Tagged Questions
15
votes
1answer
792 views
How does a NOP sled work?
I've been cracking my head open and can't find a good source that answers this question. I know that a nop sled is a technique used to circumvent stack randomization in a buffer overflow attack, but I ...
7
votes
1answer
344 views
Smashing Stack on Ubuntu 11.10
Did any of you face the following problem when you try to overwrite the $esp pointer?
Of course trying a legit buffer size always works! But, when you try to increase the buffer size to overwrite the ...
6
votes
3answers
235 views
Modify return address on stack
I looked at the basics of buffer overflow vulnerabilities and tried to understand how the stack is working. For that I wanted to write a simple program which changes the address of the return address ...
5
votes
1answer
177 views
Skipping an instruction using stack smashing
I have been trying to skip an instruction by changing the return address through stack smashing. The following code skips a++ in main and prints an output of "1 3". I have executed this code on a ...
4
votes
3answers
1k views
For buffer overflows, what is the stack address when using pthreads?
I'm taking a class in computer security and there is an extra credit assignment to insert executable code into a buffer overflow. I have the c source code for the target program I'm trying to ...
4
votes
6answers
4k views
How to write a buffer-overflow exploit in GCC,windows XP,x86?
void function(int a, int b, int c) {
char buffer1[5];
char buffer2[10];
int *ret;
ret = buffer1 + 12;
(*ret) += 8;//why is it 8??
}
void main() {
int x;
x = 0;
function(1,2,3);
...
3
votes
5answers
2k views
Need help with buffer overrun
I've got a buffer overrun I absolutely can't see to figure out (in C). First of all, it only happens maybe 10% of the time or so. The data that it is pulling from the DB each time doesn't seem to be ...
1
vote
1answer
176 views
Stack direction and buffer overflow
In a downward growing stack, what's the rationale for stack variables to be written in an upward direction? For example, if I have char buf[200], say at memory address 0x400. When I write to this ...
1
vote
1answer
79 views
Finding address of C variable without debugging
I'm working on a basic buffer overflow project. The goal is to overflow a buffer to run a shell. The code I'm exploiting looks like this:
int func(char *str)
{
//4 bytes for str, 16 bytes for the ...
1
vote
0answers
46 views
Generating AlephOne-style visualizations of the stack?
In the widely-read "Smashing The Stack For Fun And Profit" tutorial, Aleph One presents C code examples like this:
void function(int a, int b, int c) {
char buffer1[5];
char buffer2[10];
}
...
1
vote
3answers
3k views
Why i do get “Cannot find bound of current function” when i overwrite the ret address of a vulnerable program?
I want to exploit a stack based buffer overflow for education purposes.There is a typical function called with a parameter from main which is given as input from the program and a local buffer where ...
1
vote
3answers
217 views
Buffer Overflow-Not getting the Correct output
the Shell code print the hostname(bin/hostname). but when i execute the code its shows me the the path in reverse order but not printing the HOSTNAME.
I am actually doing the buffer over flow .
I ...
0
votes
1answer
81 views
overflowing the stack into a variable confusion(computer security)
I'm learning computer security through a book i've found online(pretty new to this stuff, go easy!), and one chapter teaches you about overflowing the stack. The function used in the program is:
void ...
0
votes
1answer
248 views
what is Stack Randomization and how does it prevent Buffer overflow attack?
I read from a book that Buffer Overflow might be used as a way to inject exploit code which will attack a system. And Stack Randomization is one of those effective ways to prevent such attacks.
I ...
0
votes
1answer
97 views
Why the address of a string given as argument to a function changed after overflowing the ret address?
I want to exploit a vulnerability of a C piece of code for educational purposes by controlling the stack. A simple stack based buffer overflow, overwriting the return address with the address where a ...