Information Security
Sponsored by
Sponsored logo

All Questions

Ask Question
Tagged with
15 questions
Newest
Active
Bountied
Unanswered
Filter by
Sorted by
Tagged with
3 votes
1 answer
83 views

Why does my RIP value change after overwriting via an overflow?

I've been working on a buffer overflow on a 64 bit Linux machine for the past few days. The code I'm attacking takes in a file. This original homework ran on a 32-bit system, so a lot is differing. I ...
user avatar
sneakyfishies
  • 31
0 votes
1 answer
454 views

Instead of JMP ESP can we use it's opcodes?

In a buffer overflow exploit, when we use a JMP ESP instruction to jump to the ESP, instead of using the address of the JMP ESP, can't we use the opcodes of it?. I generated the opcodes of the JMP ESP ...
user avatar
Kavishka Gihan
  • 1
0 votes
1 answer
299 views

Can't overwrite EIP in bufferoverflow example

I am trying to make a simple buffer-overflow exploit on an example program to understand binary exploitation a bit better. The goal is to simple write shellcode on the stack and execute it. However, ...
user avatar
n00b.exe
  • 141
1 vote
0 answers
612 views

Buffer bomb level 3 - Prevent stack corruption

I am trying to complete level 3 of buffer bomb lab. The task is to supply an exploit string that will cause getbuf to return my cookie (0x4b64b076) back to test, rather than the value 1. The exploit ...
user avatar
Helen Grey
  • 111
0 votes
1 answer
326 views

Exploiting vulnerabilities in the C code

I'm preparing for an introductory information security examination in university and this is one of the examination questions on Secure Programming. In such questions, I would usually catch for ...
user avatar
Prashin Jeevaganth
  • 131
2 votes
0 answers
279 views

How to extract the information about the stack or EIP/RIP registers from the ASAN (sanitizer) crash output?

I am testing Netwide Assembler(NASM) and verifying the latest bug [CVE-2018-10254] Stack-buffer-overflow (out of bound read). I am trying to overwrite the EIP/RIP and make it crash but I don't know ...
user avatar
bsdboy
  • 51
2 votes
2 answers
3k views

Unable to understand $EIP changes with Buffer Overflow

I am learning Buffer Overflow, so the question might seem silly but here it is. I started with this very simple buggy program int main(int argc, char *argv[]) { char buf[128]; printf("You entered ...
user avatar
aneela
  • 201
2 votes
1 answer
740 views

Buffer Overflow CTF challenge

I am having trouble solving a challenge that requires using a buffer overflow to overwrite the return address and call another function that gives a shell. The program prompts the user for input, ...
user avatar
brad
  • 31
3 votes
1 answer
6k views

Buffer overflow: Why does the ESP Register change its value after access violation

Background: Currently trying to exploit a BoF vulnerability. After setting up the environment, running a compiled C program that contains the strcpy function, I disassembled the program as it's ...
user avatar
0x5929
  • 335
1 vote
0 answers
1k views

Trick needed to make use of a local buffer overflow vulnerability to obtain root

I am working on a certain CTF trying to gain root privileges in it, I found a vulnerable program to buffer overflow vulnerability with Non executable stack security level (NX), I developed an exploit ...
user avatar
HAlmusajjen
  • 44
4 votes
2 answers
29k views

return to libc- finding libc's address and finding offsets

So I tried performing a return-to-libc according to https://sploitfun.wordpress.com/2015/05/08/bypassing-nx-bit-using-return-to-libc/ . I found libc's address by using "ldd vuln", and found system's ...
user avatar
Jonathan
  • 53
0 votes
2 answers
2k views

Buffer Overflow: Advice on exploiting

int play() { int a; int b; char buffer[010]; a = 0x41414141; b = 0x42424242; if (write(STDOUT_FILENO, "For a moment, nothing happened. Then, after a second or so, nothing ...
user avatar
pee2pee
  • 277
0 votes
0 answers
101 views

unable to execute shellcode,which is place on stack [duplicate]

I am trying to execute the shellcode to spawn an "sh" shell. I have taken shellcode as command line arguement,copied it to stack and tried to overwrite the return address of main function with the ...
user avatar
user10012
  • 191
3 votes
1 answer
2k views

EIP pointer is overwritten but EBP remains intact

I was trying out a simple stack buffer overflow exploit by creating a malicious crash.m3u file. as you can see the EIP pointer is overwritten by "A" but EBP hasn't changed. isn't EBP supposed to get ...
user avatar
Abbas Javan Jafari
  • 1,916
4 votes
1 answer
1k views

Explaining a buffer overflow vulnerability in C

Given this C program: #include <stdio.h> #include <string.h> int main(int argc, char **argv) { char buf[1024]; strcpy(buf, argv[1]); } Built with: gcc -m32 -z execstack prog.c -o ...
user avatar
janos
  • 93

Your privacy

By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.