Questions tagged [buffer-overflow]
A buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory.
514 questions
0
votes
1
answer
45
views
MsfVenom generated shellcode fails when using it in buffer overflow
I use msfvenom generated shellcode in buffer overflow.
Here's command that i used to create shellcode for linux x64:
msfvenom -p linux/x64/exec -f py -o shellcode.py -b '\x00' CMD=whoami
and here's ...
4
votes
0
answers
113
views
How much do ARM-like link registers make return-oriented programming harder?
ROP usually uses a buffer overflow to overwrite the x86 return address. However, ARM stores that in a register. What is the effect of this on return-oriented programming attacks on non-x86 ...
- 161
0
votes
0
answers
78
views
May read() syscall not set first bytes of a buffer?
I'm working on some pwn.college binary exploitation challenges.
ASLR is disable, stack is executable and there is no canary.
I'm not understanding one thing.
I have my shellcode which open the flag ...
- 111
9
votes
2
answers
3k
views
Can buffer overflow attacks become impossible?
I admit that I don't fully understand how buffer overflow attacks works, but as far I understand, the attacker send an input that is longer than the section of memory that is supposed to temporarily ...
- 191
2
votes
0
answers
211
views
How to do a bufferoverflow attack for a simple C program?
Consider the following simple C program that asks the user for to input their user name and password in order to get access to some website. (The correct username is supposed to be "admin" ...
- 121
24
votes
5
answers
6k
views
Given extensive protections in modern operating systems that make buffer overflow exploits unfeasible, should I even bother studying these?
I’ve been diving into the world of buffer overflow vulnerabilities and their exploitation, which has been both challenging and fascinating. However, I’ve recently hit a mental roadblock and would love ...
- 350
-1
votes
1
answer
224
views
Recieve buffer overflow on WiFi/Ethernet card
Is it possible that if an attacker sends an abnormally large packet to a WiFi / Ethernet card of a computer, it will write past the buffer of the onboard memory and into other areas? Like maybe the ...
- 49
0
votes
2
answers
522
views
How should be set an unprotect environment on modern linux to test an old buffer overflow example?
Reading a technical paper on the issue I wanted to test it on my computer.
The idea is to provoke privilege escalation (change on the whoami output from peter to root) through a buffer overflow.
The ...
- 101
0
votes
0
answers
207
views
bin/sh in return-to-libc attacks
Return-to-libc is an attack where the attacker, in most cases, returns to the system function, which it uses to execute shell commands. However, I am confused about two things:
The command that the ...
- 1
1
vote
1
answer
204
views
Segmentation fault without rip even getting overwritten Buffer Overflow
I was trying to overflow the return pointer of a simple program. I have asrl disabled and I compiled like this gcc returnexp.c -o returnexp -fno-stack-protector.
(I would disable noexecstack later on ...
1
vote
0
answers
116
views
Jump-Oriented Programming: Why is it better/easier to jump to the dispatcher gadget than to jump from one functional gadget directly to another?
Jump-oriented Programming: Why is it better/easier to jump to the dispatcher gadget than to jump from one functional gadget directly to another functional gadget?
My understanding of JOP:
In jump-...
- 21
2
votes
0
answers
159
views
When gets reads a string, it does not read \x00, which is the NULL character. So how to separate two different addresses to complete ROP?
First I used ROPgadget to find two assembly instructions:
xor rax; ret and pop rcx; ret,
They are at 0x401270 and 0x40133b.
Then I tried to put them at the top of the stack, but because the gets ...
- 21
1
vote
2
answers
466
views
Problem overiding the return address when performing a buffer overflow, what am I missing?
Playing around with probably the most basic buffer overflow attack there is on my raspberry pi, looks like this
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]) {
...
- 61
1
vote
0
answers
61
views
Can't print hexadecimal formatted address in buffer overflow
I'm trying to overwrite the return address caused by a buffer overflow. I've already calculated the distance between the buffer and the return address. The address that I want to jump to is ...
- 81
0
votes
1
answer
1k
views
Simple Buffer Overflow (Function Call) Problem
I'm trying to develop a simple buffer overflow CTF challenge inspired by the "Csaw 2016 Quals Warmup" challenge, here. I've managed to replicate the source code:
#include <stdio.h>
#...
