Questions tagged [buffer-overflow]
A buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory.
507
questions
1
vote
0
answers
46
views
Jump-Oriented Programming: Why is it better/easier to jump to the dispatcher gadget than to jump from one functional gadget directly to another?
Jump-oriented Programming: Why is it better/easier to jump to the dispatcher gadget than to jump from one functional gadget directly to another functional gadget?
My understanding of JOP:
In jump-...
- 11
0
votes
0
answers
26
views
Jump-Oriented Programming: Harder than ROP because the registers need to be prepared individually? + Turing complete, but large overhead/slow?
Full title: Jump-Oriented Programming: Is it harder than traditional return-oriented programming because you need to manually prepare all the addresses and registers or is there a different reason?
...
- 11
2
votes
0
answers
76
views
When gets reads a string, it does not read \x00, which is the NULL character. So how to separate two different addresses to complete ROP?
First I used ROPgadget to find two assembly instructions:
xor rax; ret and pop rcx; ret,
They are at 0x401270 and 0x40133b.
Then I tried to put them at the top of the stack, but because the gets ...
- 21
1
vote
2
answers
139
views
Problem overiding the return address when performing a buffer overflow, what am I missing?
Playing around with probably the most basic buffer overflow attack there is on my raspberry pi, looks like this
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]) {
...
- 61
1
vote
0
answers
28
views
Can't print hexadecimal formatted address in buffer overflow
I'm trying to overwrite the return address caused by a buffer overflow. I've already calculated the distance between the buffer and the return address. The address that I want to jump to is ...
- 71
0
votes
1
answer
123
views
Simple Buffer Overflow (Function Call) Problem
I'm trying to develop a simple buffer overflow CTF challenge inspired by the "Csaw 2016 Quals Warmup" challenge, here. I've managed to replicate the source code:
#include <stdio.h>
#...
0
votes
0
answers
110
views
push /bin/sh to get a shell
I usually use a different method to push /bin/sh in rdi to get a shell, but I wanted to try this one :
Put in case that I can control the RIP and there are no limitations or filters. So I can execute ...
- 1
0
votes
1
answer
110
views
How to return to main after performing stack buffer overflow
#include <stdio.h>
#include <stdlib.h>
void reading();
void reading_hexa(char*);
void secret();
int main()
{
reading();
printf("Input done\n");
exit(0);
}
void ...
1
vote
0
answers
113
views
How to properly pack address into bytes to overwrite EIP register
I'm learning how to exploit a tiny web server based on a well written post here: https://blog.coffinsec.com/2017/11/10/tiny-web-server-buffer-overflow-discovery-and-poc.html
I am very close to ...
- 111
0
votes
0
answers
129
views
Problem exploiting buffer overflow
I have the following program in C:
#include <stdio.h>
#include <string.h>
void some_function(char * name) {
char buf[128];
strcpy(buf, "The next step is... ");
strcat(...
- 103
1
vote
0
answers
307
views
Buffer Overflow Attack when size of Buffer is small on 64bit CPU architecture
I was trying to solve the Buffer Overflow SetUID lab but stuck in Task 6: L4, to perform the attack when the Buffer Size is small 10.
I understood that since len(shellcode) would be larger the ...
- 11
0
votes
1
answer
500
views
Unable to execute shellcode on x86_64 architecture
I currently got interested in binary exploitation (even though I do not know if today is still useful).
I started studying shellcode and buffer overflow (stack-buffer overflow, specifically). I know ...
0
votes
1
answer
270
views
Buffer Overflow not working. Don't know why?
Here's the output:
pwndbg> p give_shell
$5 = {void ()} 0x8049217 <give_shell>
So if I write this payload python2 -c "print 'A'*104 + '\x1B\x92\x04\x08' + '\x17\x92\x04\x08'" > ...
- 129
1
vote
1
answer
141
views
bufferoverflow chars gets replaced on stack [closed]
So I try to understand stack based buffer-overflow but now I am stuck. This is the vulnerable function (32 bit ELF).
int test(char* input)
{
char buf[100];
printf("Buffer is at %p\n",...
- 21
0
votes
0
answers
368
views
Program segfaults when ran with GDB
this is my first time posting a question here, so forgive me if I don't give enough details. I will provide any extra details that are requested.
Basically, I'm practicing a buffer overflow, and I'm ...
