Usually occurs when you attempt to copy data into a buffer without checking for sufficient space, causing data to be overwritten in neighboring cells.
0
votes
0answers
3 views
Data Execution Prevention in different contexts?
What is the major difference between Software DEP and Hardware DEP? How they are different from each other when it comes to making stack non-executable? Can either of thing prevent buffer overflow ...
-1
votes
1answer
34 views
How to encode odd-length byte address for little endian?
I have a buffer and function pointer which is going to be overflowed with an address, what
static char buffer[12];
static int (*target_function)(char * str);
The overflow itself is not the problem, ...
-1
votes
1answer
53 views
C: buffer overflow, changing passed variables
I'm doing some exercises regarding buffer overflows and I am currently stumped as how to proceed further with one of them. This is the program code:
#include <stdio.h>
#include <stdlib.h>
...
1
vote
0answers
74 views
Why is there extra space between stack control data and local variables?
I am working through the OverTheWire Narnia wargame and I don't completely understand one of my buffer overflow solutions.
The following code is what is confusing me.
#include <stdio.h>
#...
0
votes
1answer
14 views
Heap Overflow attack, what can go wrong with this code
char *test(char *arg1, char* arg2){
size_t length=strlen(arg1);
char *c= malloc(length+4);
for(int i=length;i>0;i--)
*(c+i+4)=*(arg1)^(arg2[i%8]);
*(size_t *) (c) =length;
return c;
}
Does this ...
8
votes
0answers
47 views
WPD API Detect if Device is a Phone?
In my project I use the WPD API to read the contents of a mobile device. I followed the API to a tee and have successfully implemented content enumeration.
However, if a USB drive is connected, the ...
0
votes
0answers
26 views
buffer overflow task, cannot run shellcode
I have been struggling for 1 week and cannot figure this out. Please help.
My friend gave me an executable which is just a simple server and has buffer overflow vulnerability. My goal is to get a ...
0
votes
0answers
17 views
onClick() crashes program “bignerdranch” “criminalintent” project
i am new to android programming but i have some prior java experience. i am working on a project from the big nerd ranch guide to android programming. because i lack experience with android i am ...
0
votes
0answers
25 views
After enabling webcam to emulator, my projects crash
I have been trying for several hours to figure out this problem I've been having. My code was working up until I tried to enable my emulator to access my laptop's webcamera. Since then, none of my ...
-1
votes
0answers
78 views
Buffer overflow C issues
I'm practising buffer overflowing. The goal is to overflow the return address with the address of the printf statement so that the program will jump over the x = 1 statement and instead print out x = ...
0
votes
2answers
68 views
Buffer overflow on socket connection
i was working on a socket server on a friend's computer and everythng was working fine but then i executed the code on my computer and it throws a buffer overflow like this
*** buffer overflow ...
0
votes
0answers
33 views
*** buffer overflow detected ***: rsync terminated
I have a Python program in which I use Python subprocess module to execute a rsync command to copy files and folders with permissions and modification time preserved from a local folder to a remote ...
0
votes
1answer
53 views
C program char buffer unexpected overflow
I am trying to understand two different behaviors of an overflow from a C program(call it vulnerable_prog)in Linux that asks for input, in order to allow you to overflow a buffer. I understand that ...
10
votes
0answers
83 views
Python is reading past the end of the file. Is this a security risk? [duplicate]
So I just noticed this, and after some experimentation, I managed to make it reproducible. I didn't see this posted anywhere. Python seems to be reading past the end of files in certain circumstances. ...
-1
votes
1answer
34 views
Handle buffer overflow from 3rd party dll
In my project I make use of an older 3rd party DLL that is not going to be updated. It is used to decompress data. It decompresses the data and puts the result into a buffer that was passed to it.
...
0
votes
0answers
48 views
What mechanism overwrites the return address of a stack frame, preventing certain buffer overflow exploits?
Context: The source code shown below is compiled using the first command shown below. The resulting executable is then loaded into gdb and run using the second command shown below. A segfault is ...
0
votes
0answers
35 views
How to fix GDB probable charset issue NOP 0x90 translating to 0x90c2 in memory?
I have a strange problem when working on a challenge and exploiting a executable in kali linux with gdb-peda.
#>gdb -q someVulnerableBinary
gdb-peda$ python
>shellcode=(
>"\x6a\x0b\x58\x99\...
1
vote
1answer
52 views
Why am I getting a java.nio.BufferOverflowException
I tried to create a simple program just for fun, but I'm getting a BufferOverflowException:
ByteBuffer byteBuffer = ByteBuffer.allocateDirect(10);
FloatBuffer floatBuffer = byteBuffer.asFloatBuffer();...
0
votes
3answers
81 views
Why the buffer isn't overflowing with this code?
This is the C code that I am compiling:
#include <stdio.h>
#include <stdlib.h>
int main(){
long val=0x41414141;
char buf[20];
printf("Correct val's value from 0x41414141 -> ...
-1
votes
1answer
31 views
Why this occur an overflow ?
So i was wondering from some days, how this code cause an overflow:
__asm
{
CheckDebugger:
PUSH EAX // Save the EAX value to stack
MOV EAX, [FS:0x30] // Get PEB ...
0
votes
2answers
31 views
Overflow to change next element in a struct in C
I have a struct setup like this:
typedef struct _aStruct
{
char aChar[32];
int target;
}
What value would make this overflow aChar, to change 'target'?
memset(aStruct.aChar,0,32)
I'm sorry if this ...
0
votes
4answers
92 views
Is this C user input code vulnerable?
I have this code that reads input from the user:
unsigned int readInput(char * buffer, unsigned int len){
size_t stringlen = 0;
char c;
while((c = getchar()) != '\n' && c != EOF){
...
0
votes
2answers
41 views
Turning off stack protection
I was just wondering, cause I have this C code:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int fillBuffer(int argc, char *argv[]) {
char bufferA[4] = "aaa";
...
-1
votes
1answer
46 views
Buffer-Overflow exploit code
[Buffer - overflow exploit code][1]
Hi so i'm doing an exploit on the windows 2000 server as part of an assignment and needed a little help. I've attached a screenshot of the exploit code thats in ...
1
vote
1answer
47 views
Shellcode not executed properly
I am trying to solve Protostar stack5.
Here is a solution.
It puts the shellcode after the return address, I tried to put it before, in the array.
I have tried the shellcode, it works.
It seems ...
0
votes
1answer
34 views
Segmentation Fault in the Following Program for string comparisons
I am getting segmentation fault for the following code. The logic of the program that it should accept the correct password ("abcd") and it should deny access if entered any other password, but I am ...
1
vote
1answer
54 views
Can I generate a random float on the whole space?
I am trying to generate a random number that range from Number.MIN_VALUE to Number.MAX_VALUE, but the following algorithm fails due to buffer overflows (I guess) :
var randFloat = Math.floor(Math....
1
vote
1answer
49 views
C++ 3D array to 1D causes heap-buffer-overflow
I want to give a minimal example. If the code provided is not enough, please tell me what else you need. It's nothing super secret ;)
Consider the following two implementations:
Using 3d array:
.h
...
0
votes
0answers
13 views
Stack layout on a Linux Machine
I am trying to do a buffer overflow and I have all my code up and working but for some reason I think I am overwritting my RET with a NOP because when it tries to return from the function that stores ...
1
vote
0answers
69 views
Stack Buffer Overflow
#include <stdio.h>
#include <string.h>
int main (int argc, char **argv){
char buffer[500];
strcpy(buffer,argv[1]);
return 0;
}
This is the code I have been working with to ...
0
votes
1answer
40 views
Buffer overflow not working as expected [closed]
I am trying to execute a buffer overflow. I got it almost working as EIP points to the first instruction of my shellcode. However, when doing this in GDB it produces a SIGSEGV and I do not understand ...
1
vote
0answers
59 views
Exploiting a buffer overflow when the buffer can't fit my shellcode
So I was running some wargames today, and it was all going well until I ran into one particular level. The reason I can't get it to work is that I have nowhere to put the shellcode; the two buffers ...
0
votes
0answers
50 views
Null terminating using movb causes segmentation fault
This is my linux64 assembly code (working fine):
.text
.globl _start
.type _start, @function
_start:
pushq %rbp
movq %rsp, %rbp
subq $16, %rsp
jmp helper
...
1
vote
0answers
78 views
buffer overflow - unable to overwrite return address
Trying a buffer overflow to overwrite return address on stack for the following program. I want to call accept on both case of strcmp()
void accept()
{
printf ("\nAccess Granted!\n");
return;
} ...
0
votes
1answer
42 views
Shuffled order of bytes in gdb when using perl print statement in ubuntu
run $(perl -e 'print "\xfd\x06\x40\x00" x 10')
When I run my program with this argument I should get 0x004006fd as the word in the stack but instead I get a rearranged order of this word but never ...
-1
votes
1answer
78 views
Exploit development in Python 3
I realised that exploit development with python 3 is not as straight forward as it is using python 2.
As I understand, this is mainly due to the socket library and the added byte datatype.
For ...
-2
votes
2answers
42 views
How is the shell code of a Buffer Overflow generated
The following codes got my curiosity. I always look, search, and study about the exploit so called "Buffer overflow". I want to know how the code was generated. How and why the code is running?
char ...
0
votes
1answer
14 views
Different comportement of read
I'm trying to understand why this program return different errors when I change the size of the buffer:
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno....
0
votes
1answer
28 views
log module with pre-allocated memory
I am writing a logging mechanism that will be used by the rest of the code to log alphanumeric data to file. Every other module in the system will be sending alphanumeric sentences (a couple of words ...
1
vote
1answer
93 views
Is there a way to “overload” or reimplement __stack_chk_fail?
I want to enable stack protection feature in gcc for a system i am building that run on x86 linux.
I want that if it detects stack smashing it would call a function of my own that will handle the ...
0
votes
1answer
38 views
How do canary words allow gcc to detect buffer overflows?
I could test using strncpy() with larger source string then the destination:
int main() {
char *ptr = malloc(12);
strcpy(ptr,"hello world!");
return 0;
}
Compiling with the flag -fstack-...
0
votes
0answers
73 views
What does the heap look like after a heap buffer overflow?
I'm having difficulty understanding what the heap would look like after a heap buffer overflow attack.
Take this example code:
int main(int argc, char **argv) {
char *input_buff;
...
1
vote
2answers
61 views
return to libc attack using a function pointer
How should I format my input for the return to libc attack in the following code:
void example_function(int x, const char *name)
{
void (*foo)(int, const char *) = http_serve_none;
char buf[...
0
votes
0answers
160 views
Why am I getting the message “Single-stepping until exit from function shellcode which has no line number information” in GDB?
I tried to use buffer overflow to rewrite my function's return address,and it worked.but when i try to step through the function(stored in the char array),I get the message:
"Single stepping until ...
1
vote
1answer
83 views
Undefined Behavior quirk: reading outside a buffer causes a loop to never terminate?
I wrote a very trivial program to try to examine the undefined behavior attached to buffer overflows. Specifically, regarding what happens when you perform a read on data outside the allocated space.
...
1
vote
2answers
76 views
How to send arbitary bytes to STDIN of a program in gdb?
I am developing buffer overflow exercises for students. In this context you often have to provide arbitary bytes as input for programs (return addresses).
Assume this example:
#import <stdio.h>...
-1
votes
2answers
82 views
Address of Operator for buffer in C
I am reading the book "Hacking:Art of Exploitation",I am struggling to understand the following code:
int main(int argc, char *argv[]) {
int value = 5;
char buffer_one[8],...
0
votes
1answer
40 views
Vertex Buffer Is not updated well
Hi guys i have a cube drawed using opengles.
Every time that i call redraw function i update the coordinates_buffer using this code
floatBuffer.position(0);
floatBuffer.put(coordinates);
floatBuffer....
0
votes
1answer
64 views
buffer overflow during memory reallocation
I was making a C program to convert 12 hour clock into 24 hour clock with the format of input being HH:MM:SSAM or HH:MM:SSPM and 24hr clock output being HH:MM:SS
#include <stdio.h>
#include <...
-3
votes
3answers
173 views
C: IF statement not firing when expected
I have the following function. The executable runs fine. At the prompt, after the program is run, I enter \x0037337331, the value of B is set as B: 0x31333337
Any advice on how I'd trigger to open ...
Related Tags
c × 468
security × 110
exploit × 90
assembly × 87
c++ × 82
linux × 71
shellcode × 70
gdb × 63
buffer × 60
stack × 56
stack-overflow × 44
gcc × 38
x86 × 35
stack-smash × 24
python × 20
android × 19
string × 17
java × 15
fortify-source × 15
buffer-overrun × 14
memory × 13
sockets × 12
segmentation-fault × 12
printf × 12
arrays × 11
more related tags
Hot Network Questions
- What is Google Translate good for (Latin)?
- How do academics with teaching responsibilities, etc. find the time to do research?
- Word that describes two things that are true but appear to contradict
- how to get the view that is represented in the Knowledge Demo
- Try to make a square!
- Why explicitly throw a NullPointerException rather than letting it happen naturally?
- IRS sent me a letter...I messed up by unwittingly taking money out of a Roth IRA and reporting it incorrectly
- What is the Terminator paradox?
- Sigmafy the expression
- Was Data in any danger on the holodeck or not?
- Is the checkbox not not unchecked?
- Would magical curses be more effective at curbing violent crimes than prison time or death penalty?
- Random Golf of the Day #8: Shuffle an infinite list
- How to handle a fellow player who has painfully long conversations with NPCs?
- Professors meeting undergrads in social events
- Did wind power supply less than half a percent of global energy in 2014?
- Create a disease that can easily be cured by adopting a custom from another culture
- Given an ultimatum, threatened with dismissal
- Are there examples of pre-industrial cruise ship?
- Gilbreath's Conjecture
- Why exactly does Java not allow numeric conditionals like if(5) { ...} if C does?
- Are the Valar vulnerable to the One Ring?
- How to label the faces of a commutative cube?
- Conflicts between Circuitikz and Babel
