All Questions
Tagged with buffer-overflow gcc
53 questions
0
votes
1answer
34 views
certain parts of injected string are missing on stack frame
I'm trying return-to-libc exploit on simple program. I've managed to locate
stack address where input string is stored, and locations of libc functions and build my payload base on it.
[padding(252-...
0
votes
2answers
44 views
problem initialization order in buffer overflow problem
First thing, this is a homework problem. I am not sure if it is ok but don't post anything about how to change the int value.
My question is if I have the order of
int set_me = 0;
char buf[15];
...
0
votes
1answer
49 views
Stack Alignment - Buffer Overflow Testing
I've done a lot of research trying to understand this topic but still have some confusion. Currently I'm investigating buffer overflow. Here's an example of the function I'm looking at:
int ...
2
votes
1answer
48 views
gcc 5 does not detect stack smashing for inline functions but gcc 7 does
This is the code I used to test the stack protection feature of gcc.
static inline void charcpy(char* temp)
{
temp[0]='a';
temp[1]='b';
temp[2]='c';
temp[3]='d';
temp[4]='\0';
}
int main()
{
char ...
0
votes
1answer
115 views
Segmentation Fault - finding buffer size
I'm trying to smash the stack and am using the below C code:
#include<stdio.h>
get_inp()
{
char buf[8];
gets(buf);
puts(buf);
}
main(){
get_inp();
return 0;
}
I get the Segmentation fault ...
0
votes
1answer
544 views
Stack canaries can be disabled by compiler?
Who is responsible for inserting the stack canaries in the stack? Is it the OS?
If yes, how can the gcc compiler disable them by using the -fno-stack-protector option? Or it is only a flag created ...
4
votes
1answer
167 views
How do i bypass a return adress overwrite not redirecting control flow?
Let me illustrate the problem here
This is main
(gdb) disass main
Dump of assembler code for function main:
0x000000000040057c <+0>: push rbp
0x000000000040057d <+1>: mov rbp,...
1
vote
2answers
234 views
How to input a string to C with null character in it via gets?
I am trying to demonstrate a buffer overflow, and I wish to overwrite a local varible with gets. I have compiled my program using gcc with -fno-stack-protector, so I know that the buffer that gets ...
1
vote
1answer
51 views
How is temp data stored on the stack frame
Int test(){
char buff[10]
printf("Enter text: ");
gets(buff);
puts(buff);
}
I don't know how to phrase this question but I'm trying to understand how values are stored on on the ...
0
votes
1answer
154 views
How to redirect multiple inputs from files to a binary being debugged in gdb?
The binary I am debugging in gdb first asks me for a id first and then if the id is valid asks for a second input.
gef➤ run
Agent ID : 48093572 //This is the first input which the user has to ...
0
votes
2answers
371 views
shellcode buffer overflow -SegFault
I'm trying to run this shellcode but I keep getting segmentation fault
/* call_shellcode.c */
/*A program that creates a file containing code for launching shell*/
#include <stdlib.h>
#include ...
1
vote
1answer
305 views
Buffer overflow change return address C - without main
How can I get the eip register to point to memory address to execute my shellcode in the following program using buffer overflow?
static int __init onload(void)
{
void function1(char *arg1)
{...
1
vote
1answer
377 views
Buffer overflow - linux 64bit
I have been working on a test program for the "buffer overflow linux 64bit" challenge. When launching the program, it prompts for a password.
The purpose is to exploit a buffer overflow fault at the ...
1
vote
0answers
99 views
Difference in compiling C code in 32-bit and 64-bit with -m32 option in Ubuntu
Here I am trying to buffer overflow a very simple C code:
#include <stdio.h>
#include <string.h>
int main(int argc, char* argv[]) {
/* [1] */ char buf[256];
/* [2] */ ...
2
votes
0answers
247 views
assembly code for a simple C function
I am trying to understand the following C program and the layout of the stack. The ultimate goal is to understand the buffer overflow exploit.
#include <unistd.h>
void Test()
{
char buff[4];...
0
votes
3answers
242 views
Why the buffer isn't overflowing with this code?
This is the C code that I am compiling:
#include <stdio.h>
#include <stdlib.h>
int main(){
long val=0x41414141;
char buf[20];
printf("Correct val's value from 0x41414141 -> ...
1
vote
1answer
528 views
Is there a way to “overload” or reimplement __stack_chk_fail?
I want to enable stack protection feature in gcc for a system i am building that run on x86 linux.
I want that if it detects stack smashing it would call a function of my own that will handle the ...
0
votes
1answer
275 views
How do canary words allow gcc to detect buffer overflows?
I could test using strncpy() with larger source string then the destination:
int main() {
char *ptr = malloc(12);
strcpy(ptr,"hello world!");
return 0;
}
Compiling with the flag -fstack-...
0
votes
2answers
173 views
Does gets() ignore '\0'?
I am learning about buffer overrun with this source code:
#include <stdio.h>
int main()
{
char buf[16];
gets(buf);
printf("buf @ %8p\n", (void*)&buf);
return 0;
}
I try to ...
3
votes
2answers
3k views
Disabling stack protection in GCC not working
I'm trying to recreate a stack buffer overflow using the classic overflow with strcpy using this function:
#include <stdio.h>
#include <string.h>
void main(int argc, char **argv) {
...
0
votes
0answers
587 views
Missing __stack_chk_fail Symbol Using GCC
Based on what I've seen with hardening audit tools the way to detect stack cookies/canaries is to dump symbols with readelf -s and look for the __stack_chk_fail symbol.
I build my code with -fstack-...
0
votes
4answers
94 views
No error message when using system() to execute program with buffer overflow vulnerability
Consider the following program (vul.c) with buffer overflow vulnerability.
#include <stdio.h>
#include <string.h>
int main(int argc, char **argv)
{
char buf[10];
strcpy(buf, argv[...
8
votes
1answer
356 views
Is gcc reordering local variables at compilation time?
I'm currently reading (for the second time) "Hacking : The Art of Exploitation" and have stumbled on something.
The book suggests two different ways to exploit these two similar programs : ...
0
votes
2answers
52 views
C copies into two buffers though just one should be filled
I wrote some code in C which should strcpy some input data to a declared buffer. Here's the code:
#include <stdio.h>
#include <string.h>
void function(char *args) {
char buff_1[12];
...
1
vote
1answer
222 views
Unable to get buffer overflow working
I am trying to learn about buffer overflow attacks and wanted to see a working demo of the same. I have been following many online resources to understand the same. For example, this has proven really ...
2
votes
1answer
392 views
GCC reserving more space than needed for local variables
I am trying to get to know how buffer overflow works, so I am working on various simple examples, involving C and functions gets() and puts(). The source code for one on these programs is the ...
1
vote
2answers
525 views
SIGSEGV Segmentation fault, different message
I am trying to run the program to test buffer overflow, but when program crashes it shows me SIGSEGV error as follows:
Program received signal SIGSEGV, Segmentation fault.
0x00000000004006c0 in ...
6
votes
4answers
4k views
gdb showing different address than in code
I am trying to implement a buffer overflow attack and I need to know the address of my buffer that I am trying to overflow.
The address that is displayed using GDB is different than if I just did ...
2
votes
2answers
2k views
How to disable possible stack smashing protection (EIP is not being overwritten, EBP is)
I'm trying to figure out how stash smashing is carried out step by step. I have already used Google to no avail, I still don't know why my EIP is not being overwritten. I have this example program:
...
3
votes
3answers
167 views
Why doesn't buffer overflow occur with GCC?
I was just recently learning about buffer overflows. I was attempting to replicate it using GCC. Here's the code I wrote.
#include <stdio.h>
#include <string.h>
int main(int argc, char *...
0
votes
0answers
129 views
Buffer overflow and dmesg on 64 bits machines
I wrote a very simple program which has a buffer overflow vulnerability which I want to exploit. The program is the following:
#include <stdio.h>
void
foo(char *asd) {
char b [2];
...
0
votes
2answers
434 views
Why does an overflow in a static variable cause seg fault but not global variables?
Why does the code fail with a segmentation fault for the first set of code but the second block doesn't? (Only difference is that the chars are static in the first but not static in the second).
#...
0
votes
0answers
47 views
Is Address randomization dependent to OS or compiler
With ASLR enabled after compiling a program with gcc every time the program starts, its stack pointer changes. But this does not happen to a similar program coded in assembly and compiled with 'as' ...
1
vote
2answers
404 views
segmentation fault while running shellcode
I am experimenting with shellcode before digging deep into it so I came across an example from the shellcoders handbook. The example is the following:
char shellcode[] = "\xeb\x1a\x5e\x31\xc0\x88\...
0
votes
2answers
1k views
printf of the NOP character 0x90 differs when compiled on x86_64 and i686
I have 2 systems:
3.13.0-35-generic ... x86_64 x86_64 x86_64 GNU/Linux with gcc: 4.8.2
2.6.32-21-generic #32-Ubuntu ... i686 GNU/Linux with gcc: 4.4.3
I compiled the following code on both systems:
...
11
votes
1answer
6k views
GCC generate Canary or not?
my gcc version is 4.8.2 and operating system is ubuntu 14.04 (64 bit).
I found that sometimes gcc auto generate the canary to do buffer overflow protection sometimes not, why?
case to generate canary:...
1
vote
0answers
67 views
why is gcc allocating more space to char buffer
I am kind of confused by the latest version of gcc. A simple piece of code is compiled:
int main()
{
char buffer[1];
scanf("%s",buffer);
printf("You Entered %s\n", buffer );
return 0;
...
0
votes
2answers
756 views
bufbomb stack overflow failed
I'm using bufbomb.c to do some buffer overflow attack experimenting.
I successfully used gdb to debug the code. Howeverer; when I run the program directly, I get a "Segmentation fault (core dumped)"...
0
votes
1answer
499 views
Runs in gdb but not out of gdb
I am trying to spawn a shell with some shellcode. The payload is in the program itself, however, when I run then program individually I get a segmentation fault, but when running in gdb, my shell ...
2
votes
1answer
611 views
Converting assembly instructions to binary using objdump or gcc -c
I'm working on the buffer bomb lab and I'm stuck on one thing. I've written my exploit code to solve level 2 (firecracker) but I'm not sure how I can convert this to its raw form using gcc -c.
I've ...
0
votes
1answer
1k views
Passing parameter to a function reached via a buffer overflow
I have written this simple main that I compiled with the flag -fno-stack-protector.
#include <stdio.h>
int pos;
char c = 0;
void
bof(unsigned int i)
{
fprintf(stderr, "BOF %u\n", i);
}
...
8
votes
4answers
10k views
GCC how to detect stack buffer overflow
Since there is an option -fstack-protector-strong in gcc to detect stack smashing. However, it can not always detect stack buffer overflow. For the first function func, when I input a 10 char more ...
1
vote
1answer
5k views
hex code implementation for spawning a shell
I am trying to implement the codes given in smashing the stack for fun and profit by Aleph to learn the basics of buffer overflow attacks.
Machine architecture: Ubuntu 12.10 64 bit
programs compiled ...
4
votes
3answers
6k views
Buffer overflows on 64 bit
I am trying to do some experiments with buffer overflows for fun. I was reading on this forum on the topic, and tried to write my own little code.
So what I did is a small "C" program, which takes ...
6
votes
4answers
609 views
Distinguish between string and byte array?
I have a lot of functions that expect a string as argument, for which I use char*, but all my functions that expect a byte-array, also use char*.
The problem is that I can easily make the mistake of ...
3
votes
1answer
791 views
Buffer overflow doesn't run
I try an basic buffer overflow, i overwrite the saved EIP on the stack an jump on to the adress. This adress point to à shell variable who containt my shellcode.
But on gdb, program sigserv on the ...
9
votes
2answers
1k views
What is the most hardened set of options for GCC compiling C/C++?
What set of GCC options provide the best protection against memory corruption vulnerabilities such as Buffer Overflows, and Dangling Pointers? Does GCC provide any type of ROP chain mitigation? Are ...
22
votes
2answers
11k views
Why does this memory address %fs:0x28 ( fs[0x28] ) have a random value?
I've written a piece of C code and I've disassembled it as well as read the registers to understand how the program works in assembly.
int test(char *this){
char sum_buf[6];
strncpy(sum_buf,...
0
votes
1answer
136 views
will change from <iostream.h> to <iostream> cause buffer overflow?
I need to build some old codes I got on my office computer, which has gcc 4.4.5 installed. I edited the code (deleting .h or adding things like <cstring>) in order to bring them up to date so ...
3
votes
4answers
2k views
Question with stack smashing protection and buffer overflows
Im doing some research on buffer overflows and I was wondering how does stack smashing protection works
i have this code:
int main( )
{
char Buf[16];
printf(“Digite o seu nome: ”);
gets(...
