Usually occurs when you attempt to copy data into a buffer without checking for sufficient space, causing data to be overwritten in neighboring cells.
0
votes
0answers
11 views
Overflow saved RIP register value with short address
I'm trying to do buffer overflow where I need to rewrite the saved RIP register value with an address.
The address is short (8 bytes), for example, 0x0000000012345678. The RIP register is 16 bytes, ...
0
votes
2answers
83 views
Replace deprecated gets()
I am using the SLM toolkit by CMU-Cambridge for some baseline language modeling on language data, but when I run one of the built executables, my system detects a buffer overflow when it tries to ...
0
votes
0answers
25 views
mosquitto lead to buffer over flow
I did a test about mosquitto.
First, publish 100 messages.
for(i = 0; i < 100; i++)
mosquitto_publish(mosq_p, NULL, "topic", strlen(buf), buf, 1, false);
Then stop the mosquitto ...
0
votes
1answer
12 views
Entering ascii into html text box
I'm doing a cybersecurity capture the flag challenge and attempting to do buffer overflow on a server. it has an html text box that I'm trying to overflow with particular values. How can I enter ascii ...
0
votes
1answer
32 views
pointer segfault vs undefined behavior
Why does this code produce a segfault when running regularly, but undefined behavior instead of a segfault if I either add a command line argument or comment out calling the cpy function?
#include &...
1
vote
1answer
42 views
How could a buffer overflow attack on the updateConfigParams() function be exploited to disable the program?
Considering the following function
void updateConfigParams( void ) {
char buffer [512];
int i = 0;
while (( c = readFromWireless ()) != NULL)
{
buffer [ i ] = c;
i +=...
0
votes
0answers
15 views
Buffer Overflow in Adobe Reader exploit CVE-2013-2729
I'm trying to figure out how the buffer overflow woerks in the RLE bug explained here.
In particular I would like to undertstand the final part where it says that the "xpos+len(payload) over flows ...
1
vote
1answer
51 views
Difference between scanf's width specification and scanf_s
scanf_s("%s", a, 10);
This code will protect our program from buffer overflow exploit.
But without scanf_s, we can write:
scanf("%9s", a);
I think this code will also block buffer overflow. Is ...
0
votes
0answers
21 views
Buffer overflow attack with stack and buffer growing down
Consider a stack frame of a called function that has this local variable:
char buf[12];
In this case the stack should look like:
Note that the stack here grows down but the variable buf grows up. ...
0
votes
1answer
22 views
mips assembly display string using buffer overflow
I am practicing buffer overflow and assembly coding. Right now I am able to find return address, and jump to anywhere inside the program itself. However, I want to do more than just jump to itself, I ...
0
votes
1answer
32 views
No epb/eip registers in gdb “info frame”
Context
When issuing the command info frame on my machine (with break point on main), the output is as follows:
(gdb) info frame
Stack level 0, frame at 0x7fffffffdbd0:
rip = 0x4005b1 in main; ...
0
votes
1answer
16 views
Why my exploit in perl work but it doesn't in python
I'm trying to exploit a buffer overflow.
I don't think it's useful to post my program in C.
This exploit work:
(perl -e 'print "a" x 280 . "\xf6\x06\x40\x00\x00\x00\x00\x00"' ; cat) | ./a.out
But ...
0
votes
2answers
96 views
Is Go vulnerable for buffer overflow
I know languages like c# aren't vulnerable to buffer overflows unless you marshal or use unsafe code. But is go vulnerable for buffer overflows?
go
0
votes
0answers
32 views
x64 Ubuntu buffer overflow hacking with return to libc method
I tried buffer overflow with return to libc along https://blog.techorganic.com/2015/04/21/64-bit-linux-stack-smashing-tutorial-part-2/ this site.
But I get error
__libc_system (line=0x7ffff7b9a58b "...
0
votes
0answers
91 views
Assembly: Buffer overflow attack, insert code
I have a buffer overflow lab for homework in cs (also known as attack lab). In this phase, I have to overflow a char array, insert my own code in order to alter a register, and redirect to a "hidden ...
-2
votes
1answer
23 views
how do you overwrite a return address to point back into the buffer in a buffer overflow attack?
If you want to pass in shellcode to a program how would you make it so that the return address is overwritten to point back into the buffer to execute the shellcode? Such as in this function:
funcA(...
1
vote
1answer
44 views
GDB: Find stack memory address where return address of a function is stored?
I'm working on producing a buffer overflow on my Raspberry Pi (ASLR disabled).
I have a program, which has a main function, a vulnerable function and a function which should not be called, the evil ...
2
votes
0answers
94 views
Buffer overflow execute exploit assembly — placed on the stack
I need getbuf() to call touch2() with the correct parameter through a buffer overflow exploit. I will replace the parameter through exploit code -- placing instructions on the stack that places the ...
1
vote
0answers
74 views
Buffer overflow — old rbp space and return space
I have a program (ctarget) that uses the gets() function into a buffer. I need to overflow the buffer and call another program. From the assembly code (I don't have the source code) I can see the size ...
0
votes
0answers
15 views
java.nio.BufferOverflowException while parsing XML message
public Message unmarshalMessage(SourceMessaageType src, MyMessageType dest) {
final byte[] payload = src.getText();
final ByteBufferRefManager bufferManager = byteBufferPool.getBuffer(payload ....
0
votes
0answers
35 views
Segmentation faults in buffer overflow with DEP/NX/ASLR/fno-stack-protector disabled in GDB
I was trying exploit a stack overflow vulnerability in a test program and I get it, but only in GDB, I can't reproduce it without GDB, so following this answer: Buffer overflow works in gdb but not ...
2
votes
3answers
61 views
Buffer overflow error and Double data type error
int i=4,a,sum;
double b,d=4.0,sum2;
char e[100],s[]="Hello";
scanf("%d",&a);
scanf("%lf",&b);
fgets(e,100,stdin);
sum=i+a;
sum2=d+b;
printf("%d\n",sum);
printf("%lf\n",sum2);
printf("%s",...
0
votes
0answers
20 views
Why bus error occurs during buffer overflow
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int check_authentication(char *password){
int auth_flag = 0;
char password_buffer[16];
strcpy(password_buffer, password);...
2
votes
0answers
79 views
Calling library function after exploiting buffer overflow crashes the program
I'm trying to perform a simple buffer overflow using the following program
void not_called() {
printf("Enjoy your shell\n");
char* name[2];
name[0] = "/bin/sh";
name[1] = NULL;
execve(name[...
-1
votes
1answer
82 views
How to use standard Linux tools to fix a deadlocked script?
I have a script in Python3 and if I use subprocess.Popen.wait() I have problem — my script iterates some Linux command many times and it looks to me like my app is not responding. When I use ...
2
votes
2answers
80 views
Disabling stack protection in GCC not working
I'm trying to recreate a stack buffer overflow using the classic overflow with strcpy using this function:
#include <stdio.h>
#include <string.h>
void main(int argc, char **argv) {
...
5
votes
3answers
399 views
Why is my stack buffer overflow exploit not working?
So I have a really simple stackoverflow:
#include <stdio.h>
int main(int argc, char *argv[]) {
char buf[256];
memcpy(buf, argv[1],strlen(argv[1]));
printf(buf);
}
I'm trying to ...
1
vote
3answers
53 views
What parts of a process' virtual address space are overwriteable?
For instance, lets suppose that instead of buffers growing in the opposite direction of the stack, they grow in the same direction. If I have a character buffer containing the string "Hello world", ...
0
votes
0answers
26 views
Machine language changed temporary after buffer overflow
I'm trying buffer overflow about below code
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
int main(void)
{
char str[256];
printf("...
0
votes
0answers
13 views
Buffer overflow does not work well in ubuntu
When I practiced bof(buffer overflow) in ubuntu, I found weird things.
I used this code. (test.c compiled file is "test")
#include <stdio.h>
int main(int argc, char* argv[])
{
char buffer[256]...
0
votes
1answer
47 views
Buffer overflow success only when using gdb
If I modify return address directly with GDB, buffer overflow success and I can get shell. However when I don't use GDB, I can't get shell with same shell code. I can't find any difference between ...
0
votes
2answers
59 views
Is it possible to generate a Local Buffer Overflow in Android via a compiled binary to gain root access?
I want to know if it is possible rooting any Android OS via Local Buffer Overflow , which I would generate using a compiled program that will contain the most simplest Local Buffer Overflow:
char buf[...
0
votes
1answer
79 views
Ubuntu 16.04 Buffer Overflow
I am trying to recreate a buffer overflow attack in my machine using Ubuntu 16.04. But no matter what I try I always get the error 'Segmentation fault(core dumped)'
I already disabled memory ...
0
votes
0answers
41 views
Missing __stack_chk_fail Symbol Using GCC
Based on what I've seen with hardening audit tools the way to detect stack cookies/canaries is to dump symbols with readelf -s and look for the __stack_chk_fail symbol.
I build my code with -fstack-...
0
votes
2answers
99 views
Possible security vulnerability from using fgets() and recommended solution?
I'm using coverity's SA tool for errors. I'm getting a few errors due to the usage of fgets(). This is a snippet (SA errors shown as comments)-
FILE *fp;
char my_pubkey[1024];
fp = fopen("publickey....
2
votes
0answers
58 views
Buffer overflow attack with shell code
I used this shell code for buffer overflow attack
$(python -c 'print "\x48\x31\xff\x57\x57\x5e\x5a\x48\xbf\x2f\x62\x69\x6e\x2f\x73\x68\x57\x54\x5f\x6a\x3b\x58\x0f\x05\xc3"+"a"*31+"\x90\xe4\xff\xff\...
0
votes
0answers
29 views
Return to LibC Attack Unable to Work
//returntolibc.c
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
unsigned int xormask = 0xBE;
int i, length;
int overflow (FILE *filebad)
{
char buf[12];
/* ...
0
votes
1answer
37 views
Simple buffer overflow via xinetd
I'm trying to make a simple buffer overflow tutorial that runs the program below as a service on port 8000 via xinetd. Code was compiled using
gcc -o bof bof.c -fno-stack-protector
ubuntu has ...
5
votes
1answer
65 views
Would having the call stack grow upward make buffer overruns safer?
Each thread has its own stack to store local variables. But stacks are also used to store return addresses when calling a function.
In x86 assembly, esp points to the most-recently allocated end of ...
0
votes
1answer
13 views
Messy log from Keytool when getting Hash with -exportcert (Android)
I'm trying to get a Hash from my keystore file but instead I'm getting this messy log. Didn't find any info on this behaviour, looks like a Buffer Overflow Vulnerability. Tried regenerating keystores ...
0
votes
4answers
51 views
No error message when using system() to execute program with buffer overflow vulnerability
Consider the following program (vul.c) with buffer overflow vulnerability.
#include <stdio.h>
#include <string.h>
int main(int argc, char **argv)
{
char buf[10];
strcpy(buf, argv[...
1
vote
1answer
73 views
static analysis tools for c++/c shared and static libraries
I have been looking for static analysis tools that detect buffer overrun in c++/c shared and static libraries, but without success.
Especially with c/c++ libraries that are integrated with programs ...
0
votes
2answers
50 views
How to pass HEX character with no corresponding ASCII to a C program as input
Your first answer would be to use perl or python and pipe the input to the C program, but unfortunately the variable I want to input is not taking the value from argument of the C program, rather it ...
7
votes
1answer
92 views
Is gcc reordering local variables at compilation time?
I'm currently reading (for the second time) "Hacking : The Art of Exploitation" and have stumbled on something.
The book suggests two different ways to exploit these two similar programs : ...
0
votes
0answers
82 views
How to use buffer overflow to execute shell code? [duplicate]
i am learning about how buffer overflow work and i tried some basic buffer overflow case, but i got an error while changing the return address. The return address is correct and the operation inside ...
0
votes
1answer
36 views
Is it possible to ignore read overrun in google Address Sanitizer? [closed]
I'm debugging a C++ software using AddressSanitizer. There are tons of memory errors so I initially want to focus on most critical ones, notably on write overflows (rather than reads). Unfortunately ...
0
votes
0answers
31 views
C++ code exploit
I am learning basic buffer overflow issues, can anyone please explain how this code can be exploited.
char gWelcome [] = "Welcome to our system! ";
void echo (int fd)
{
int len;
char name [...
3
votes
0answers
78 views
Shellcode Segfault - testcase vs strcpy
So after taking a Software Security class I became very interested in tinkering with how shellcode works with buffer overflows. Most threads I read about the topic involve having the shellcode as a ...
1
vote
0answers
47 views
What could be the possible reason of buffer overflow in snprintf command in C?
I have defined preprocessors and the code is structured as below. When I test my code using a code scanning software(fortify) it shows that there can be a potential buffer overflow error in snprintf() ...
3
votes
1answer
197 views
I'm trying to exploit a bufferoverflow, am I doing something wrong?
I'm trying to execute a buffer overflow exploit using this tutorial
Everything in my post will be execute directly inside GDB.
https://www.reddit.com/r/hacking/comments/1wy610/...
Related Tags
c × 431
security × 101
assembly × 83
exploit × 81
c++ × 78
linux × 65
shellcode × 65
buffer × 57
gdb × 54
stack × 51
stack-overflow × 40
gcc × 34
x86 × 32
stack-smash × 23
android × 17
python × 16
string × 15
fortify-source × 15
java × 14
buffer-overrun × 14
memory × 12
segmentation-fault × 12
printf × 12
hacking × 12
sockets × 11
more related tags
Hot Network Questions
- Which current networking protocol would be the optimal choice for very small FTL bandwidth?
- Is there oscillating charge in a hydrogen atom?
- A 17th century colloquial term for children, in the way we use 'kids' today
- "Here you are & Here you go"
- What's a word/phrase like "compulsion" or "addiction" that is more about guilt than physiology or anxiety?
- Unity JS to C# conversion - Incomplete list of public variables in Inspector
- Can a supine verb have arguments?
- Drinking wine in the winter
- My boss asks me to stop writing small functions and do everything in the same loop
- Is there ferry service from Vietnam to Borneo?
- Does every root have an assigned primary use?
- "You there, What do you know about this?" - What did I do now?
- Is a world with two different types of air possible?
- Why can't linear bounded automata accept an empty string?
- Animate finding the middle
- Why does the '!!' shortcut fail to execute the previously run command?
- Bayesian vs Frequentist: practical difference w.r.t. machine learning
- A word for the moment when you realise technology has outpaced you
- Why is nuclear waste more dangerous than the original nuclear fuel?
- Fired because your skills are too far above your coworkers
- Random integers with differing probabilities
- LuaLaTeX: [draft] option clash for package graphicx when loaded after fontspec
- Why are the memory addresses of string literals so different from others', on Linux?
- What is the command to remove all files but no folders?
