All Questions
13 questions
0
votes
0
answers
59
views
Why cannot rewrite EIP even if disabled memory randomization and no stack protector?
I am following tutorial on youtube about basic buffer overflow "Running a Buffer Overflow Attack - Computerphile" and I cannot overwrite EIP value on Kali linux 2021.2.
#include <stdio.h&...
- 314
0
votes
2
answers
296
views
Overflowing variables in c?
Given this code:
#include <stdlib.h>
#include <stdio.h>
int main(){
char *password;
unsigned int *uid;
printf("enter password: ");
password = (char *)malloc(0x10);
...
-2
votes
1
answer
1k
views
Integer Overflow Exploit
I have this code, which have some vulnerability, but I can't seem to exploit it.
For now, this is what I've noticed:
1) if argv[1] = 3 and argc = 3, then it overflows and writes argv[2] into memory ...
- 3,589
1
vote
0
answers
443
views
Null cannot be passed through in the argument list
I am currently working on a homework assignment for binary exploitation.
int zerg(char *arg)
{
char buf[12];
static int i, sum;
if (strlen (arg) > 24){
exit(1);
}
}
I ...
- 35
2
votes
2
answers
4k
views
How can I exploit a buffer overflow?
I have a homework assignment to exploit a buffer overflow in the given program.
#include <stdio.h>
#include <stdlib.h>
int oopsIGotToTheBadFunction(void)
{
printf("Gotcha!\n");
...
- 49
0
votes
0
answers
77
views
Why 2 byte are missing when trying to overwrite a pointer to function using the address of a environement variable
I'm on an architecture 64bits.
I'm trying to exploit an buffer overflow using a SHELLCODE inside a environnement variable.
export SHELLCODE=$(perl -e 'print "\x90"x200 . "\x48\x31\xff\x57\x57\x5e\...
- 1,203
0
votes
1
answer
826
views
Buffer overflow - hard coded return address
I am working on a project (in fact a competition) to exploit an application that is running on a remote server. I do have the binaries they are compiled with some debug information (no source code) ...
- 37
4
votes
2
answers
3k
views
Hacking - The Art of Exploitation: debugging buffer overflow example
I'm reading the book "Hacking - The Art of Exploitation".
There is an example on a stack buffer overflow.
This is a part of the source of the attacked program, "notesearch":
char searchstring[100];
...
- 1,115
0
votes
1
answer
2k
views
Buffer overflow with gets()
I'm trying to overflow buffer with my shellcode and I have a problems with gets().
If I overflow buffer with shellcode using strcpy() function - it's OK and I got a /bin/bash. But if I do the same ...
- 11
1
vote
3
answers
4k
views
Heap overflow exploit
I understand that overflow exploitation requires three steps:
1.Injecting arbitrary code (shellcode) into target process memory space.
2.Taking control over eip.
3.Set eip to execute arbitrary code....
- 806
5
votes
6
answers
32k
views
C++ Buffer Overflow
I'm trying to teach myself about buffer overflows and exploitation in C++. I'm an intermediate C++ guy, at best, so bear with me. I've followed a few tutorials, but here's some example code to ...
- 963
0
votes
2
answers
470
views
Buffer Overflow - why some ascii's work and not others
I'm sorry if this question is stupid or has been asked, but I couldn't find it.
I have a program that I was attempting to use a buffer over flow. It is a simple program that uses getchar() to ...
- 1
0
votes
2
answers
1k
views
Making a system/program vulnerable to exploits [closed]
I have been looking quite a bit into exploiting recently. I have been googling alot and i managed to find DVL (Damn Vulnerable Linux) and Metasploitable but for some reason the exploits i scan them to ...
- 27