Usually occurs when you attempt to copy data into a buffer without checking for sufficient space, causing data to be overwritten in neighboring cells.
-3
votes
1answer
66 views
How to do Infinite Loop
My aim is to write an infinite loop. I have to print infinitely this string "Hello World %s" and I can just use ROP (Return-oriented programming).
gcc -fno-stack-protector loop.c -o loop
I can ...
1
vote
0answers
33 views
“Simple” buffer overflow in Windows 8
I'm trying to create two simple programs in C to simulate a buffer overflow:
first one accepts an input and copies it to the memmory
second one
abuses the first one to execute some shellcode that ...
-4
votes
1answer
55 views
Try to learn exploitation with c on ubuntu
Im try to learn exploitation
I starts at buffer overflow
this is my code :
#include<stdio.h>
#include<string.h>
int main (int argc,char *argv[])
{
int value=5;
char ...
-2
votes
2answers
44 views
Buffer owerflow - order of local variables on stack
I'm quite confused about how the local variables are ordered on the stack. I understand, that (on Intel x86) the local variables are stored from higher to lower address as they go in the code. So it's ...
1
vote
0answers
20 views
iOS9 Heap Buffer Overflow Detected - CGContextSetFillColor
I've got a custom drawRect: function where I'm drawing to the context. At two different points I've been hitting "Heap buffer overflow detected". The two lines of code are:
...
1
vote
1answer
43 views
Tool to debug buffer overflows in C++ program with Visual Studio? [closed]
A long time ago when I was doing C++ work on Windows, there was an advanced diagnostics tool for debugging buffer overflows. It initialized all allocated memory areas, stack or heap, with a special ...
1
vote
1answer
32 views
Buffer Overflow on ELF which segfaults
So I have a small binary which upon running it segfaults automatically.
This is from a CTF, and the segfault is a part of the challenge, so it's not corrupted on my end.
My question is, how can I ...
-1
votes
0answers
90 views
buffer overflow: executing shellcode from file
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
/*
* a toy program for learning stack buffer
* overflow exploiting
* It reads a list of hex data from the
* ...
-1
votes
1answer
44 views
std::cout printing forbidden system info to the console
I have a c++ program which runs continuously and in order to debug it I print some values to the console using cout. This has been working fine for the past week.
Now however, after about 30 seconds ...
0
votes
1answer
24 views
How to replace MPI_Pack_size if I need to send more than 2GB of data?
I want to send and receive more than 2 GB of data using MPI and I came across a lot of articles like the ones cited below:
...
1
vote
1answer
49 views
Buffer Overflow in Excel VBA
I have completed my VBA module which would calculate monthly record differences based off medical services provided. This was working well. However when I tried running the code for a 3rd month (i.e. ...
4
votes
0answers
89 views
Finding the start of the stack for a buffer overflow
According to the book, Gray Hat Hacking, "all Linux ELF files are mapped into memory with the last relative address as 0xbfffffff". By subtracting 4 NULL bytes, the length of the filename and the ...
-1
votes
2answers
78 views
How to disable possible stack smashing protection (EIP is not being overwritten, EBP is)
I'm trying to figure out how stash smashing is carried out step by step. I have already used Google to no avail, I still don't know why my EIP is not being overwritten. I have this example program:
...
2
votes
1answer
27 views
__security_init_cookie and PI
I found this function in C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\crt\src\gs_support.c
0xBB40E64E=3141592654=PI - why is DEFAULT_SECURITY_COOKIE set to this value when the platform is ...
0
votes
0answers
14 views
IVideoPicture and BufferedImage Buffer overflow
am trying to get IVideoPicture, convert it to BufferedImage and then to byte[] and encrypt the byte[] then convert it back to BufferedImage and back again to IVideoPicture.
I am using Xuggler library ...
0
votes
1answer
28 views
How to disable and enable the the overflow Button on different fragments
I have and application in which I am using the Single activity and different fragments let say on activity start I call fragment A , and then after taking inputs I switch to fragment B and then ...
3
votes
1answer
57 views
Syscall inside shellcode won't run
Note: I've already asked this question in Stackoverflow in Portuguese Language: http://pt.stackoverflow.com/questions/76571/seguran%C3%A7a-syscall-dentro-de-shellcode-n%C3%A3o-executa. But it seems to ...
0
votes
1answer
45 views
using gdb to exploit buffer-overflow
I am working on an assignment and I ran into a bit of a problem. I am pretty new to the whole security sector of programming so I may just be missing something simple, but I would appreciate any help ...
0
votes
0answers
13 views
Possible serial port buffer overflow
I'm coding in c# using the serial port class to send a byte array of 18 characters to a DMX device. This device is the SER-DMX servo controller. Now the communication works momentarily and moves with ...
0
votes
1answer
145 views
buffer overflow doesn't reach eip
Hi i'm really stuck on this problem: here are my code and below the code i try to overflow:
#include <stdio.h>
#define B 145 // 141 for ex overflow
#define A 0
char sc[]=
...
1
vote
1answer
52 views
Spawned shell terminates quickly after buffer overflow
Here is the source code of the application to be exploited.
ch13.c:
#include <stdlib.h>
#include <stdio.h>
/*
gcc -o ch13 ch13.c -fno-stack-protector
*/
int main()
{
int var;
int ...
-1
votes
1answer
27 views
how to use symbolic execution to find bug, for example SAGE,KLEE,S2E [closed]
just as the title,anyone knows the difference of the ways that those tool use to find bug? kLEE and SAGE maybe can find out-of-bound access and buffer overflow, KLEE can use assertions ,but any other ...
1
vote
1answer
30 views
Passing array parameters on the stack (Buffer Overflow)
I need to execute a call to cat on a target file using a buffer overflow in a challenge app (can't execute on the stack, but can use libc). For reference, in C this is valid code for what I'm trying ...
2
votes
1answer
62 views
Error in return address while simulating buffer overflow
I am learning buffer overflow from the following website.
(gdb)info registers
eax 0xbffff4c0 -1073744704
ecx 0xbffff4bf -1073744705
edx 0x2 2
ebx ...
-3
votes
1answer
54 views
Buffer overflow - The changes of variables
void go()
{
//{1}
char buffer[2];
gets(buffer);
//{2}
cout << allow;
}
I tried to run the procedure above in 2 cases:
-1st: I declare "int allow;' at position 1
-2nd: I ...
222
votes
14answers
21k views
Why does this for loop exit on some platforms and not on others?
I have recently started to learn C and I am taking a class with C as the subject. I'm currently playing around with loops and I'm running into some odd behaviour which I don't know how to explain.
...
0
votes
1answer
77 views
Assignment from Incompatible Pointer Type In C Script
In a course I'm taking, I was given a broken buffer overflow script written in C, and have to fix the broken coding. I've patched a few things so far, but am receiving this error message when trying ...
0
votes
1answer
45 views
Nop Sled, can you explain it to me?
I have been reading this book: Hacking, the art of exploitation
On page 140, the book explains the Nop Slide:
We’ll create a large array (or sled) of these NOP instructions and place it
before ...
0
votes
0answers
72 views
Segmentation fault when exploit string overwrites the return pointer with the starting address on stack
I'm doing the csapp buflab level 2. In this assignment I'm asked to input an exploit string using the getbuf() Mine looks like.
08048fe0 <getbuf>:
8048fe0: 55 push ...
-1
votes
4answers
59 views
Array memory allocation of strings
I have written simple string program using array allocation method. I have allocated character array 10 bytes, but when i give input, program is accepting input string of greater than 10 bytes. I am ...
1
vote
1answer
151 views
Oracle managed driver ODP.NET with NHibernate 4.0 FLOAT (126) to C# DECIMAL/Double
I am trying to create a mapping using Fluent NHibernate with Oracle 11g. This is the mapping I am creating:-
public class Abc : ClassMap<Abc>
{
public Abc()
{
Table("Abc");
...
-2
votes
2answers
115 views
memcpy() not working as expected
I'm trying to make a simple implementation of the Heartbleed Bug in C/C++ over Linux (Using ElementaryOS on vmplayer). From my understanding of the heartbleed bug, it involves the client sending a ...
1
vote
1answer
142 views
QNX runtime error: unknown symbol __stack_chk_guard
I'm trying to test the backward compatibility between QNX 6.6.0 and 6.5.0 (in concequence of an earlier question I've got). I compiled a relatively simple program using SDP6.6.0 and executed it on ...
4
votes
2answers
92 views
In buffer overflow return address is overwritten with incorrect address but it still works
I'm trying to make buffer overflow and here is my code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int check_authentication(char *password) {
char ...
3
votes
3answers
107 views
Why doesn't buffer overflow occur with GCC?
I was just recently learning about buffer overflows. I was attempting to replicate it using GCC. Here's the code I wrote.
#include <stdio.h>
#include <string.h>
int main(int argc, char ...
0
votes
2answers
42 views
Call function in buffer overflow
I'm learning about buffer overflows and found a challenge that has a program somewhat like this:
int main() {
do_something()
return 0;
}
void do_something() {
//get inputs
...
6
votes
4answers
99 views
Heap Overflow Attack
I am learning about heap overflow attacks and my textbook provides the following vulnerable C code:
/* record type to allocate on heap */
typedef struct chunk {
char inp[64]; /* ...
0
votes
2answers
34 views
Why is ESP filled with null bytes after following EIP address?
I'm following Corelan's tutorial on buffer overflows (https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) and have written the following code :
my ...
0
votes
2answers
97 views
What is wrong with this buffer overflow solution in c?
I was just marked down on coursework for this incorrect solution to a buffer overflow in c but was not provided feedback on how it was wrong. Could somebody let me know what the problem is? Thank you.
...
0
votes
0answers
32 views
Buffer overflow and dmesg on 64 bits machines
I wrote a very simple program which has a buffer overflow vulnerability which I want to exploit. The program is the following:
#include <stdio.h>
void
foo(char *asd) {
char b [2];
...
1
vote
2answers
48 views
Multiple fscanf
I have written the following program that is intended to read a string from a file into variable "title":
#include <stdio.h>
#include <stdlib.h>
int main()
{
int m, b;
char ...
0
votes
0answers
37 views
Vertex buffer overflow error when performing card flip animation
I am receiving some strange bug reports from my app.
The stack trace look like this:
From users email, the app crashes when trying to perform a card flip animation.
Only affected devices are Nexus ...
4
votes
1answer
58 views
pushing and changing of %esp frame pointer
I have a small program, written in C, echo():
/* Read input line and write it back */
void echo() {
char buf[8]; /* Way too small! */
gets(buf);
puts(buf);
}
The corresponding assembly ...
0
votes
1answer
50 views
Buffer overflow with no securities?
I am reviewing for my exams next week, I have come across a past question.
void func(char * arg)
{
char buf[32];
strcpy(buf, arg);
}
Suppose;
No defenses at all
buf begins at 0xbffebfb0
...
0
votes
1answer
37 views
How to detect buffer overflow in C for this particular case,
I think this code should produce a buffer overflow error but apparently, this prints fine.. is there anyway to detect it has overflown?
Valgrind didn't picked it up either...
static void e(void) {
...
1
vote
0answers
54 views
Hex character converter converting to wrong char
I'm working on a buffer overflow attack and I have this code that converts an 0xXX input to the equivalent 1 byte ASCII char.
int main(int argc,char **argv) {
char buffer[1024];
while ...
0
votes
0answers
36 views
I'm trying to put the int 100 in a variable malloced 1, why doesn't this program crash? [duplicate]
Ok, so I'm screwing around with C trying to break stuff in a somewhat safe manner, like calling malloc(100000000000000) and having my computer run out of memory for a microsecond, and I thought, what ...
0
votes
0answers
20 views
Buffer overflow EDI overwritten. Now what?
I tried fuzzing an application and ended up with my fuzz string in the EDI register and my program stopped with access violation when reading ESI. I checked the SEH, but it seems un affected :( I am ...
1
vote
1answer
57 views
Which stream does “stack smashing detected” message get printed to?
Consider the following very basic program, which has appeared in many forms on other questions here.
#include <string.h>
int main() {
char message[8];
strcpy(message, "Hello, world!");
...
1
vote
1answer
81 views
I can not overflow buffer
I have seen a buffer overflow code but I can not over flow it. Is there any gcc option to compile that? Or any wrong with that code.
The code is:
#include <stdlib.h>
#include ...
Related Tags
c × 340
security × 93
assembly × 66
c++ × 66
exploit × 59
linux × 54
shellcode × 52
buffer × 40
stack × 40
gdb × 35
stack-overflow × 26
gcc × 26
x86 × 24
stack-smash × 18
fortify-source × 15
android × 14
string × 13
java × 11
buffer-overrun × 10
printf × 10
strcpy × 9
sockets × 9
visual-c++ × 8
memory × 8
more related tags
Hot Network Questions
- Lookup without conditional statements
- Can the "$" symbol be safely considered as universal when making a graphic depicting money?
- How to conquer a country, forever
- How "realistic" is the way of holding star trek phasers?
- Why is being able to login with capslock bad?
- Syntax for using Tooltip in DiscretePlot
- IEnumerable<T> Skip on unlimited sequence
- Is homebrewing D&D okay?
- What are the common mistakes PhD candidates make in their final defense session?
- Convert CMYK into K only
- Evolution's Triumph
- When I was in trouble he borrowed me money. When I was in trouble he lent me money
- execute anonymous apex via ANT script
- Correlation between OLS estimators for intercept and slope
- Disable StrictHostKeyChecking in ssh
- We are #1 in our industry. However because we aren't a hot startup anymore some workers leave. How to manage this?
- HTML password fields
- About the subliminal message in Serenity
- Given their reputation for fighting to the last man in the Pacific, why did 700,000 Japanese troops surrender in Manchuria?
- Can photons lose energy over time
- Why do people say you shouldn't do a PhD unless you want a career in research?
- When was the last time 9 people were on the ISS?
- How to take a shadowless screenshot on Windows 10?
- Survive the full moon in a country largely populated by werewolves
