All Questions
Tagged with buffer-overflow stack-smash
33 questions
0
votes
0
answers
91
views
Buffer Overflow with structures - C
I am a beginner with programming and I have no idea how to fix my code. I want every students[i] to have the overall variable preset with the characters "none". Every way I have tried to ...
- 1
2
votes
1
answer
577
views
A question about the article 'Smashing The Stack For Fun And Profit'
I am reading Smashing The Stack For Fun And Profit.
When the author uses x86 assembly codes to illustrate the execve() behavior, he says:
0x80002bc <__execve>: pushl %ebp
0x80002bd <...
- 315
0
votes
0
answers
375
views
How to use a buffer overflow to call another program?
I want to create a program exploit that calls testme.c to perform a buffer overflow operation which should call another program myname.c.
The code for the testme.c program:
#include <stdio.h>
#...
- 9
0
votes
1
answer
4k
views
Bufferoverflow stack canary location
I have i binary that can be exploited with a buffer overflow, but it has a stack canary
I can get many addresses and values through a gets() call, but i cant locate the stack canary in pwndbg( version ...
- 33
0
votes
1
answer
741
views
Does a segmentation fault in gdb show the physical or virtual address?
I tried to smash the stack:
int main (void) {
int ar[5] = {1,2,3,4,5};
for(int i =0; i<255 ; i++)
ar[i] = 10;
return 0;
}
with gcc -fno-stack-protector somefile.c. First ...
- 899
2
votes
1
answer
206
views
ARM PC overwritten with incorrect value in buffer overflow
I am working on stack smashing on ARM and I have a buffer declared as:
char buff[12];
in my code.
In order to find the location where the PC gets overwritten in gdb I write
...
- 33
0
votes
0
answers
556
views
why does the shellcode get segmentation fault?
I am new to buffer overflow attacks.
I copy the shellcode from http://shell-storm.org/shellcode/files/shellcode-76.php
I wrote a c script to test the shellcode.
It looks like this:
char * ...
- 11
0
votes
2
answers
2k
views
Assembly version of C code to launch a shell
In buffer overflow assignment, I got a C file (call_shellcode.c) which contains an assembly version of the following C code which executes to open a shell:
#include <stdio.h>
#include <...
- 1,043
0
votes
1
answer
476
views
Segmentation Fault - finding buffer size
I'm trying to smash the stack and am using the below C code:
#include<stdio.h>
get_inp()
{
char buf[8];
gets(buf);
puts(buf);
}
main(){
get_inp();
return 0;
}
I get the Segmentation fault ...
- 1
0
votes
1
answer
227
views
Stack smashing/Buffer overflow in C
I have this code
int Iminente(char tab[3][3], char comp, char jog, char str[3][3]){
int i, j, X = 0, val;
char col[4], diag[2][4];
strcpy(diag[0], &tab[0][0]); // Diagonal E-D ...
- 188
0
votes
1
answer
461
views
BOF with non exec stack
I'm try to pass the level 2 of this "game" http://smashthestack.org/faq.html (connect via ssh on the blackbox server) that consist of a basic buffer overflow.
In the directory /home/level2 (there ...
2
votes
0
answers
2k
views
What's the point of Position-independent executables (PIE) when we have execstack?
I'm reading Hacking: The art of exploitation, which is apparently full of outdated information (doesn't take into account canaries, non executable stack, ASLR). I am trying to understand whether (and ...
- 371
5
votes
1
answer
4k
views
Stack-based buffer overflow - challenge in C using scanf with limited input
As part of a security CS course, my class has been given the task of exploiting a vulnerability to beat a password check using a stack/buffer overflow. The code with the vulnerability is as follows:
#...
- 313
-1
votes
1
answer
142
views
stack smashing, cant find overflow error
I'm trying to write a function that will pad a string with some character if the length of the string is less than the max size allocated to the char buffer. I'm encountering a "* stack smashing ...
- 1
1
vote
1
answer
557
views
segmentation error while injecting shellcode to stack smash
I have been trying to understand how stack overflow attacks work. So far I can successfully redirect the return address to an instruction inside the original code. I have written a shellcode launcher ...
- 21