All Questions
Tagged with buffer-overflow c
577 questions
0
votes
2answers
46 views
Causing a Buffer Overflow Using fgets
I'm trying to make a buffer overflow on a c program, but I can't manage to find the vulnerability and exploit the code.
I've tried thousands of inputs.
Generally I've tried these:
1) I've tried the ...
0
votes
0answers
72 views
Innocent input breaks buffer overflow exploit?
Below is a simple program, vulnerable to buffer overflow; it is as similar as I could make it to a bigger (CTF) program I was working on and I "extracted" (re-wrote) only that piece where the bug lies....
0
votes
2answers
39 views
Buffer Overflow Test on Fedora 32-bit not changing $eip register value
I am trying to perform a simple buffer overflow on 32-bit Fedora, but the eip register value is not changing
My C code is as follows :
#include <string.h>
int main(int argc, char ** argv){
...
-2
votes
1answer
54 views
Bufferoverflow, snprintf instead char resizes? [duplicate]
I have a hard time to understand why the below code is not resulting in a bufferoverflow and instead some how seems to resize the char example from 1 to 16.
I checked the snprintf documentation but ...
1
vote
1answer
45 views
Why is the following code susceptible to heap overflow attack
I'm new to cyber security, and I am trying to understand why the following code is susceptible to a heap overflow attack...
struct data {
char name[128];
};
struct fp {
int (*fp)();
};
void ...
4
votes
1answer
73 views
How to exploit a buffer overflow to execute instructions on the stack
I'm starting to tinker with buffer overflows, and wrote the following program:
#include <unistd.h>
void g() {
execve("/bin/sh", NULL, NULL);
}
void f() {
long *return_address;
char ...
0
votes
0answers
37 views
How to fix “Single step event at ntdll.774A01E8” in Immunity debugger?
I'm trying to practice stack-based buffer overflow for Windows exploit development. I'm using Windows 7 64 bit virtual machine and Immunity debugger. Tutorials use Windows XP but I'm using win 7. The ...
0
votes
0answers
52 views
Buffer Overflow not spawing shell?
Note: This is only for educational purposes.
Below is the exploit elements.
Script:
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]){
char buf[500];
...
0
votes
1answer
34 views
certain parts of injected string are missing on stack frame
I'm trying return-to-libc exploit on simple program. I've managed to locate
stack address where input string is stored, and locations of libc functions and build my payload base on it.
[padding(252-...
0
votes
0answers
215 views
How to approach a Buffer Overflow problem with a limited string scanf and hashing?
PRE: There is only one similar question to this here with a different hashing algorithm and changed array sizes but that did not answer some questions in my head and post is from 2016. The problem is ...
0
votes
1answer
77 views
Buffer Overflow, modified Seedlab question?
In this Lab, I have exploit.c, stack.c and call_shellcode.c. Stack.c has been modifed so it prints out the buffer address and ebp address. I am running this on Virtual Machine, ubuntu 12.04 32 bit.
...
1
vote
0answers
85 views
Buffer overflow attack, getting password from locked text file
So, I'm trying to exploit this program that has a buffer overflow vulnerability to get/return a password behind a locked .txt contains the password. I shouldn't need to use GDB for this.
vuln.c //no ...
0
votes
0answers
12 views
How to make ROP gadget for shell to work?
I have the below ROP gaget to execv shell.
from struct import pack
p = "\x90"+"a"*71
p += pack('<Q', 0x0000000000001b96+0x007ffff79e4000) # pop rdx ; ret
p += pack('<Q', 0x00000000003eb1a0+...
0
votes
0answers
51 views
Why doesn't buffer overflow work with a x64 cpu? [duplicate]
So I've been learning basics of hacking by the book Hacking: The Art of Exploitation, 2nd Edn by Jon Erickson (2008), since I wanna be a penetration tester in future. This book is great. Still there ...
0
votes
0answers
41 views
How to prevent strings to read CTF flags in C
I am creating a simple CTF in buffer overflow below is the sample code:
#include <stdio.h>
void secretFunction()
{
printf("this is your flag!\n");
}
void echo()
{
char buffer[20];
...
1
vote
1answer
44 views
Return address in stack before function call: To which segment points the return address?
I am currently learning on buffer overflow attacks.
I understand that the idea is to overwrite the return address.
The return address points to the statement that follows the function call. What I ...
2
votes
0answers
57 views
Python: Capture stdout of crashed program via subprocess
I have a simple C program that asks for input and echoes it back, so essentially a gets and then a printf. I want to call this program through Python subprocess and capture the output - even when the ...
-1
votes
1answer
49 views
How do I send raw bytes interactively for a buffer overflow exploit?
I am trying, as part of an exercise, to exploit a simple program by overwriting a value of a variable though a buffer overflow. I am pretty sure I have the idea behind the exploit figured out, but ...
1
vote
1answer
84 views
Buffer Overflow - unexpected values inserted
I'm trying to use buffer overflow to overwrite two local variables, so that I can call the hidden function. Here is the C code.
#include <stdio.h>
#include <stdlib.h>
static void ...
0
votes
0answers
77 views
ROP Buffer Overflow Exercise Issues
I'm doing this buffer overflow exercise and I can't seem to get it to work...
Under the Calling Arguments section of the article he exploits this program to use the variable not_used instead of /bin/...
0
votes
1answer
117 views
Exploit BOF in c?
void main(int argc, char **argv)
{
char buffer[517];
FILE *badfile;
/* Initialize buffer with 0x90 (NOP instruction) */
memset(&buffer, 0x90, 517);
*((long *) (buffer + 36)) =...
0
votes
2answers
46 views
Buffer overflow - set relevant text to be printed
#include <unistd.h>
char shellcode[] = "???";
int main(int argc, char* argv[]) {
int* ret;
ret = (int*) &ret + 2;
(*ret) = (int) shellcode;
}
I have to change shellCode ...
1
vote
2answers
54 views
Executable vs NX stack in BOF?
I'm reading about BOF(buffer overflow) attack, one way to prevent it is by making stack or heap non executable. But that doesn't mean that we can't have a local variable. I did't see a new behavior by ...
0
votes
2answers
164 views
What is the vulnerability in this C code?
I'm trying to understand buffer overflow attacks better, this is one of the exercises that came up, that has a buffer overflow vulnerability. I would like to know how one can exploit the vulnerability ...
-1
votes
1answer
72 views
Evaluating the offset of Return-Address [duplicate]
I'm trying to retrieve the offset of the Ret Address during a simple buffer overflow by using a cyclic pattern created in gdb-peda. I would expect a sigsegv on the return to callee frame, but I got it ...
0
votes
0answers
157 views
Generate payload with msfvenom for C/C++ program which input is stdin (buffer overflow)
I'm trying to generate shellcode for my C/C++ program to exploit a buffer overflow vulnerability, my code is as follows:
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#...
0
votes
1answer
65 views
C - Getting Invalid Characters After Reading a File and Printing to a File, -maybe- Buffer Overflow
I have a file with names, surnames, ids, and e-mails which is in a random order. I have to organize these datas, write to structures and to an output file as organized. There may be more than one name ...
-1
votes
1answer
65 views
Uname syscall in buffer overflow
I am trying to learn the basics in buffer overflow so I have written the following code to inject it in a buffer:
//uname(*buf)
"addl $-390, %esp;" //save space for buffer
"movl %esp, %ebx;" //ebx ...
0
votes
0answers
189 views
Stack based buffer overflow - return address of “shell code”
I'm reading the book "Hacking- The Art of Exploitation 2nd edition".
I'm confused about the following example of injecting a string buffer as an argument to a stack based buffer overflow vulnerable ...
-2
votes
1answer
53 views
BSS Based Buffer overflow
hoping someone can help me understand a vulnerability I'm studying in college.
In the c code there is an unbound strcat
strcat(buffer, argv[1]);
The aim is to overflow this buffer into the saved ...
3
votes
2answers
56 views
Non Null-terminated value causing StrCmp to return 0?
I have the following code:
_Bool grantAccess(char *password){
char goodPassWord[]= "goodpass";
return (0 == strcmp(password, goodPassWord));
}
_Bool grantAccessExercise(void){
char ...
-3
votes
1answer
60 views
Memory addresses
I am workin on Overthewire narnia2(ctf game).
Currently I am learning how to use the gdb and I have a simple question.
(gdb) x/200x $esp-0xac
0xffffd5a4: 0x08048534 0xffffd5c8 0xf7e5b7d0 ...
0
votes
2answers
296 views
Exploiting c - linux setuid and system commands
I have the following code as an executable that I want to exploit for a course in order to spawn a shell with elevated privileges. I am a user of levelX and the executable has setgid of levelX+1. I am ...
1
vote
1answer
184 views
Buffer Overflow on Sample C Program
May I know how to increase the length of ESP on a sample c program which allows me to execute shellcode on the stack. However, as of now, the sample c program only has an ESP length of 61 thus ...
0
votes
1answer
76 views
How to call a function without calling it directly in c
I am trying to call a function with calling it directly. So, I use function pointers and buffer overflowing. I get what I want however when I debug the program, I get segmentation fault.
Is there a ...
0
votes
2answers
44 views
problem initialization order in buffer overflow problem
First thing, this is a homework problem. I am not sure if it is ok but don't post anything about how to change the int value.
My question is if I have the order of
int set_me = 0;
char buf[15];
...
2
votes
1answer
254 views
read() - Check buffer boundaries if used in a loop including recursive loops
I have this code and run it with Flawinder, and i get this output on the read() functions: "Check buffer boundaries if used in a loop including recursive loops"
Can anyone see the problem?
**
#...
0
votes
1answer
86 views
Prevent buffer overflow
I want to prevent buffer overflow by making the filename no more than 20 character long. Is there a better function I should use? Like fgets?
#include <stdio.h>
int main()
{
char filename[20]; ...
1
vote
1answer
60 views
Buffer Overflow shellcode overwriting wrong address
NOTE: This is a modified version of my original post here but
poses a slightly different question.
I am going through this video on buffer overflows but am having some trouble replicating the demo. ...
0
votes
1answer
49 views
Stack Alignment - Buffer Overflow Testing
I've done a lot of research trying to understand this topic but still have some confusion. Currently I'm investigating buffer overflow. Here's an example of the function I'm looking at:
int ...
3
votes
3answers
153 views
Address space layout randomization and structures in C
I have this structure:
struct Books {
char title[50];
char author[50];
};
Let's say that I know that if I pass arg1 to the program, in some part of the code, it adds some chars in the direction $...
-1
votes
1answer
82 views
how do overflow the buffer with a specific return address?
Here is an array that I was given:
char overflow[16]="\xEF\xBE\xAD\xDE\xEF\xBE\xAD\xDE"
"\xEF\xBE\xAD\xDE\xEF\xBE\xAD\xDE";
and here is the address: "0x1234B000"
how do I edit ...
2
votes
2answers
82 views
gdb stuck when trying to run buffer overflow exploit
I'm trying to learn buffer overflow but I found myself in dead end. When I want to execute shellcode gdb just stuck and dont react to anything (Ctrl-C, Ctrl-D, Enter, Esc) and I have to close terminal ...
-1
votes
2answers
139 views
buffer overflow c(gets function)
There is the following code, I need to return an access level that's under 0x30 and not equal to 0 or 2:
int login() {
int accessLevel = 0xff;
char username[16];
char password[32];
printf("Username (...
0
votes
0answers
43 views
What's going on here, Buffer-Overflow skips couple bytes
So I'm working through the book "Hacking - the art of exploitation", but I don't know what's going on here. The program has a buffer with no length handling so it can overflow. I overwrote the return ...
2
votes
2answers
88 views
weird addresses in stack buffer overflow article
while reading this article
which is about bypassing some protection
if you start reading that article , you will find that the author did a really strange calculation that i didn't understand it :
...
3
votes
3answers
214 views
Explanation of C buffer overflow
I try to understand buffer overflows. This is my code:
#include <stdio.h>
int main()
{
char buf[5] = { 0 };
char x = 'u';
printf("Please enter your name: ");
gets(buf);
...
0
votes
1answer
39 views
Array assigned statically does not overflow when assigning values out of range [duplicate]
Why does this code work?
I have an array of 2 elements and it should overflow, but it does not even give me an error on Linux using gcc. Instead, it works and outputs 5.
int doS(int a[2])
{
printf("...
1
vote
1answer
5k views
addressSanitizer: heap-buffer-overflow on address
I am at the very beginning of learning C.
I am trying to write a function to open a file, read a BUFFER_SIZE, store the content in an array, then track the character '\n' (because I want to get each ...
0
votes
1answer
82 views
buffer overflow while writing to char array
Could anyone help me out here?
I don't really know why this code doesn't work properly.
Just want to split a string in two. However, somehow strange thing happen that it writes 6 char instead of 3 ...
