801 questions
0
votes
0
answers
70
views
Finding the return address of the payload in a simple Buffer Overflow No ASLR (x86 i386) [closed]
Was experimenting for the first time on Buffer Overflows and tried to follow a guide (from HTB) but got stuck at trying to find the return address of the payload. Do you guys know of a method of being ...
- 35
0
votes
0
answers
34
views
Why Can I Only Overwrite 6 Bytes of RIP in a Buffer Overflow on Ubuntu 22.04?
I’m testing a simple buffer overflow on Ubuntu 22.04 (kernel 6.8.0-52-generic) and encountering this issue:
I can overwrite RIP with only 6 bytes.
If I try to overwrite all 8 bytes, RIP resets to a ...
- 1
1
vote
1
answer
86
views
Attack Lab Phase 4: rdi gets the wrong value despite correct assembly being put on stack
I am working on phase 4 of the buffer overflow attack lab, where the solution is is to use ROP (Return Oriented Programming). The idea is that you are given a "farm" where you will look for ...
- 43
2
votes
0
answers
57
views
system() returns the error sh: 1: : not found when I try to execute it with "/bin/sh" in the register rdi
I am following a walkthrough of a box on VulnHub, The Planets: Venus.
I got the shell to run through a buffer overflow, by putting an 8 byte padding, a gadget(pop rdi; ret), an address pointing to &...
- 31
0
votes
0
answers
45
views
Ran into an error while installing 'impacket' git repo on my local machine in Kali linux
I cloned a repository from Github and tried installing it on my local machine, while doing that through my terminal i ran into this error - ERROR: ERROR: Failed to build installable wheels for some ...
0
votes
1
answer
32
views
How to call the ctypes function from bytes in Python?
I have the disassamble bytes of a simple function
89 4C 24 08 mov dword ptr [sum],ecx
while (sum>=1) {
83 7C 24 08 01 cmp dword ptr [sum],1
7C 0C ...
- 392
2
votes
2
answers
756
views
How do I successfully test this trivial buffer overflow written in C?
I am trying to test this example from StackOverflow (how-can-i-invoke-buffer-overflow), but I am not having success.
I also asked for clarification two weeks ago, directly on the post (through a ...
- 295
5
votes
2
answers
99
views
Segmentation fault in C shellcode x64
I am learning about shellcode development in C with an example from here. I can compile the assembly code and get de opcodes, also I can run successfully the ELF compiled with NASM, but I get a ...
- 135
2
votes
0
answers
88
views
RequestFilterValve constantly throws an error on startup in Apache Tomcat 10.1.28
There is a vulnerability in Tomcat 10.1.28 where inserting a semicolon in the url path will allow seeing the contents of a file. For example, the URL: mysite.com/myapp;/thisfile.config will display ...
- 21
0
votes
0
answers
30
views
PDU interactions with the RDP
I'm working with CVE-2019-0704 (BlueKeep) and have found myself working with PDU protocols. I understand the surface-level, but I need a deeper understanding of the ways that it interacts with the RDP ...
1
vote
0
answers
97
views
Format string vulnerability not showing values on the stack
PROBLEM
I am trying to put together a short demonstration of a simple hack for a presentation about cyber-security. I thought about using a format string vulnerability, and heavily inspired by this ...
- 108
0
votes
1
answer
83
views
Shellcode stub got exited right after executed in Buffer Overflow Exploitation
I am currently playing around with some exploitation techniques in 64-bit Intel executable. My program was compiled with canary protection disabled (-fno-stack-protector), buffer overflow error ...
- 13
2
votes
1
answer
225
views
After modifying msr[lstar], why the expected breakpoint cannot be hit?
I discovered a driver vulnerability that allows arbitrary modification of the msr register.
A common attack scenario is to modify msr[lstar] to point it to the attacker's malicious code. Then, when ...
- 33
-1
votes
2
answers
82
views
Why does an empty method works like a sink in JavaScript?
I define object a with an empty method b(). The method has no parameter and does nothing!
Please someone tell me, why when I call a.b() and pass JS code as a parameter, does it execute the code?
...
- 24
1
vote
1
answer
123
views
Exploiting this code in order to change grade into an A+
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
/*
I obtained access to the professor's grade management program.
Can I change my grade to an '...
- 39