Tagged Questions
0
votes
0answers
50 views
Buffer overflow exploit : segfault on function ret to stack code
I'm trying to exploit a buffer overflow in a test program to execute arbitrary code. I'm on NetBSD 6 i386. Here is the C code:
int checkPassword(char *password)
{
char ...
3
votes
1answer
103 views
Buffer overflow on remote server
I'm a computer security student and I'm doing a project about remote buffer overflows. I developed a vulnerable server in C, with an unsafe use of strncpy function which actually copies 1024 bytes on ...
0
votes
1answer
72 views
Buffer Overflow exploit , overwriting function parameters including return address
Assume we have a function
foo(char *name,int id)
{
printf ("%s%d",name,id);
}
Using buffer overflow, we replace the return address on the stack with foo function address. I was able to ...
0
votes
1answer
107 views
Can't understand the buffer overflow example in “The Art of Exploitation”
My problem is very similar but not the same with the this one.
I run the same example of exploit_notesearch.c in the book: Hacking, the Art of Exploitation on my 64-bit OS, Archlinux and it doesn't ...
0
votes
1answer
49 views
How can I find where main()'s return address is sitting in the stack?
I need to do a remote a buffer overflow exploit for a class. I understand MOST of it. It involves overwriting main's return address so I can execute my own code.
But we never covered how to find the ...
5
votes
1answer
236 views
Return into libc - Illegal instruction
I am messing around with buffer overflows, particularly the return into libc kind.
I have the following vulnerable code:
#include<stdio.h>
#include<string.h>
main( int argc, char ...
1
vote
1answer
84 views
Buffer overflow exploit not working for kernel module [closed]
I have done buffer overflow exploits for user level processes in the past. However this does not seem to work good if I try to overflow the buffer of a vulnerable kernel module. Here's what I do:
...
0
votes
1answer
136 views
The art of exploitation - exploit_notesearch.c
i've got a question regarding the exploit_notesearch program.
This program is only used to create a command string we finally call with the system() function to exploit the notesearch program that ...
2
votes
1answer
115 views
Buffer overflow: writing code to stack and executing there
I know what a buffer overflow is and I know that (without DEP), often stack return addresses are overwritten with an address pointing somewhere in data or code sections.. but what if the stack return ...
1
vote
2answers
209 views
Why use buffer overflow exploit?
I understand the concept of buffer overflow, and acknowledge it can give me the opportunity to execute my own code within a foreign executable.
My question is, cant this simply be done with easier ...
0
votes
2answers
138 views
Shellcode Development , ESP pointer
Sometime back, working on an exploit for Easy RM to MP3 Converter 2.7.3.700 on Windows XP SP3 ( http://www.exploit-db.com/exploits/9177/ ) , I came across a concept which am not understanding , It ...
2
votes
1answer
1k views
buffer overflow example from Art of Exploitation book
I was reading this book Art of Exploitation, which is kinda good book and I run across that example from exploit_notesearch.c file.
Briefly author tries to overflow program from notesearch.c
int ...
2
votes
2answers
1k views
Writing a return-to-libc attack, but libc is loaded at 0x00 in memory
I'm writing a return to libc attack for my systems security class. First, the vulnerable code:
//vuln.c
#include <stdio.h>
#include <stdlib.h>
int loadconfig(void){
char buf[1024];
...
2
votes
3answers
579 views
Shellcode as payload for buffer overflow (or other) exploits executed as root?
When I use shellcode such as the ones provided here* as payload to some vulnerable program, how is the shell executed as root? I am asking about how the privileges are elevated to root? The shellcode ...
-3
votes
3answers
2k views
C Code how to change return address in the code?
I just wrote a C Code which is below :
#include<stdio.h>
#include<string.h>
void func(char *str)
{
char buffer[24];
int *ret;
strcpy(buffer,str);
}
int ...
