Tagged Questions
1
vote
1answer
115 views
Finding environment variables with gdb, to exploit a buffer overflow
I have to exploit a very simple buffer overflow in a vulnerable C++ program for an assignment and I am not being able to find the environment variable SHELL.
I have never worked with BoF before, and ...
3
votes
1answer
75 views
How do attackers gather remote feedback for identifying and exploiting buffer overflows?
Local buffer overflows are relatively easy to understand: throw some input at an interface and see if the process fails with a core dump or similar. However, in my mind, this kind of exploit works ...
2
votes
5answers
703 views
What programming language does this code use?
Watching this article:
http://www.exploit-db.com/exploits/13474/
I can see this:
/*
* NetBSD
* execve() of /bin/sh by humble of Rhino9
*/
char shellcode[] =
"\xeb\x23"
"\x5e"
"\x8d\x1e"
...
6
votes
3answers
256 views
Remote return into libc attack
It is often shown that non-executable data segemnts are possible to bypass through return-to-libc attacks. It's evident on /bin/sh but is it also possible to invoke a remote shell?
6
votes
5answers
564 views
Suggested reading list: OS exploits
In computer security, my areas of interest include x86 processors, binary exploitation and reverse engineering. I'm also interested in the certain aspects of the minix and the linux kernel(memory ...
10
votes
3answers
416 views
Bypassing Address Space Layout Randomization
How effective is ASLR in preventing arbitrary code execution in a buffer overflow type exploit? How hard is it for an attacker to bypass this without simply guessing where the addresses are?
