Skip to main content

All Questions

Ask Question
Tagged with
162 questions
Newest Active Bountied Unanswered
0 votes
0 answers
70 views

Finding the return address of the payload in a simple Buffer Overflow No ASLR (x86 i386) [closed]

Was experimenting for the first time on Buffer Overflows and tried to follow a guide (from HTB) but got stuck at trying to find the return address of the payload. Do you guys know of a method of being ...
c0sx86's user avatar
c0sx86
  • 35
0 votes
0 answers
34 views

Why Can I Only Overwrite 6 Bytes of RIP in a Buffer Overflow on Ubuntu 22.04?

I’m testing a simple buffer overflow on Ubuntu 22.04 (kernel 6.8.0-52-generic) and encountering this issue: I can overwrite RIP with only 6 bytes. If I try to overwrite all 8 bytes, RIP resets to a ...
r4xis's user avatar
r4xis
  • 1
2 votes
0 answers
58 views

system() returns the error sh: 1: : not found when I try to execute it with "/bin/sh" in the register rdi

I am following a walkthrough of a box on VulnHub, The Planets: Venus. I got the shell to run through a buffer overflow, by putting an 8 byte padding, a gadget(pop rdi; ret), an address pointing to &...
DeceptiveRat's user avatar
DeceptiveRat
  • 31
2 votes
2 answers
756 views

How do I successfully test this trivial buffer overflow written in C?

I am trying to test this example from StackOverflow (how-can-i-invoke-buffer-overflow), but I am not having success. I also asked for clarification two weeks ago, directly on the post (through a ...
nostromo's user avatar
nostromo
  • 295
0 votes
1 answer
83 views

Shellcode stub got exited right after executed in Buffer Overflow Exploitation

I am currently playing around with some exploitation techniques in 64-bit Intel executable. My program was compiled with canary protection disabled (-fno-stack-protector), buffer overflow error ...
Anh Phan's user avatar
Anh Phan
  • 13
1 vote
1 answer
123 views

Exploiting this code in order to change grade into an A+

#include <stdio.h> #include <stdlib.h> #include <time.h> #include <string.h> /* I obtained access to the professor's grade management program. Can I change my grade to an '...
vivian phung's user avatar
vivian phung
  • 39
0 votes
0 answers
183 views

How to use gadget in a ROP attack

Could someone explain what this assembly code does and how could it be used in a ROP attack? What type of data could go in the registers to successfully perform a ROP attack? Should it be chained to ...
ethcker's user avatar
ethcker
  • 1
1 vote
0 answers
228 views

Buffer overflow exploit, create a bad file and pass it to a program

I am working with buffer overflow exploit to understand it. I have been provided with a program called is_log_file.c to test the buf_exploit.c program I write on it. I am trying to write a program ...
green box's user avatar
green box
  • 11
3 votes
1 answer
109 views

Understanding of return address calculation from Hacking: the art of exploitation?

The program is shown in the similar thread here. Let's assume that my OS doesn't implement ASLR or other protections from buffer overflow. Long story short, the author is spawning a child process from ...
noob_user's user avatar
noob_user
  • 107
-1 votes
1 answer
395 views

ret2libc: sh: line 1: command not found

So I've been trying to develop a ret2libc exploit for my program as shown below: #include <stdlib.h> #include <stdio.h> void vuln() { char arr[0x10]; scanf("%s", arr); ...
bruh's user avatar
bruh
  • 1
1 vote
2 answers
336 views

Why is my stack filled with 0xc2 instructions when I passed the 0x90 instruction?

I have a C program to exploit buffer overflow #include <stdlib.h> #include <stdio.h> #include <string.h> int overflow(char *input) { char buf[256]; strcpy(buf, input); return ...
leandror's user avatar
leandror
  • 59
0 votes
0 answers
179 views

use of nop(0xc3=ret) in return oriented programming

I am failing to see any use of nop's in rop why do people use them? I have seen some examples of rop gadget chains like (G2,G3,G4 are some gadgets) nop(return gadget)-(G2)-(G3)-somedata-(G4)---nop(...
Mike's user avatar
Mike
  • 43
0 votes
1 answer
1k views

Converting shellcode hex bytes to text based inputs in Python for an unknown byte value '\x87'? Not a UTF-8 string?

So I am currently doing a beginner CTF challengeon pwnable.tw, the "start" challenge specifically. After reversing the challenge binary I found out there was a buffer overflow exploit, and ...
leatherprofitable's user avatar
leatherprofitable
  • 1
0 votes
0 answers
34 views

What is the logic behind the For Loop Condition, "for( i = 0; i < 160; i += 4 )" in exploit_notesearch.c in Hacking - The Art of Exploitation Book

I've been focused on this book for several years trying to get through it slowly but truly by understanding all of the details. However, I've come to a roadblock with a specific line of code in the ...
Iceman's user avatar
Iceman
  • 11
-2 votes
1 answer
429 views

Buffer overflow with pointer issue

I am trying to figure out this buffer overflow exploit. Any pointer would be helpful. #include <stdio.h> #include <stdlib.h> #include <unistd.h> typedef struct node_t { int ...
Iconik Omrondo's user avatar
Iconik Omrondo
  • 1

15 30 50 per page
1
2 3 4 5
11