Hacker News new | ask | show | jobs
by paddlesteamer 2278 days ago
Hello, OP here, I've actually spent considerable amount time to find a code execution. I know you'll want to learn details of FUN_004122c0 but here is the decompiled version of iptables part from ghidra:

undefined4 FUN_004045a0(int param_1,int param_2)

{ int iVar1; int iVar2; char pcVar3; char cVar4; code pcVar5; undefined auStack544 [256]; undefined auStack288 [260];

  FUN_00412530(auStack544,0,0x100);
  FUN_00412530(auStack288,0,0x100);
  if (param_1 == 0) {
    FUN_004122c0(auStack288,0x100,"iptables > %s 2>&1","/var/IptablesInfo");
  }
  else {
    iVar1 = FUN_00412210(0x100);
    if (iVar1 == 0) {
      return 0x40010009;
    }
    cVar4 = '\0';
    while ((iVar2 = *param_2, iVar2 != 0 && (cVar4 != '\x10'))) {
      if (cVar4 == '\0') {
        FUN_004122c0(iVar1,0x100,0x412c84,iVar2);
      }
      else {
        FUN_004122c0(iVar1,0x100,"%s %s",iVar1,iVar2);
      }
      cVar4 = cVar4 + '\x01';
      param_2 = param_2 + 1;
    }
    FUN_004122c0(auStack288,0x100,"iptables %s > %s 2>&1",iVar1,"/var/IptablesInfo");
    FUN_00412660(iVar1);
  }
  FUN_00412330(auStack288);
  iVar1 = FUN_004123c0("/var/IptablesInfo",0x414f68);
  if (iVar1 == 0) {
    pcVar5 = FUN_004126e0;
    pcVar3 = "Fail\r";
  }
  else {
    while (iVar2 = FUN_00412470(auStack544,0x100,iVar1), iVar2 != 0) {
      FUN_004126b0(0x412c84,auStack544);
      FUN_004121a0(0xd);
    }
    FUN_00412520(DAT_0042b010);
    FUN_004123a0(iVar1);
    pcVar5 = FUN_00412500;
    pcVar3 = "/var/IptablesInfo";
  }
  (*pcVar5)(pcVar3);
  return 0;
}

Any ideas?
1 comments
mercora 2278 days ago
i guess you already tried issuing commands like i mentioned?!

i am still confused by this code but to me it looks like this has been originally written in another language but maybe this is just what it looks like after de-compiling. seeing this function would likely be more interesting.

link
paddlesteamer 2278 days ago
Yep, I tried. No luck there
link