All Questions
10 questions
2
votes
0
answers
220
views
Overwriting the Global Offset Table + format string vulnerability
I am trying to understand how to overwrite the Global Offset Table. On the book "Hacking: The Art of Exploitation". Following the example I get:
objdump -R ./fmt ...
- 31
2
votes
0
answers
421
views
Shellcode execution segfault
I have been trying to exploit simple buffer overflow caused by scanf. I'm working on x86 Linux. The point is to spawn a shell. I sucesfully overwritten return address and jumped into my shellcode. But ...
- 21
6
votes
1
answer
506
views
Returning to usermode shellcode from windows kernel (Win10)
I have written a kernel exploit (for the latest Win10 64bit) that executes (or returns to from the kernel) token stealing shellcode, which is placed in the VirtulAlloc'ed memory in the userland.
The ...
- 329
4
votes
1
answer
1k
views
Heap Chunk Structure Does Not Contain Previous Section Info
I'm reading Shellcoder's Handbook to learn more about exploitation and overflows. I reached the chapter on Heap Overflows. The book mentions that a heap is split into chunks where each chunk contains ...
- 143
0
votes
2
answers
1k
views
Working Linux assembly XOR Encoder/Decoder Failing on Windows
Should I be able to extract shellcode from a basic (tested and working) Win7-64 message box app and place the extracted shellcode into a tested and working assembly language encoder/decoder and expect ...
- 87
1
vote
1
answer
845
views
Buffer overflow on server
I have a server (for reference: pastebin.com/ghJX69uH) that I can netcat to and it will ask to input a message.
I know it is vulnerable to buffer overflow, but I can't seem to get the shellcode to ...
- 123
0
votes
1
answer
450
views
My nopsled getting Segmentation fault (core dumped)
After overwrite the EIP register, I try breakpoint on the function strcpy() and then run the program after a breakpoint in the debugger.
Then I check the ESP register :
(gdb) i r esp
esp ...
1
vote
1
answer
1k
views
One shellcode works, one doesn't - an issue with exploiting a 64 bit linux binary
I'm working on exploiting a simple 64 bit linux binary. I got control of RIP by exploiting a buffer overflow and using a jmp rsp to get control of the progrm.
However, I'm having trouble with the ...
- 13
4
votes
1
answer
4k
views
Illegal Instruction on sample Buffer Overflow exploit
I have followed the example here.
Here is my sample program, "oldskool.c":
#include <string.h>
void go(char *data) {
char name[64];
strcpy(name, data);
}
int main (int argc, char **...
- 141
2
votes
3
answers
2k
views
exploit - Why not execute shellcode with the inline assembler?
The typical structure of executing shell code is the following-: (The code snippet is taken from here)
char shellcode[] = ""; /* global array */
int
main (int argc, char **argv)
{
...
- 203