Tagged Questions
Usually occurs when you attempt to copy data into a buffer without checking for sufficient space, causing data to be overwritten in neighboring cells.
0
votes
1answer
12 views
Heap Overflow attack, what can go wrong with this code
char *test(char *arg1, char* arg2){
size_t length=strlen(arg1);
char *c= malloc(length+4);
for(int i=length;i>0;i--)
*(c+i+4)=*(arg1)^(arg2[i%8]);
*(size_t *) (c) =length;
return c;
}
Does this ...
-1
votes
1answer
53 views
C: buffer overflow, changing passed variables
I'm doing some exercises regarding buffer overflows and I am currently stumped as how to proceed further with one of them. This is the program code:
#include <stdio.h>
#include <stdlib.h>
...
1
vote
0answers
70 views
Why is there extra space between stack control data and local variables?
I am working through the OverTheWire Narnia wargame and I don't completely understand one of my buffer overflow solutions.
The following code is what is confusing me.
#include <stdio.h>
#...
4
votes
4answers
10k views
How to prevent memcpy buffer overflow?
There are some binary buffer with fixed size in a program that are used to store data.
And memcpy is used to copy the buffer from one to another one. Since the source buffer may be larger than the ...
0
votes
0answers
20 views
+50
WPD API Detect if Device is a Phone?
In my project I use the WPD API to read the contents of a mobile device. I followed the API to a tee and have successfully implemented content enumeration.
However, if a USB drive is connected, the ...
0
votes
0answers
25 views
buffer overflow task, cannot run shellcode
I have been struggling for 1 week and cannot figure this out. Please help.
My friend gave me an executable which is just a simple server and has buffer overflow vulnerability. My goal is to get a ...
0
votes
4answers
92 views
Is this C user input code vulnerable?
I have this code that reads input from the user:
unsigned int readInput(char * buffer, unsigned int len){
size_t stringlen = 0;
char c;
while((c = getchar()) != '\n' && c != EOF){
...
0
votes
0answers
17 views
onClick() crashes program “bignerdranch” “criminalintent” project
i am new to android programming but i have some prior java experience. i am working on a project from the big nerd ranch guide to android programming. because i lack experience with android i am ...
2
votes
3answers
1k views
Why does this code emit buffer overrun warnings(C6385/C6386) in code analysis on Visual Studio 2012?
I'm trying using the code analysis function of Visual Studio 2012. I just have run them over my existing project and found some buffer overrun warnings(C6385/C6386) on the part which contains my own ...
0
votes
0answers
24 views
After enabling webcam to emulator, my projects crash
I have been trying for several hours to figure out this problem I've been having. My code was working up until I tried to enable my emulator to access my laptop's webcamera. Since then, none of my ...
-1
votes
0answers
78 views
Buffer overflow C issues
I'm practising buffer overflowing. The goal is to overflow the return address with the address of the printf statement so that the program will jump over the x = 1 statement and instead print out x = ...
0
votes
1answer
53 views
C program char buffer unexpected overflow
I am trying to understand two different behaviors of an overflow from a C program(call it vulnerable_prog)in Linux that asks for input, in order to allow you to overflow a buffer. I understand that ...
0
votes
2answers
67 views
Buffer overflow on socket connection
i was working on a socket server on a friend's computer and everythng was working fine but then i executed the code on my computer and it throws a buffer overflow like this
*** buffer overflow ...
0
votes
0answers
28 views
*** buffer overflow detected ***: rsync terminated
I have a Python program in which I use Python subprocess module to execute a rsync command to copy files and folders with permissions and modification time preserved from a local folder to a remote ...
10
votes
0answers
83 views
Python is reading past the end of the file. Is this a security risk? [duplicate]
So I just noticed this, and after some experimentation, I managed to make it reproducible. I didn't see this posted anywhere. Python seems to be reading past the end of files in certain circumstances. ...
-1
votes
1answer
34 views
Handle buffer overflow from 3rd party dll
In my project I make use of an older 3rd party DLL that is not going to be updated. It is used to decompress data. It decompresses the data and puts the result into a buffer that was passed to it.
...
0
votes
0answers
48 views
What mechanism overwrites the return address of a stack frame, preventing certain buffer overflow exploits?
Context: The source code shown below is compiled using the first command shown below. The resulting executable is then loaded into gdb and run using the second command shown below. A segfault is ...
0
votes
0answers
35 views
How to fix GDB probable charset issue NOP 0x90 translating to 0x90c2 in memory?
I have a strange problem when working on a challenge and exploiting a executable in kali linux with gdb-peda.
#>gdb -q someVulnerableBinary
gdb-peda$ python
>shellcode=(
>"\x6a\x0b\x58\x99\...
1
vote
1answer
51 views
Why am I getting a java.nio.BufferOverflowException
I tried to create a simple program just for fun, but I'm getting a BufferOverflowException:
ByteBuffer byteBuffer = ByteBuffer.allocateDirect(10);
FloatBuffer floatBuffer = byteBuffer.asFloatBuffer();...
0
votes
3answers
81 views
Why the buffer isn't overflowing with this code?
This is the C code that I am compiling:
#include <stdio.h>
#include <stdlib.h>
int main(){
long val=0x41414141;
char buf[20];
printf("Correct val's value from 0x41414141 -> ...
-1
votes
1answer
31 views
Why this occur an overflow ?
So i was wondering from some days, how this code cause an overflow:
__asm
{
CheckDebugger:
PUSH EAX // Save the EAX value to stack
MOV EAX, [FS:0x30] // Get PEB ...
1
vote
1answer
697 views
how to print register value using rop (return oriented programming)?
I've got an assignment to build rop code thats calls printf with the value inside edx register.
I'm stuck. I know the address of printf function, and I have a tools to find gadgets.
I'm trying to ...
8
votes
2answers
869 views
What is the most hardened set of options for GCC compiling C/C++?
What set of GCC options provide the best protection against memory corruption vulnerabilities such as Buffer Overflows, and Dangling Pointers? Does GCC provide any type of ROP chain mitigation? Are ...
0
votes
2answers
92 views
Solaris noexec_user_stack Issues
Would enabling noexec_user_stack parameter in Solaris prevent some geniune programs from running?
Has anyone tested this setting please?
0
votes
2answers
30 views
Overflow to change next element in a struct in C
I have a struct setup like this:
typedef struct _aStruct
{
char aChar[32];
int target;
}
What value would make this overflow aChar, to change 'target'?
memset(aStruct.aChar,0,32)
I'm sorry if this ...
0
votes
2answers
41 views
Turning off stack protection
I was just wondering, cause I have this C code:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int fillBuffer(int argc, char *argv[]) {
char bufferA[4] = "aaa";
...
1
vote
1answer
46 views
Shellcode not executed properly
I am trying to solve Protostar stack5.
Here is a solution.
It puts the shellcode after the return address, I tried to put it before, in the array.
I have tried the shellcode, it works.
It seems ...
0
votes
2answers
68 views
Simple buffer overflow via xinetd
I'm trying to make a simple buffer overflow tutorial that runs the program below as a service on port 8000 via xinetd. Code was compiled using
gcc -o bof bof.c -fno-stack-protector
ubuntu has ...
-1
votes
1answer
44 views
Buffer-Overflow exploit code
[Buffer - overflow exploit code][1]
Hi so i'm doing an exploit on the windows 2000 server as part of an assignment and needed a little help. I've attached a screenshot of the exploit code thats in ...
0
votes
1answer
34 views
Segmentation Fault in the Following Program for string comparisons
I am getting segmentation fault for the following code. The logic of the program that it should accept the correct password ("abcd") and it should deny access if entered any other password, but I am ...
14
votes
2answers
7k views
Shellcode for a simple stack overflow: Exploited program with shell terminates directly after execve(“/bin/sh”)
I played around with buffer overflows on Linux (amd64) and tried exploiting a simple program, but it failed. I disabled the security features (address space layout randomization with sysctl -w kernel....
24
votes
7answers
13k views
Buffer overflow works in gdb but not without it
I am on CentOS 6.4 32 bit and am trying to cause a buffer overflow in a program. Within GDB it works. Here is the output:
[root@localhost bufferoverflow]# gdb stack
GNU gdb (GDB) Red Hat Enterprise ...
1
vote
1answer
53 views
Can I generate a random float on the whole space?
I am trying to generate a random number that range from Number.MIN_VALUE to Number.MAX_VALUE, but the following algorithm fails due to buffer overflows (I guess) :
var randFloat = Math.floor(Math....
1
vote
1answer
49 views
C++ 3D array to 1D causes heap-buffer-overflow
I want to give a minimal example. If the code provided is not enough, please tell me what else you need. It's nothing super secret ;)
Consider the following two implementations:
Using 3d array:
.h
...
1
vote
1answer
30 views
Why is initializing C union using “designated initializer” giving random values?
I had a "bug" which I spent quite a while chasing:
typedef union {
struct {
uint8_t mode: 1;
uint8_t texture: 4;
uint8_t blend_mode: 2;
};
uint8_t key;
} ...
0
votes
1answer
567 views
How to Write in Arbitrary Memory Addresses
Regarding topic about "Writing to Arbitrary Memory Addresses" From hacking the art of exploitation".
When I issues to change value of test_val, but the value of test_val doesn't change. Anyone could ...
0
votes
1answer
14 views
Different comportement of read
I'm trying to understand why this program return different errors when I change the size of the buffer:
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno....
53
votes
10answers
112k views
Why should you use strncpy instead of strcpy?
Edit: I've added the source for the example.
I came across this example:
char source[MAX] = "123456789";
char source1[MAX] = "123456789";
char destination[MAX] = "abcdefg";
char destination1[MAX] = "...
0
votes
0answers
13 views
Stack layout on a Linux Machine
I am trying to do a buffer overflow and I have all my code up and working but for some reason I think I am overwritting my RET with a NOP because when it tries to return from the function that stores ...
-7
votes
1answer
276 views
Hacking: how to perform buffer overflow attack?
I am stuck on a hacking exercise.
The program shows this when executed:
Build your own string!
Usage:
./4 length command...
Each command consist of a single character followed by its index.
...
1
vote
0answers
68 views
Stack Buffer Overflow
#include <stdio.h>
#include <string.h>
int main (int argc, char **argv){
char buffer[500];
strcpy(buffer,argv[1]);
return 0;
}
This is the code I have been working with to ...
0
votes
1answer
40 views
Buffer overflow not working as expected [closed]
I am trying to execute a buffer overflow. I got it almost working as EIP points to the first instruction of my shellcode. However, when doing this in GDB it produces a SIGSEGV and I do not understand ...
1
vote
0answers
58 views
Exploiting a buffer overflow when the buffer can't fit my shellcode
So I was running some wargames today, and it was all going well until I ran into one particular level. The reason I can't get it to work is that I have nowhere to put the shellcode; the two buffers ...
0
votes
0answers
50 views
Null terminating using movb causes segmentation fault
This is my linux64 assembly code (working fine):
.text
.globl _start
.type _start, @function
_start:
pushq %rbp
movq %rsp, %rbp
subq $16, %rsp
jmp helper
...
1
vote
0answers
78 views
buffer overflow - unable to overwrite return address
Trying a buffer overflow to overwrite return address on stack for the following program. I want to call accept on both case of strcmp()
void accept()
{
printf ("\nAccess Granted!\n");
return;
} ...
0
votes
1answer
42 views
Shuffled order of bytes in gdb when using perl print statement in ubuntu
run $(perl -e 'print "\xfd\x06\x40\x00" x 10')
When I run my program with this argument I should get 0x004006fd as the word in the stack but instead I get a rearranged order of this word but never ...
0
votes
2answers
192 views
Vulnserver - Buffer overflow NOP characters aren't being passed in properly
I'm currently working on a buffer overflow test on the vulnserver app. Overflowing the buffer with hex values of A seemed to be passed into the program without an issue. The EIP was overwritten ...
-1
votes
1answer
76 views
Exploit development in Python 3
I realised that exploit development with python 3 is not as straight forward as it is using python 2.
As I understand, this is mainly due to the socket library and the added byte datatype.
For ...
0
votes
1answer
357 views
Nop Sled, can you explain it to me?
I have been reading this book: Hacking, the art of exploitation
On page 140, the book explains the Nop Slide:
We’ll create a large array (or sled) of these NOP instructions and place it
before ...
0
votes
0answers
80 views
Buffer overflow and dmesg on 64 bits machines
I wrote a very simple program which has a buffer overflow vulnerability which I want to exploit. The program is the following:
#include <stdio.h>
void
foo(char *asd) {
char b [2];
...
Related Tags
c × 467
security × 109
exploit × 89
assembly × 87
c++ × 82
linux × 71
shellcode × 70
gdb × 63
buffer × 60
stack × 56
stack-overflow × 44
gcc × 38
x86 × 35
stack-smash × 24
python × 20
android × 19
string × 17
java × 15
fortify-source × 15
buffer-overrun × 14
memory × 13
sockets × 12
segmentation-fault × 12
printf × 12
arrays × 11
more related tags
Hot Network Questions
- Freezing point of Avgas?
- Why are protons heavier than electrons?
- What is "( set -o posix ; set ) | less " doing?
- Is there an idiom for "People very quickly get used to good things"
- Happy birthday, Raffaele Cecco!
- How do I make a server of a virtual world indestructible?
- Citing own work within a paper and being anonymous
- OOP is a Disaster; how would this be programmed in non-OO?
- Should I help my former employer advertise my old job?
- LM339N comparator won't work
- How can I time a pipe?
- How to repair separated rails and stiles on solid wood doors
- How do you better keep track of enemy abilities and tactics during combat?
- Are seaplanes allowed to fly in residential areas?
- Is my Newark connection time enough?
- Would using an expensive car as collateral for a small loan to get cheap parking work?
- Why do metals only glow red, yellow and white and not through the full range of the spectrum?
- Is it unprofessional to simply announce your absence in case of a family death?
- Why is Arithmetic Overflow ignored?
- Naming of bool methods: Is vs. Can vs.?
- Can a character cast Bless on themselves?
- Scramble words while preserving their outlines
- Is it bad practice to say my callsign first in a transmission to ATC?
- What is the purpose behind having public holidays in modern times?
