Usually occurs when you attempt to copy data into a buffer without checking for sufficient space, causing data to be overwritten in neighboring cells.
0
votes
0answers
6 views
Possible serial port buffer overflow
I'm coding in c# using the serial port class to send a byte array of 18 characters to a DMX device. This device is the SER-DMX servo controller. Now the communication works momentarily and moves with ...
0
votes
1answer
91 views
buffer overflow doesn't reach eip
Hi i'm really stuck on this problem: here are my code and below the code i try to overflow:
#include <stdio.h>
#define B 145 // 141 for ex overflow
#define A 0
char sc[]=
...
1
vote
1answer
27 views
Spawned shell terminates quickly after buffer overflow
Here is the source code of the application to be exploited.
ch13.c:
#include <stdlib.h>
#include <stdio.h>
/*
gcc -o ch13 ch13.c -fno-stack-protector
*/
int main()
{
int var;
int ...
-1
votes
1answer
18 views
how to use symbolic execution to find bug, for example SAGE,KLEE,S2E [closed]
just as the title,anyone knows the difference of the ways that those tool use to find bug? kLEE and SAGE maybe can find out-of-bound access and buffer overflow, KLEE can use assertions ,but any other ...
1
vote
1answer
25 views
Passing array parameters on the stack (Buffer Overflow)
I need to execute a call to cat on a target file using a buffer overflow in a challenge app (can't execute on the stack, but can use libc). For reference, in C this is valid code for what I'm trying ...
2
votes
1answer
60 views
Error in return address while simulating buffer overflow
I am learning buffer overflow from the following website.
(gdb)info registers
eax 0xbffff4c0 -1073744704
ecx 0xbffff4bf -1073744705
edx 0x2 2
ebx ...
-3
votes
1answer
54 views
Buffer overflow - The changes of variables
void go()
{
//{1}
char buffer[2];
gets(buffer);
//{2}
cout << allow;
}
I tried to run the procedure above in 2 cases:
-1st: I declare "int allow;' at position 1
-2nd: I ...
2
votes
0answers
52 views
Static or dynamic analysis tool able to find this C buffer overflow bug? [closed]
I'm trying to find a tool able to find this buffer overflow bug.
static int buffer[10];
int main()
{
int *vec = buffer;
vec[50] = 100;
}
217
votes
14answers
20k views
Why does this for loop exit on some platforms and not on others?
I have recently started to learn C and I am taking a class with C as the subject. I'm currently playing around with loops and I'm running into some odd behaviour which I don't know how to explain.
...
-1
votes
0answers
14 views
prevent bufferoverflow on my script
Please help me modify it so that if the user types more characters than are alloted in the username string, the program will not write any more characters to the username string and if they type ...
0
votes
1answer
50 views
Assignment from Incompatible Pointer Type In C Script
In a course I'm taking, I was given a broken buffer overflow script written in C, and have to fix the broken coding. I've patched a few things so far, but am receiving this error message when trying ...
0
votes
1answer
36 views
Nop Sled, can you explain it to me?
I have been reading this book: Hacking, the art of exploitation
On page 140, the book explains the Nop Slide:
We’ll create a large array (or sled) of these NOP instructions and place it
before ...
0
votes
0answers
68 views
Segmentation fault when exploit string overwrites the return pointer with the starting address on stack
I'm doing the csapp buflab level 2. In this assignment I'm asked to input an exploit string using the getbuf() Mine looks like.
08048fe0 <getbuf>:
8048fe0: 55 push ...
-1
votes
4answers
56 views
Array memory allocation of strings
I have written simple string program using array allocation method. I have allocated character array 10 bytes, but when i give input, program is accepting input string of greater than 10 bytes. I am ...
1
vote
1answer
78 views
Oracle managed driver ODP.NET with NHibernate 4.0 FLOAT (126) to C# DECIMAL/Double
I am trying to create a mapping using Fluent NHibernate with Oracle 11g. This is the mapping I am creating:-
public class Abc : ClassMap<Abc>
{
public Abc()
{
Table("Abc");
...
-2
votes
2answers
96 views
memcpy() not working as expected
I'm trying to make a simple implementation of the Heartbleed Bug in C/C++ over Linux (Using ElementaryOS on vmplayer). From my understanding of the heartbleed bug, it involves the client sending a ...
1
vote
1answer
80 views
QNX runtime error: unknown symbol __stack_chk_guard
I'm trying to test the backward compatibility between QNX 6.6.0 and 6.5.0 (in concequence of an earlier question I've got). I compiled a relatively simple program using SDP6.6.0 and executed it on ...
4
votes
2answers
85 views
In buffer overflow return address is overwritten with incorrect address but it still works
I'm trying to make buffer overflow and here is my code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int check_authentication(char *password) {
char ...
3
votes
3answers
103 views
Why doesn't buffer overflow occur with GCC?
I was just recently learning about buffer overflows. I was attempting to replicate it using GCC. Here's the code I wrote.
#include <stdio.h>
#include <string.h>
int main(int argc, char ...
0
votes
2answers
41 views
Call function in buffer overflow
I'm learning about buffer overflows and found a challenge that has a program somewhat like this:
int main() {
do_something()
return 0;
}
void do_something() {
//get inputs
...
6
votes
4answers
93 views
Heap Overflow Attack
I am learning about heap overflow attacks and my textbook provides the following vulnerable C code:
/* record type to allocate on heap */
typedef struct chunk {
char inp[64]; /* ...
0
votes
2answers
26 views
Why is ESP filled with null bytes after following EIP address?
I'm following Corelan's tutorial on buffer overflows (https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) and have written the following code :
my ...
0
votes
2answers
91 views
What is wrong with this buffer overflow solution in c?
I was just marked down on coursework for this incorrect solution to a buffer overflow in c but was not provided feedback on how it was wrong. Could somebody let me know what the problem is? Thank you.
...
0
votes
0answers
30 views
Buffer overflow and dmesg on 64 bits machines
I wrote a very simple program which has a buffer overflow vulnerability which I want to exploit. The program is the following:
#include <stdio.h>
void
foo(char *asd) {
char b [2];
...
1
vote
2answers
46 views
Multiple fscanf
I have written the following program that is intended to read a string from a file into variable "title":
#include <stdio.h>
#include <stdlib.h>
int main()
{
int m, b;
char ...
0
votes
0answers
32 views
Vertex buffer overflow error when performing card flip animation
I am receiving some strange bug reports from my app.
The stack trace look like this:
From users email, the app crashes when trying to perform a card flip animation.
Only affected devices are Nexus ...
4
votes
1answer
51 views
pushing and changing of %esp frame pointer
I have a small program, written in C, echo():
/* Read input line and write it back */
void echo() {
char buf[8]; /* Way too small! */
gets(buf);
puts(buf);
}
The corresponding assembly ...
0
votes
1answer
42 views
Buffer overflow with no securities?
I am reviewing for my exams next week, I have come across a past question.
void func(char * arg)
{
char buf[32];
strcpy(buf, arg);
}
Suppose;
No defenses at all
buf begins at 0xbffebfb0
...
0
votes
1answer
37 views
How to detect buffer overflow in C for this particular case,
I think this code should produce a buffer overflow error but apparently, this prints fine.. is there anyway to detect it has overflown?
Valgrind didn't picked it up either...
static void e(void) {
...
1
vote
0answers
52 views
Hex character converter converting to wrong char
I'm working on a buffer overflow attack and I have this code that converts an 0xXX input to the equivalent 1 byte ASCII char.
int main(int argc,char **argv) {
char buffer[1024];
while ...
0
votes
0answers
36 views
I'm trying to put the int 100 in a variable malloced 1, why doesn't this program crash? [duplicate]
Ok, so I'm screwing around with C trying to break stuff in a somewhat safe manner, like calling malloc(100000000000000) and having my computer run out of memory for a microsecond, and I thought, what ...
0
votes
0answers
18 views
Buffer overflow EDI overwritten. Now what?
I tried fuzzing an application and ended up with my fuzz string in the EDI register and my program stopped with access violation when reading ESI. I checked the SEH, but it seems un affected :( I am ...
1
vote
1answer
44 views
Which stream does “stack smashing detected” message get printed to?
Consider the following very basic program, which has appeared in many forms on other questions here.
#include <string.h>
int main() {
char message[8];
strcpy(message, "Hello, world!");
...
1
vote
1answer
79 views
I can not overflow buffer
I have seen a buffer overflow code but I can not over flow it. Is there any gcc option to compile that? Or any wrong with that code.
The code is:
#include <stdlib.h>
#include ...
1
vote
2answers
53 views
Function call after buffer overflow
I've seen a video: https://www.youtube.com/watch?v=AXQefYKWjz4
I don't understand 2 things:
I can't see the function call, but it happens.
How he got a specific number, which he wrote to the file.
...
136
votes
5answers
13k views
Why is this code vulnerable to buffer overflow attacks?
int func(char* str)
{
char buffer[100];
unsigned short len = strlen(str);
if(len >= 100)
{
return (-1);
}
strncpy(buffer,str,strlen(str));
return 0;
}
This code is ...
2
votes
3answers
74 views
Buffer Overflow - defending with canary not successful
I'm trying to protect a program using canaries but some input still gets past my defense.
This is the code:
#include <stdio.h>
#include <stdlib.h>
int urandom() {
#ifdef __unix__
...
8
votes
1answer
65 views
Valgrind won't detect buffer overflow
#include <stdio.h>
main()
{
char buf[8];
sprintf(buf,"AAAA%3s","XXssssssssXXXsssssXXX");
printf("%s\n",buf);
}
I expected valgrind to detect a buffer overflow with the above ...
0
votes
0answers
13 views
Buffer Overflow with Big Endian architecture
Could anyone help to solve the following practice problem related to buffer overflow?
On this problem, I am confused about how the variables and addresses should be stored within the stack. Here ...
0
votes
1answer
29 views
Findout address of shellcode dynamically, placed on stack
I am using shellcode to spawn a shell,I am curious to findout the starting address of shellcode dynamically,which is placed on stack and not hard code the address in the shellcode
kindly share your ...
0
votes
2answers
67 views
C - Use of strcpy in general
I have this snippet of code:
new->name = zalloc(sizeof(char) * strlen(name) + 1);
if (!new->name)
goto alloc_failed;
strcpy(new->name, name);
Is the general use if strcpy() frowned ...
2
votes
1answer
81 views
Modify the return address of a C function with buffer overflow vulnerability
I am trying to modify the following C program so that the main function will skip the printf("x is 1") line and only print "x is 0".
void func(char *str) {
char buffer[24];
int ...
4
votes
2answers
157 views
Is this code vulnerable to buffer overflow?
Fortify reported a buffer overflow vulnerability in below code citing following reason -
In this case we are primarily concerned with the case "Depends upon properties of the data that are enforced ...
4
votes
1answer
105 views
Modify C code with buffer overflow vulnerability to skip code [duplicate]
I'm trying to find a way to exploit the buffer overflow vulnerability in the following source code so the line, printf("x is 1") will be skipped:
#include <stdio.h>
#include <stdlib.h>
...
1
vote
0answers
37 views
Return-To-Libc Function Address Probing
I'm trying to implement a return-to-libc buffer overflow attack by finding the address of system() with gdb and returning to said address with /bin/sh passed as an argument to system() on the stack. ...
0
votes
0answers
59 views
Writing a buffer overflow exploit
I understand there are quite a few tutorials on how to write a buffer overflow, but still can't write my own.
The following is the C code I want to hack:
#include <stdio.h>
#include ...
1
vote
2answers
114 views
Buffer overflow buffer length
I have a buffer overflow problem that I need to solve. Below is the problem, at the bottom is my question:
#include <stdio.h>
#include <string.h>
void lan(void) {
printf("Your loyalty ...
-2
votes
1answer
50 views
gethostbyname buffer overflow
I study about GHOST or CVE-2015-0235 vulnerability. I find out that my system is vulnerable. I write a test program to see the effect of this. but I cant see any thing. hear is my attemps:
...
0
votes
1answer
111 views
Difference between Python3 and Python2 - socket.send data
I'm practicing some buffer-overflow techniques and
I came across an odd issue with sending socked data.
I have this two almost identical codes, except the fact
that in Python3 code, I changed the ...
0
votes
2answers
57 views
Why does an overflow in a static variable cause seg fault but not global variables?
Why does the code fail with a segmentation fault for the first set of code but the second block doesn't? (Only difference is that the chars are static in the first but not static in the second).
...
Related Tags
c × 331
security × 92
assembly × 63
c++ × 63
exploit × 57
linux × 53
shellcode × 51
buffer × 39
stack × 39
gdb × 34
stack-overflow × 26
gcc × 25
x86 × 23
stack-smash × 18
fortify-source × 15
string × 13
android × 13
java × 11
buffer-overrun × 10
printf × 10
strcpy × 9
memory × 9
sockets × 9
python × 8
more related tags
Hot Network Questions
- How to remove a chapter from a local ToC
- Why is allocation on the heap faster than allocation on the stack?
- Why doesn't Mathematica evaluate this simple limit?
- Chat to or chat with?
- Difference between "Should" vs "ought to"
- Can you shoot someone with a bullet... from orbit?
- Do pilots need to know how to use a sextant?
- Why do web sites estimate dates like "a year ago"?
- How to create triangle/jagged edges on a cylinder (e.g. for a lamp shade)
- How to commute to work on your bike and dress up
- Client asking for design suggestions
- Should I warn a friend about a former employer?
- Question regarding dimensions on a schematic
- Is it safe to use the argv pointer globally?
- Since when is CAN bus mandatory for new vehicles?
- How to make underbrace label text wrap at brace width?
- A party of 3 women looking for a hero
- Code close to the challenge: Sum of integers
- Is it illegal to run away from a police officer in a way that provokes them?
- What's the name for those cards some companies use to promote customer fidelity?
- Unharmed, you need it every day
- Make the Stretchy Snakes Kiss
- What day is it (on Flooptonia)?
- What aircraft could make non-stop transatlantic flights in 1958?
