there is an executable stack. What are the other options rather than ROP that I could use to get EIP pointing to my buffer without knowing it’s exact location? Is it possible to use just a couple gadgets to point EIP to some location relative to the current stack? If so, could one potentially help explain the ASM required to do that?

Thank you in advance.

Systemd-Journal possible memory leak

Just posting here for someone to have a quick look. Google results sit in 2 camps “that shouldn’t happen” and “linux uses RAM differently… duh!”

I have a VPS that acts as a VPN gateway. Its been fine since I started it but has recently been showing signs of a memory leak. I honestly couldnt say if it links up with an update install, sorry. As you can see in the screenshot below, for weeks the RAM usage was normal until it suddenly started rising at a constant rate. Restarting the server (the last little bit) brought it down but it looks to be rising again.

Is this normal? Anything i can do?

18.04.2 LTS Latest Updates

RAM Usage in Blue

Cannot find the cause of Memory Leak in C# Winforms Application

I have a program that processes multiple images.The memory spikes from 70MB to 300-400-600Mb and comes down when processing a large number of high resolution images. I have disposed of all Bitmaps,used the using statment wherever possible,but the memory leak cannot be fixed.Can someone please help me out

The coremethod called is this

Boolean batchprocess(Image<Bgr, byte> img, Bitmap bit, Bitmap orgbitmap, string file) {     try     {         pictureBox5.Controls.Clear();         pictureBox5.Invalidate();           if (pixdatas.Length != 0)         {              var pixdata = pixdatas.Last();             Point cpoint = getcenter(pixdata);             // foreach (var pixdata in pixdatas)             //  {             Rectangle newpixdataRect = new Rectangle();             newpixdataRect.Location = pixdata.Location;                //-------->>>>>>>>>>>>>>>>>>>>>>>>> Running Normal Code                   newpixdataRect.Y = (int)(pixdata.Y - pixdata.Height / 1.8);                    Rectangle ResizedRect;                 Rectangle originalrect = newpixdataRect;                 newpixdataRect = ConvertToLargeRect(newpixdataRect, orgbitmap.Size, bit.Size);                 if (cropmode == 3 && ismastercropset)                 {                      Size tsize = new Size((int)(mastercropsize.Width), (int)(mastercropsize.Height));                     ResizedRect = new Rectangle(newpixdataRect.Location, tsize);                       ResizedRect.Location = new Point(newpixdataRect.X + (newpixdataRect.Width - ResizedRect.Width) / 2,                                      newpixdataRect.Y + (newpixdataRect.Height - ResizedRect.Height) / 2);                      if (ResizedRect.X + ResizedRect.Width > orgbitmap.Width)                     {                          int temp = ResizedRect.X + ResizedRect.Width - orgbitmap.Width;                         ResizedRect.Width -= temp;                         if (cropmode == 2)                         {                             ResizedRect.Height -= temp;                         }                     }                       if (ResizedRect.Y + ResizedRect.Height > orgbitmap.Height)                     {                          int temp = ResizedRect.Y + ResizedRect.Height - orgbitmap.Height;                         ResizedRect.Height -= temp;                         if (cropmode == 2)                         {                             ResizedRect.Width -= temp;                         }                     }                       if (ResizedRect.X <= 0)                     {                         ResizedRect.X = 1;                     }                     if (ResizedRect.Y <= 0)                     {                         ResizedRect.Y = 1;                     }                     if (ResizedRect.Height > orgbitmap.Height)                     {                         ResizedRect.Height = orgbitmap.Height;                     }                     if (ResizedRect.Width > orgbitmap.Width)                     {                         ResizedRect.Width = orgbitmap.Width;                     }                     if(target!=null)                     {                         target.Dispose();                     }                     target = new Bitmap(ResizedRect.Width, ResizedRect.Height);                    }                 else                 {                      ResizedRect = new Rectangle(newpixdataRect.Location, newpixdataRect.Size);                     if (target != null)                     {                         target.Dispose();                     }                     target = new Bitmap(ResizedRect.Width, ResizedRect.Height);                 }                   using (Graphics g = Graphics.FromImage(target))                 {                     g.SmoothingMode = SmoothingMode.HighQuality;                     g.DrawImage(orgbitmap, new Rectangle(0, 0, target.Width, target.Height),                                 ResizedRect, GraphicsUnit.Pixel);                     if (this.tflag2 == true)                     {                         StringFormat stringFormat = new StringFormat();                         stringFormat.Alignment = StringAlignment.Center;                         stringFormat.LineAlignment = StringAlignment.Center;                         g.TextRenderingHint = System.Drawing.Text.TextRenderingHint.AntiAlias;                          Font goodFont = FindFont(g, "test", target.Size, cfont);                            g.DrawString("test, goodFont, Brushes.White, new PointF(target.Width / 2, target.Height / 2), stringFormat);                     }                 }                  if (displaybitmap != null)                 {                     displaybitmap.Dispose();                 }                 displaybitmap = img.ToBitmap();                  using (Graphics tempg = Graphics.FromImage(displaybitmap))                 {                      using (var p = new Pen(Color.LightGreen, 2))                     {                         p.DashStyle = System.Drawing.Drawing2D.DashStyle.Dash;                         //Checking if Master Crop is Set and resizing and shifting the rectangle                          if (ismastercropset && cropmode == 3)                         {                             using (Bitmap tmp = new Bitmap(file))                             {                                    float xfactor = (float)tmp.Width / (float)bit.Width;                                 float yfactor = (float)tmp.Height / (float)bit.Height;                                 Size tsize = new Size((int)(mastercropsize.Width / xfactor), (int)(mastercropsize.Height / yfactor));                                 ResizedRect = new Rectangle(originalrect.Location, tsize);                                 ResizedRect.Location = new Point(originalrect.X + (originalrect.Width - ResizedRect.Width) / 2,                                                  originalrect.Y + (originalrect.Height - ResizedRect.Height) / 2);                             }                           }                         else                         {                             //Used to draw rectangle on picturebox if cropmode is not manual                             ResizedRect = originalrect;                          }                         tempg.DrawRectangle(p, ResizedRect);                      }                 }                  pictureBox5.InitialImage = null;                 pictureBox5.Image = new Bitmap(displaybitmap);                 txt_filename.Text = Path.GetFileName(file);                 txt_width.Text = orgbitmap.Width.ToString();                 txt_height.Text = orgbitmap.Height.ToString();                   crop_width.Text = newpixdataRect.Width.ToString();                 crop_height.Text = newpixdataRect.Height.ToString();                      if (resize == true)                 {                     if (hardresize == true)                     {                         target = HardResize(target, rwidth, rheight);                     }                     else                     {                         target = resizeImage(target, new SizeF(rwidth, rheight));                     }                 }                 saveJpeg(outdir + "\" + Path.GetFileNameWithoutExtension(file), target, quality);                 target.Dispose();                 img.Dispose();                 orgbitmap.Dispose();                 bit.Dispose();                 displaybitmap.Dispose();                 System.GC.Collect();                 System.GC.WaitForPendingFinalizers();                 return true;              }         }         else         {             if (target != null)             {                 target.Dispose();             }             bit.Dispose();             orgbitmap.Dispose();             // img.Dispose();             GC.Collect();             return false;         }       }     catch (Exception error)     {         bit.Dispose();         return false;     }  } 

This method is called from a Backgroundworker

    private void aicropper_DoWork(object sender, DoWorkEventArgs e)     {          pictureBox5.Controls.Clear();         successcounter = 0;         errorcounter = 0;          //  ----------------- Initially processing custom crop images         foreach (var v in modifiedimages)         {             mylist.RemoveAll(x => x == v.Filename);         }         foreach(var v in modifiedimages)         {             //Checking if the user pressed the cancel button             if (stopprocess)             {                 break;             }              using (Bitmap b = new Bitmap(v.Filename))             {                   Rectangle xrect = ConvertToLargeRect(v.translatedrect,b.Size,v.imgsize);                 using (Bitmap tempbmp = new Bitmap(cropImage(b, xrect)))                 {                     pictureBox5.Image = resizeImage(b, pictureBox5.Size);                     using (var p = new Pen(Color.LightGreen, 2))                     {                         using (Graphics g = Graphics.FromImage(pictureBox5.Image))                         {                             p.DashStyle = System.Drawing.Drawing2D.DashStyle.Dash;                             g.DrawRectangle(p,new Rectangle(v.Location,v.Size));                         }                     }                     saveJpeg(outdir + "\" + Path.GetFileNameWithoutExtension(v.Filename), tempbmp, quality);                     successcounter++;                     progressBarControl1.PerformStep();                     progressBarControl1.Update();                 }             }         }         //------------------------------------------------------------                     for (int count = 0; count < mylist.Count; count++)               {                 try                 {                 //Checking if the user pressed the cancel button                 if (stopprocess)                 {                     stopprocess = false;                     break;                  }                 //MessageBox.Show(mylist.Count)                 using (Bitmap x = FixImageOrientation(new Bitmap(mylist[count])))                 {                     try                     {                          Bitmap y = new Bitmap(x);                         if (stop == false)                         {                                if (y.Width > 1000 || y.Height > 1000)                             {                                 // y = ResizekeepAspectRatio(y, 1000, 1000);                                  // y = Crop(y);                                 y = UpdatedResizeImage(y, new Size(pictureBox5.Width, pictureBox5.Height));                                 //y.Save("xfxf.png");                             }                               using (Image<Bgr, byte> image = new Image<Bgr, byte>(y))                             {                                   if (batchprocess(image, y, x, mylist[count]) == false)                                 {                                     //  multipixdatadetection = false;                                     // if (detect(image, x, mylist[count]) == false)                                     //{                                     errorcounter++;                                     errorlist.Add(mylist[count]);                                     //}                                     //else                                     //  {                                     //    successcounter++;                                     //}                                     // multipixdatadetection = backupboolean;                                 }                                 else                                 {                                     successcounter++;                                 }                                     progressBarControl1.PerformStep();                                 progressBarControl1.Update();                                 x.Dispose();                                 y.Dispose();                               }                         }                     }                     catch (Exception err)                     {                         if (err.Message == "A Graphics object cannot be created from an image that has an indexed pixel format.")                         {                                //Catching index exception and converting bitmap to usable format by using temporary file                             string temppath = Path.GetTempPath();                             try                             {                                 if (Directory.Exists(temppath + @"\MYAPP\indexerror\") == false)                                 {                                     Directory.CreateDirectory(temppath + @"\MYAPP\indexerror\");                                 }                              }                             catch (Exception)                             {                              }                              using (Bitmap tempx = new Bitmap(mylist[count]))                             {                                 try                                 {                                     //CorRecting the Bitmap,Saving temporarly and Adding it to Process List                                     Bitmap temp = new Bitmap(tempx);                                      temp.Save(temppath + @"\MYAPP\indexerror\" + Path.GetFileName(mylist[count]));                                     mylist.Add(temppath + @"\MYAPP\indexerror\" + Path.GetFileName(mylist[count]));                                     temp.Dispose();                                  }                                 catch (Exception)                                 {                                  }                                }                         }                         else if (err.Message == "Out of memory.")                         {                             //Handling Corrupt Images that is not auto screened when addimagesworker is not allowed to complete.                         }                         else if (err.Message == "A generic error occurred in GDI+.")                         {                             XtraMessageBox.Show("You cannot overwrite Files.\nPlease select a different Ouput Location", "MYAPP");                             break;                         }                          else                         {                               //batcherror=true;                             continue;                             //   break;                         }                     }                  }             }             catch (Exception error)             {                 errorcounter++;                 continue;             }         }          } 

Do I have a JAVA memory leak?

I usually use Eclipse on my Ubuntu, but recently when I boot the PC and start using Eclipse, my PC completely freezes. In the past, he didn’t do this so I installed Htop to check my memory and just some minutes after restarting the PC I get this:

enter image description here

What does this mean? Do I have a memory leak on my PC?