15
votes
1answer
792 views

How does a NOP sled work?

I've been cracking my head open and can't find a good source that answers this question. I know that a nop sled is a technique used to circumvent stack randomization in a buffer overflow attack, but I ...
7
votes
1answer
344 views

Smashing Stack on Ubuntu 11.10

Did any of you face the following problem when you try to overwrite the $esp pointer? Of course trying a legit buffer size always works! But, when you try to increase the buffer size to overwrite the ...
6
votes
3answers
235 views

Modify return address on stack

I looked at the basics of buffer overflow vulnerabilities and tried to understand how the stack is working. For that I wanted to write a simple program which changes the address of the return address ...
5
votes
1answer
177 views

Skipping an instruction using stack smashing

I have been trying to skip an instruction by changing the return address through stack smashing. The following code skips a++ in main and prints an output of "1 3". I have executed this code on a ...
4
votes
3answers
1k views

For buffer overflows, what is the stack address when using pthreads?

I'm taking a class in computer security and there is an extra credit assignment to insert executable code into a buffer overflow. I have the c source code for the target program I'm trying to ...
4
votes
6answers
4k views

How to write a buffer-overflow exploit in GCC,windows XP,x86?

void function(int a, int b, int c) { char buffer1[5]; char buffer2[10]; int *ret; ret = buffer1 + 12; (*ret) += 8;//why is it 8?? } void main() { int x; x = 0; function(1,2,3); ...
3
votes
5answers
2k views

Need help with buffer overrun

I've got a buffer overrun I absolutely can't see to figure out (in C). First of all, it only happens maybe 10% of the time or so. The data that it is pulling from the DB each time doesn't seem to be ...
1
vote
1answer
176 views

Stack direction and buffer overflow

In a downward growing stack, what's the rationale for stack variables to be written in an upward direction? For example, if I have char buf[200], say at memory address 0x400. When I write to this ...
1
vote
1answer
79 views

Finding address of C variable without debugging

I'm working on a basic buffer overflow project. The goal is to overflow a buffer to run a shell. The code I'm exploiting looks like this: int func(char *str) { //4 bytes for str, 16 bytes for the ...
1
vote
0answers
46 views

Generating AlephOne-style visualizations of the stack?

In the widely-read "Smashing The Stack For Fun And Profit" tutorial, Aleph One presents C code examples like this: void function(int a, int b, int c) { char buffer1[5]; char buffer2[10]; } ...
1
vote
3answers
3k views

Why i do get “Cannot find bound of current function” when i overwrite the ret address of a vulnerable program?

I want to exploit a stack based buffer overflow for education purposes.There is a typical function called with a parameter from main which is given as input from the program and a local buffer where ...
1
vote
3answers
217 views

Buffer Overflow-Not getting the Correct output

the Shell code print the hostname(bin/hostname). but when i execute the code its shows me the the path in reverse order but not printing the HOSTNAME. I am actually doing the buffer over flow . I ...
0
votes
1answer
81 views

overflowing the stack into a variable confusion(computer security)

I'm learning computer security through a book i've found online(pretty new to this stuff, go easy!), and one chapter teaches you about overflowing the stack. The function used in the program is: void ...
0
votes
1answer
248 views

what is Stack Randomization and how does it prevent Buffer overflow attack?

I read from a book that Buffer Overflow might be used as a way to inject exploit code which will attack a system. And Stack Randomization is one of those effective ways to prevent such attacks. I ...
0
votes
1answer
97 views

Why the address of a string given as argument to a function changed after overflowing the ret address?

I want to exploit a vulnerability of a C piece of code for educational purposes by controlling the stack. A simple stack based buffer overflow, overwriting the return address with the address where a ...

1 2
15 30 50 per page