This exploit demonstrates a local buffer overflow in FCrackZip 1.0 due to unsafe use of strcpy() when handling the '-p' flag. The PoC triggers a crash by supplying a 44-byte string, but stack canaries prevent arbitrary code execution.
Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target:FCrackZip 1.0
No auth needed
Prerequisites:FCrackZip 1.0 installed locally · ability to execute the binary with a crafted argument