All Questions
Tagged with buffer-overflow exploit
118 questions
0
votes
0answers
55 views
CSAPP 3e Attack lab phase 5
This is the phase 5 of attack lab. Due to address randomization and non-executable stack, we are supposed to use Return Oriented Programming (ROP) to pass the string pointer of a given cookie value as ...
0
votes
0answers
47 views
exploit development issues with nops
I am doing corelan course , but I am stuck at tutorial #2 push ret I am trying to overwrite my eip with my push esp ret to lauch my shellcode in this case a calc.exe , but it always overwrite with the ...
1
vote
1answer
44 views
Return address in stack before function call: To which segment points the return address?
I am currently learning on buffer overflow attacks.
I understand that the idea is to overwrite the return address.
The return address points to the statement that follows the function call. What I ...
-1
votes
1answer
49 views
How do I send raw bytes interactively for a buffer overflow exploit?
I am trying, as part of an exercise, to exploit a simple program by overwriting a value of a variable though a buffer overflow. I am pretty sure I have the idea behind the exploit figured out, but ...
2
votes
1answer
118 views
The Shellcode to open Calc.exe too long and complex, can't understand! My first exploit program
I wrote my first exploit program on Windows XP OS using the shellcode i foung on the web. It opens the calculator and the overall program works successfully. However, even though i did not write the ...
0
votes
1answer
84 views
ARM: ROP chain: Stack overflow fails on specific address
I am trying to exploit a slightly modified roplevel3 from Billy Ellis'
Exploit-Challenges. However, overflowing the stack does not work using the address of the global variable internal_mode (...
0
votes
0answers
189 views
Stack based buffer overflow - return address of “shell code”
I'm reading the book "Hacking- The Art of Exploitation 2nd edition".
I'm confused about the following example of injecting a string buffer as an argument to a stack based buffer overflow vulnerable ...
0
votes
0answers
127 views
Buffer Overflow - Not enough space for shellcode
I have exercise of Buffer Overflow. After some fuzzing, I successfully crash the application and overwrite the exact 4 bytes of EIP, then I success to jmp to ESP that holds some of my payload (the ...
2
votes
1answer
87 views
Overwriting data via array vulnerabilities
I am trying to demonstrate a buffer overflow via an array index (when there isn't any bounds checking). What I am trying to do is change my bool authenticated = false to true by passing in a bad ...
0
votes
2answers
35 views
Buffer overflow - how a possibility of an attack is found?
I've been reading about buffer overflow exploits and I understand the concept (I know about a stack, overwriting a return address, a shell code, NOPs etc.)
All examples of exploits on youtube, in ...
2
votes
1answer
500 views
Exploit a buffer overflow with canary protection
I'm trying to exploit this simple program for homework:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define BUFSIZE 1024
typedef struct {
char flag_content[...
1
vote
1answer
89 views
Why can integer store a hex value but cannot store the same value in decimal?
I most recently successfully exploited a C executable by causing its char array to overflow in to another variable. I did this by piping in the output of exploit1.py in to the command line which was ...
1
vote
1answer
215 views
Linux: Buffer overflow of simple C program is giving SIGBUS
I am a beginner in binary exploitation, and I'm training for the exploitation of buffer overflows. I made a useless short C program:
#include <stdio.h>
#include <stdlib.h>
int main(void) ...
-2
votes
1answer
80 views
Cant exploit overflow in simple program (chapter2 shellcoder's handbook)
I am reading The shellcoder's Handbook and im currently at chapter 2 where i have a simple program to exploit by overflowing the expected input and then issuing a new location for the ret instruction ...
0
votes
1answer
124 views
x86 ebp's behavior in buffer overflow attack
Looking at a few basic stack based buffer overflows, I'm confused as to the difference the caller's ebp plays in a basic return address overwrite vs an off-by-one ebp overwrite.
In the return address ...
0
votes
1answer
107 views
assembly : where to find the shellcode of a bufer overflow exploit
On a windows xp machine, I open an "echo server" exe with Immunity Debugger, then run the program. The echo server is running on port 10000.
On my other machine, I run a python script (see below) ...
0
votes
1answer
131 views
Buffer overflow exploitation 101
I've heard in a lot of places that buffer overflows, illegal indexing in C like languages may compromise the security of a system. But in my experience all it does is crash the program I'm running. ...
0
votes
0answers
297 views
Simple buffer overflow EIP overwrite not working
I would have asked this on stackexchange but Ive asked similar questions about this problem with not so much as a comment, I feel I will get better results here.
I have been trying to exploit this ...
-1
votes
1answer
74 views
C Windows/Linux Buffer Overflow Exploits
I have looked at how the buffer overflows work and have to determine that the program (with gcc) must compile with the following parameters: -fno-stackprotector and -z execstack.
You have to tell the ...
0
votes
1answer
154 views
How to redirect multiple inputs from files to a binary being debugged in gdb?
The binary I am debugging in gdb first asks me for a id first and then if the id is valid asks for a second input.
gef➤ run
Agent ID : 48093572 //This is the first input which the user has to ...
-4
votes
1answer
575 views
Segmentation faults in stack-based buffer overflow
I was doing the SEED lab on buffer overflows which has the following vulnerable code:
/* stack.c */
/* This program has a buffer overflow vulnerability. */
/* Our task is to exploit this ...
0
votes
3answers
302 views
why do I get a SIGSEGV in _Global_Offset_Table error with my 64bit exploit instead of getting a shell
So what's the story..
I'm following this tutorial on 64bit overflow exploit using rop.
https://blog.techorganic.com/2016/03/18/64-bit-linux-stack-smashing-tutorial-part-3/
The c source to exploit is ...
0
votes
1answer
316 views
Running own code with a buffer overflow exploit
I am trying to understand the buffer overflow exploit and more specifically, how it can be used to run own code - e.g. by starting our own malicious application or anything similar.
While I do ...
0
votes
0answers
78 views
ASM shell spawner works, but fails in buffer overflow implementation
I have my assembly code:
section .shellcode progbits alloc exec write align=16
global _start
_start:
xor rdx,rdx
xor rbx,rbx
xor rax,rax
xor rsi,rsi
xor rdi,rdi
mov qword rbx,0x68732f6e69622f2f
...
4
votes
1answer
764 views
why will my buffer overflow exploit open a user shell only instead of a root shell?
I have been following a few tutorials on bufferoverflow exploitation. But my problem is, that I am not able to open a root shell, I will always get a normal user shell instead. I have checked the ...
0
votes
1answer
4k views
How to generate payload with python for buffer overflow?
I'm trying to provoke a buffer overflow in order to execute a function on C code. So far I already managed to find out what is the number of bytes to take over EBP register. The only thing next is to ...
1
vote
1answer
507 views
How to generate payload with python for buffer overflow?
I'm trying to provoke a buffer overflow in order to execute a function on C code. So far I already managed to find out what is the number of bytes to take over EBP register. The only thing next is to ...
1
vote
1answer
389 views
Getting Cannot access memory on executing push instruction on x64 architecture
I am trying to learn buffer overflow exploit. shell code contains instructions and when executed separately, they run without any problem but when control is passed to it via the program i am trying ...
1
vote
2answers
541 views
How can I exploit a buffer overflow?
I have a homework assignment to exploit a buffer overflow in the given program.
#include <stdio.h>
#include <stdlib.h>
int oopsIGotToTheBadFunction(void)
{
printf("Gotcha!\n");
...
4
votes
1answer
3k views
exploiting Buffer Overflow using gets() in a simple C program
I am new to Buffer Overflow exploits and I started with a simple C program.
Code
#include <stdio.h>
#include <strings.h>
void execs(void){
printf("yay!!");
}
void return_input (...
1
vote
2answers
154 views
Simple Buffer Overflow
I have an exercise that asks of me to produce a seg.fault.
In my understanding i can do that by overflowing the buffer.
So all i need to do is provide an input(Name) bigger than a certain size(...
0
votes
1answer
229 views
Buffer overflow not working (shellcoders handbook)
I'm reading the shellcoder's handbook. I am following along and for some reason cannot get my shellcode to run. I have compiled the program with
gcc -mpreferred-stack-boundary=2 -m32 -z execstack ...
0
votes
2answers
382 views
How to fix GDB probable charset issue NOP 0x90 translating to 0x90c2 in memory?
I have a strange problem when working on a challenge and exploiting a executable in kali linux with gdb-peda.
#>gdb -q someVulnerableBinary
gdb-peda$ python
>shellcode=(
>"\x6a\x0b\x58\x99\...
-1
votes
1answer
243 views
Buffer-Overflow exploit code
[Buffer - overflow exploit code][1]
Hi so i'm doing an exploit on the windows 2000 server as part of an assignment and needed a little help. I've attached a screenshot of the exploit code thats in ...
1
vote
0answers
361 views
Exploiting a buffer overflow when the buffer can't fit my shellcode
So I was running some wargames today, and it was all going well until I ran into one particular level. The reason I can't get it to work is that I have nowhere to put the shellcode; the two buffers ...
0
votes
1answer
18 views
Different comportement of read
I'm trying to understand why this program return different errors when I change the size of the buffer:
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno....
1
vote
2answers
415 views
return to libc attack using a function pointer
How should I format my input for the return to libc attack in the following code:
void example_function(int x, const char *name)
{
void (*foo)(int, const char *) = http_serve_none;
char buf[...
1
vote
0answers
506 views
Why reverse_tcp Shellcode doesn't work?
I am using this shellcode:
\x6a\x66\x58\x6a\x01\x5b\x31\xd2\x52\x53\x6a\x02\x89\xe1\xcd\x80\x92\xb0\x66\x68\xc0\xa8\x0f\x81\x66\x68\x05\x39\x43\x66\x53\x89\xe1\x6a\x10\x51\x52\x89\xe1\x43\xcd\x80\...
2
votes
1answer
594 views
Segmentation fault on buffer buffer overflow
I tried to learn how buffer overflow works and I did some exercises from exploit-exercises.com. I tried to solve Protostar Stack 5 problem. The code is writen in C. Here is the code:
#include <...
1
vote
1answer
330 views
Difference between scanf's width specification and scanf_s
scanf_s("%s", a, 10);
This code will protect our program from buffer overflow exploit.
But without scanf_s, we can write:
scanf("%9s", a);
I think this code will also block buffer overflow. Is ...
0
votes
1answer
221 views
Why my exploit in perl work but it doesn't in python
I'm trying to exploit a buffer overflow.
I don't think it's useful to post my program in C.
This exploit work:
(perl -e 'print "a" x 280 . "\xf6\x06\x40\x00\x00\x00\x00\x00"' ; cat) | ./a.out
But ...
1
vote
1answer
972 views
GDB: Find stack memory address where return address of a function is stored?
I'm working on producing a buffer overflow on my Raspberry Pi (ASLR disabled).
I have a program, which has a main function, a vulnerable function and a function which should not be called, the evil ...
3
votes
1answer
569 views
I'm trying to exploit a bufferoverflow, am I doing something wrong?
I'm trying to execute a buffer overflow exploit using this tutorial
Everything in my post will be execute directly inside GDB.
https://www.reddit.com/r/hacking/comments/1wy610/...
0
votes
0answers
105 views
ESP after SEH Exception with same program on different computers
Below are a few articles that exploit different programs by using ESP after the SEH exception to POPAD back to a controllable part of the stack. The other article demonstrates stack pivoting finding ...
0
votes
1answer
314 views
reverse move in stack without jmp
Update: Since I'm able to get the correct address into a register that I want to jump/call to, I think the best option would be to figure out a way to have self modifying code result in a jmp/call ...
1
vote
1answer
586 views
Buffer overflow using environment variables
I'm trying this code inspired by the "Hacking: The Art of Exploitation" book. It involves exploiting a buffer overflow using the environment variable. The exploitation code is:
#include <stdio.h&...
0
votes
2answers
1k views
Vulnserver - Buffer overflow NOP characters aren't being passed in properly
I'm currently working on a buffer overflow test on the vulnserver app. Overflowing the buffer with hex values of A seemed to be passed into the program without an issue. The EIP was overwritten ...
2
votes
1answer
70 views
Buffer overflow assistance
I'm looking for some help to wrap my head around the following:
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
int main(int argc, char **argv)
...
0
votes
1answer
381 views
Why can't I disable stack protection? [closed]
The OS I am currently using is 64-bit Ubuntu 14.04 with its gcc version being 4.8.4.
I wrote a simple program as shown below to do some testings related to buffer overflow, and somehow I found that ...
2
votes
0answers
672 views
WHY does this buffer overflow attack code issue segmentation fault
I am currently studying about buffer overflow exploit and encountered such a problem which required me to exploit the following SUID program.
/* stack.c */
/* This program has a buffer overflow ...
