Usually occurs when you attempt to copy data into a buffer without checking for sufficient space, causing data to be overwritten in neighboring cells.
1
vote
1answer
23 views
How could a local user on a host use a buffer overflow attack to get root access to the host?
I understand in general terms how a buffer overflow attack works, but how can someone use this technique specifically to gain root access to a host? A simple example and explanation would be helpful. ...
0
votes
0answers
16 views
Ret2libc exploit works in gdb, but in normal shell gives error sh: 1: g:0:1: not found
I am learning about ret2libc buffer overflow exploits to bypass NX.
My vulnerable code (vuln.c):
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(int argc, ...
0
votes
1answer
20 views
how to overcome buffer overflow attacks?
I read about the buffer overflow attack and wanted to know if changing the processor so it refuses to execute instruction that are not located in the code area can solve it?
thanks
0
votes
2answers
48 views
Buffer overflow wrong variable changing value
#include <stdio.h>
#include <stdlib.h>
int test(void)
{
int a=0,b=0;
char buf[4];
gets(buf);
printf("a:%d b:%d",a,b);
}
int main()
{
test();
return 0;
}
Question is why ...
0
votes
1answer
55 views
OpenCV Buffer Overflow
I've got myself in a pickle on this project I'm working on. My main objective is to stitch two webcam feeds together and do object detection on them - bounding boxes, etc...the standard stuff.
I ...
1
vote
2answers
63 views
What is the difference between a buffer size and the distance between two addresses?
#include <stdio.h>
#include <stdlib.h>
int main()
{
char *name;
char *command;
name=(char *)malloc(10);
command=(char *)malloc(128);
printf("address of name ...
0
votes
1answer
25 views
Socket Channel - readIntoNativeBuffer() Error
I have been experiencing this issue for a while now. A quick explanation of the system:
A simple application will read in data over a tcp connection. The application uses Socketchannel object to ...
1
vote
1answer
79 views
buffer overflow exploits - Why is the shellcode put before the return address
The code I'm reffering to is found here: Link to code
I read that the buffer overflow exploit uses a buffer that looks something like this:
| NOP SLED | SHELLCODE | REPEATED RETURN ADDRESS |
From ...
0
votes
1answer
62 views
buffer overflow exploit example from “Hacking: The Art of Exploitation”
I've found a few related posts about this on the site but non of them explained my problem.
The code is described here:
Link
My issue is the following:
The author tries to rewrite the return address ...
1
vote
1answer
34 views
Does my code sufficiently prevent overflow?
In my C program, in the case of file i/o, is it sufficient to put this:
FILE *fp = fopen("example.txt", "r");
char *buffer = malloc(sizeof(*fp));
In the case that I use:
while ...
0
votes
2answers
95 views
How to declare appropriate size for the buffer
I'm using TCHAR in the Visual C++ poject I'm working on, which definition is shown below:
#ifdef _UNICODE
typedef wchar_t TCHAR;
#else
typedef char TCHAR;
#endif
I need to put some data ...
0
votes
1answer
43 views
Why my threaded winsock server won't crash?
I have implemented a c++ winsock (win 32) with intention of crashing using an strcpy command. The socket itself is instantiated inside a thread. However, when I put the strcpy inside the recv loop, ...
3
votes
1answer
69 views
Addressable memory and relation with buffer overflows
Reading about buffer overflows, I came across the sample code given below:-
void function(int a, int b, int c) {
char buffer1[5];
char buffer2[10];
}
void main() {
function(1,2,3);
}
It's from ...
0
votes
1answer
59 views
buffer overflow when using peg/leg
I'm using Ian Piumarta's peg/leg software to parse a toy language that I'm working on. Unfortunately some inputs to the parser are causing a crash that Clang's address sanitizer says is caused by a ...
0
votes
1answer
58 views
WinDbg range error while searching jump
I am trying to search jump in a programs' dll but when I do that I am taking range error. What's the problem with that?
My WinDbg output is below:
0:000> g
ModLoad: 76390000 763ad000 ...
Related Tags
c × 169security × 53
c++ × 40
assembly × 32
exploit × 29
shellcode × 27
stack × 24
linux × 24
buffer × 22
stackoverflow × 19
gcc × 12
string × 12
gdb × 11
hacking × 11
x86 × 10
stack-smash × 9
buffer-overrun × 8
visual-c++ × 7
android × 7java × 6
memory × 5
scanf × 5
memory-management × 5
aslr × 5
osx × 5
