Tagged Questions

3
votes
1answer
745 views

Jumping into argv?

I`am experimenting with shellcode and stumbled upon the nop-slide technique. I wrote a little tool that takes buffer-size as a parameter and constructs a buffer like this: [ NOP | SC | RET ], with NOP ...
3
votes
1answer
74 views

Buffer overflow doesn't run

I try an basic buffer overflow, i overwrite the saved EIP on the stack an jump on to the adress. This adress point to à shell variable who containt my shellcode. But on gdb, program sigserv on the ...
1
vote
4answers
6k views

Confused by gdb print ptr vs print “%s”

1167 ptr = (void*)getcwd(cwd, MAX_PATH_LENGTH-1); (gdb) n 1168 if (!ptr) { (gdb) print ptr $1 = 0xbff2d96c "/media/MMC-SD/partition1/aaaaaaaaaaa" (gdb) print &cwd $2 = (char (*)[3500]) ...
1
vote
1answer
280 views

buffer overflow problem

After I reference this website, I want to simulate a simple buffer overflow bug My environment is ubuntu 10.10 gcc version is 4.4.5 I also download the execstack to enable the executable stack of my ...
1
vote
1answer
997 views

Hex values in gdb input files

I'm trying to bof a particular exploitme on DVL by redirecting input (to gets) using run < inputfile inside gdb I can overflow the program successfully but am having trouble appending hex values ...
1
vote
1answer
84 views

Detecting a Buffer Overflow in a non open-source program

i am reading a book about bufferoverflow exploiting etc. But there is one question this book doesnt answers. How can i dectect a bufferoverflow using GDB without seeing the source code of the program? ...
1
vote
0answers
76 views

Cleaning up stack in Buffer Overflow

I am performing a buffer overflow for educational purposes only. I have a function called that uses gets to receive input from the terminal. I want to force this function to return a specific value ...
0
votes
2answers
101 views

Buffer Overflow Works in GDB but not in Terminal

I am using Mac OSX. I have created a buffer overflow vulnerable program: #include<stdio.h> #include<string.h> int neverCalled() { puts("You got me to be called"); return 0; } ...
0
votes
1answer
317 views

unable to set breakpoints

Im trying to get the starting address of buf. So I compile the following program and load it up in gdb. #include <stdio.h> #include <string.h> int main(int argc, char **argv) { char ...
0
votes
2answers
103 views

Hex string as input to scanf in gdb

Can we give input string by it's hex value in gdb. For example, a simple program #include <stdio.h> int main() { char buffer[20]; fscanf(stdin, "%s", buffer); printf("%s", buffer); ...
0
votes
2answers
78 views

Buffer overflows on 64 bit

I am trying to do some experiments with buffer overflows for fun. I was reading on this forum on the topic, and tried to write my own little code. So what I did is a small "C" program, which takes ...