new

Try Stack Overflow for Business

Our new business plan for private Q&A; offers single sign-on and advanced features. Get started by May 31 for 2 months free.

Learn more

  7. current community

    your communities

    more stack exchange communities

    company blog

All Questions

Tagged with
40 questions
Newest Frequent Votes Active Unanswered
0
votes
2answers
46 views

Causing a Buffer Overflow Using fgets

I'm trying to make a buffer overflow on a c program, but I can't manage to find the vulnerability and exploit the code. I've tried thousands of inputs. Generally I've tried these: 1) I've tried the ...
0
votes
0answers
47 views

exploit development issues with nops

I am doing corelan course , but I am stuck at tutorial #2 push ret I am trying to overwrite my eip with my push esp ret to lauch my shellcode in this case a calc.exe , but it always overwrite with the ...
0
votes
0answers
43 views

Buffer overflow attack, executing an uncalled function

So, I'm trying to exploit this program that has a buffer overflow vulnerability to get/return a secret behind a locked .txt (read_secret()). vulnerable.c //no edits here #include <stdlib.h&...
0
votes
1answer
84 views

How to get privilege escalation using a vulnerable program with root privilege?

I am trying to exploit privilege escalation for a vulnerable program with root privilege. I tried a shell code for that but I do not know where I am making a mistake. #include <stdio.h> #...
2
votes
0answers
57 views

Python: Capture stdout of crashed program via subprocess

I have a simple C program that asks for input and echoes it back, so essentially a gets and then a printf. I want to call this program through Python subprocess and capture the output - even when the ...
1
vote
1answer
84 views

Buffer Overflow - unexpected values inserted

I'm trying to use buffer overflow to overwrite two local variables, so that I can call the hidden function. Here is the C code. #include <stdio.h> #include <stdlib.h> static void ...
0
votes
0answers
157 views

Generate payload with msfvenom for C/C++ program which input is stdin (buffer overflow)

I'm trying to generate shellcode for my C/C++ program to exploit a buffer overflow vulnerability, my code is as follows: #include <stdio.h> #include <unistd.h> #include <stdlib.h> #...
-1
votes
1answer
25 views

This seems to be right everywgere But I am getting IndexError everytime at the bin_bash line. but with the puts line its running fine

#!/usr/bin/env python import pwn import re gdb_puts = 0x7ffff7a649c0 gdb_system = 0x7ffff7a33440 offset = gdb_puts - gdb_system elf = pwn.ELF('./vuln') p = elf.process() prompt = p.recv() print ...
0
votes
1answer
146 views

exporting environment variable with python

I'm trying to export an environment variable using python, but I can't seem to figure it out. This is what I'm trying to copy: export SHELLCODE = $(python -c "print <shellcode here>") This is ...
0
votes
0answers
100 views

How to buffer overflow with recvfrom_into?

I'm learning about exploiting buffer overflows with shellcode injection. Four years ago a buffer overflow vulnerability was discovered for the socket.recvfrom_into() function. A exploit was crafted ...
0
votes
0answers
40 views

Cause a buffer overflow using python program as an argument with an address padded with zeros

I am trying to cause a buffer overflow by printing out an address in hex to the terminal to serve as the input to a vulnerable function. I pad the data to be written with 0x01 and then add the address ...
0
votes
1answer
101 views

How to pad an address with \x00 in python

I am trying to print the address 0x004007ad to the terminal for the purposes of a buffer overflow assignment. I have to do it in little endian because of my processor. However when I try print the ...
0
votes
0answers
71 views

Python/Windows: Fuzzing program from cmd

I am trying to fuzz a Windows program to detect Buffer Overflow, using python to generate inputs. My code is something like this: python -c "print('A'*100)" | .\program.exe Unfortunately, PIPE ...
0
votes
1answer
62 views

Gdb Buffer Overflow; Python won't execute

I have a problem with gdb, I cant make a python command run inside. It just hangs forever until i press enter a second time. gdb$ run $(python -c "print('A'*50)"); Starting program: /home/Myprogram ...
1
vote
0answers
63 views

Buffer Overflow with Python - Send multiple strings to C's scanf() function

I currently try to do a Buffer Overflow attack to a simple C Program. This Program takes 2 inputs via C's scanf function. The First input is secure, the second is not. So I found my shellcode, the ...
1
vote
1answer
89 views

Why can integer store a hex value but cannot store the same value in decimal?

I most recently successfully exploited a C executable by causing its char array to overflow in to another variable. I did this by piping in the output of exploit1.py in to the command line which was ...
0
votes
1answer
107 views

assembly : where to find the shellcode of a bufer overflow exploit

On a windows xp machine, I open an "echo server" exe with Immunity Debugger, then run the program. The echo server is running on port 10000. On my other machine, I run a python script (see below) ...
2
votes
0answers
264 views

Buffer Overflow Exploit Issue

I am trying to complete a a buffer overflow that involves overwriting a function pointer. The vulnerable C program is as follows: #include <stdlib.h> #include <unistd.h> #include <...
0
votes
3answers
302 views

why do I get a SIGSEGV in _Global_Offset_Table error with my 64bit exploit instead of getting a shell

So what's the story.. I'm following this tutorial on 64bit overflow exploit using rop. https://blog.techorganic.com/2016/03/18/64-bit-linux-stack-smashing-tutorial-part-3/ The c source to exploit is ...
4
votes
1answer
764 views

why will my buffer overflow exploit open a user shell only instead of a root shell?

I have been following a few tutorials on bufferoverflow exploitation. But my problem is, that I am not able to open a root shell, I will always get a normal user shell instead. I have checked the ...
0
votes
1answer
4k views

How to generate payload with python for buffer overflow?

I'm trying to provoke a buffer overflow in order to execute a function on C code. So far I already managed to find out what is the number of bytes to take over EBP register. The only thing next is to ...
5
votes
0answers
573 views

Open a shell from buffer overflow

I have to open a shell in a c program with a exploit python script. I am using a Ubuntu VM to do this. The c program: #include <stdio.h> #include <string.h> int main(int argc, char *...
0
votes
1answer
107 views

C program char buffer unexpected overflow

I am trying to understand two different behaviors of an overflow from a C program(call it vulnerable_prog)in Linux that asks for input, in order to allow you to overflow a buffer. I understand that ...
10
votes
0answers
97 views

Python is reading past the end of the file. Is this a security risk? [duplicate]

So I just noticed this, and after some experimentation, I managed to make it reproducible. I didn't see this posted anywhere. Python seems to be reading past the end of files in certain circumstances. ...
-1
votes
1answer
978 views

Exploit development in Python 3

I realised that exploit development with python 3 is not as straight forward as it is using python 2. As I understand, this is mainly due to the socket library and the added byte datatype. For ...
1
vote
1answer
725 views

Hexadecimal Memory Address to Assembly

I am following a buffer overflow tutorial. I have set up my NOP block, I also set up my shell code, now I need to append the return address to the end of my string. I know my return address is : ...
0
votes
1answer
170 views

How to use standard Linux tools to fix a deadlocked script?

I have a script in Python3 and if I use subprocess.Popen.wait() I have problem — my script iterates some Linux command many times and it looks to me like my app is not responding. When I use ...
5
votes
3answers
3k views

Why is my stack buffer overflow exploit not working?

So I have a really simple stackoverflow: #include <stdio.h> int main(int argc, char *argv[]) { char buf[256]; memcpy(buf, argv[1],strlen(argv[1])); printf(buf); } I'm trying to ...
1
vote
2answers
974 views

Python TCP Socket Data Sometimes Missing Parts. Socket Overflow?

Short description: Client sends server data via TCP socket. Data varies in length and is strings broken up by the delimiter "~~~*~~~" For the most part it works fine. For a while. After a few ...
0
votes
2answers
1k views

Vulnserver - Buffer overflow NOP characters aren't being passed in properly

I'm currently working on a buffer overflow test on the vulnserver app. Overflowing the buffer with hex values of A seemed to be passed into the program without an issue. The EIP was overwritten ...
1
vote
0answers
383 views

An exploitable buffer overflow in Python's strcpy()

How can one exploit a buffer overflow in Python. I have the following code: from ctypes import * libc = cdll.msvcrt a = c_char_p("Here's a string that has 60 characters, 61 if you count null") b = ...
1
vote
0answers
127 views

Can the input buffer for pyserial overflow? How can I detect it?

I have a python script talking to a serial device with pyserial, and somewhere along the line a packet is being lost. I suspect there's a serial buffer overflowing somewhere. How can I detect if the ...
2
votes
2answers
1k views

Buffer Overflow Protective mechanisms in Python

I have been slightly confused by the way a common python function available called raw_input operates. I don't appear to have any restrictions to input however many chars I want here . The function ...
2
votes
0answers
96 views

how to insert write protected memory

My need is to dynamically analyse a c program for its buffer overflow condition. I'm doing my code in python. For this I need to run the c program through python which is done by subprocess module in ...
1
vote
1answer
693 views

Inject Shellcode - program running and need to inject hexcode from maybe python

So I have a vulnerable program which is to be exploited using buffer overflow. After analysis I have all the relevant values(buffer size, the address to be injected ,etc ) The issue is that I need to ...
1
vote
1answer
158 views

how to send return address backwards (through socket)- python

I'm here to ask for a remote bufferoverflow tip. I'm currently solving a wargame and it's my first time trying these some new types of coding. Currently I am trying to make a code like this: Pretend ...
0
votes
1answer
454 views

python telnet server crash

Whenever my client connect to my server via telnet telnet myip 43 When the client hits ctrl+c on his own machine continuously it causes the telnet server to crash... how can this be stopped ? Also ...
0
votes
1answer
512 views

program input redirected via python subprocess

Thought I would be able to find this on google but couldn't. I am trying to exploit a binary written in C using an overflow. In gdb, I've got the overflow landing on the correct bytes to redirect ...
1
vote
1answer
2k views

Passing shellcode from Python as command line argument

I am currently preparing a small presentation about computer security among my fellow students. To get them at least a bit excited I wanted to demonstrate how the wrong use of the strcpy-function inc ...
6
votes
6answers
11k views

How to conduct buffer overflow in PHP/Python?

Here is an example in c: #include <stdio.h> #include <string.h> void bad() { printf("Oh shit really bad~!\r\n"); } void foo() { char overme[4] = "WOW"; *(int*)(overme+8) = (...