All Questions
Tagged with buffer-overflow exploit-development
6
questions
10
votes
2
answers
7k
views
Why must a ret2libc attack follow the order "system(),exit(),command?
In a ret2libc attack, I understand that the return address can be overwritten with the address of the system command, which takes a command string as an argument. In this case, shouldn't the address ...
- 429
6
votes
2
answers
2k
views
Buffer overflow exploit works with gdb but not without
I am learning about buffer overflows and I’m developing my very first exploit.
There is a server process that listens to a socket and forks a new process for each client. The child process has a ...
- 255
5
votes
1
answer
5k
views
Using (cat $file; cat) to run a simple BOF exploit
Im getting acquainted with Buffer Overflows (BOF) and was replicating a simple attack described by Techorganic. They create a simple C program called "classic", which contains an obvious BOF ...
- 133
4
votes
2
answers
29k
views
return to libc- finding libc's address and finding offsets
So I tried performing a return-to-libc according to https://sploitfun.wordpress.com/2015/05/08/bypassing-nx-bit-using-return-to-libc/ .
I found libc's address by using "ldd vuln", and found system's ...
- 53
3
votes
2
answers
5k
views
Cannot overwrite EIP in basic exploitation example
I'm trying to replicate a simple buffer overflow for which I have the following code (strcpy_ex.c):
#include <string.h>
int main( int argc, char** argv ) {
char buffer[500];
...
- 199
2
votes
1
answer
838
views
segmentation fault at strcpy while perforforming a buffer overflow
I have this code that I need to use to perform a ret2libc
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[])
{
char buf[256];
printf("buff is at:%p\n",buf);
...
- 23