Questions tagged [stack-overflow]
The stack-overflow tag has no usage guidance.
57
questions
1
vote
0
answers
28
views
Can't print hexadecimal formatted address in buffer overflow
I'm trying to overwrite the return address caused by a buffer overflow. I've already calculated the distance between the buffer and the return address. The address that I want to jump to is ...
- 71
0
votes
1
answer
111
views
How to return to main after performing stack buffer overflow
#include <stdio.h>
#include <stdlib.h>
void reading();
void reading_hexa(char*);
void secret();
int main()
{
reading();
printf("Input done\n");
exit(0);
}
void ...
0
votes
0
answers
115
views
Does VxWorks has a stack canary mechanism?
I'm trying to understand if VxWorks has the ability to support stack canary protection. I couldn't find any info on that.
- 103
1
vote
1
answer
142
views
bufferoverflow chars gets replaced on stack [closed]
So I try to understand stack based buffer-overflow but now I am stuck. This is the vulnerable function (32 bit ELF).
int test(char* input)
{
char buf[100];
printf("Buffer is at %p\n",...
- 21
1
vote
2
answers
319
views
Is Stack Exchange immune to DDoS and DoS attacks?
I have heard that DDoS and DoS attacks work most of the time and that they are used when SQL insertion and other methods fail. I know Stack Exchange has a lot of programmers, and that they have this ...
- 13
1
vote
1
answer
757
views
Why are stack canaries not enabled by default on GCC?
I'm trying to understand why stack canaries are not enabled by default. It makes sense to me that they should be, given the interest in security? https://stackoverflow.com/questions/49693870/stack-...
- 537
0
votes
0
answers
191
views
Buffer Overflow with ROP Chain Output Problem
I have the following problem: I have this C program and I have done buffer overflow using ROP gadgets. I have a problem with the output.
I want to stop the printf() call in the vuln function to get ...
0
votes
1
answer
199
views
Stack vs Heap exploit, which have more CVE documented?
I tried to google this topic but most of them are conflicting each other. On the other side, I found a case where I can use either stack (local variable) or heap for a dynamic string. It's C by the ...
- 133
1
vote
1
answer
947
views
Heap overflow - strcpy() on x86_64 (64bit)
I'm stuck on the Heap1 challenge from Exploit Education.
After compiling the source code in a 64bit system, without any security mechanism, I try to overflow the heap in order to overwrite the main ...
- 21
1
vote
0
answers
332
views
What can you do against fortify-source (stack overflow)?
I was practicing stack buffer exploitation on a well known application
I was able to bypass canaries, ASLR and nx bit with techniques easily found on the internet
However it has fortify-source enabled ...
- 143
2
votes
1
answer
181
views
Is this paper on stack canaries outdated?
According to this paper on defeating stackguard, it seems canaries are placed lower in the stack (higher address) than EBP, allowing the attacker to overwrite EBP without being noticed. But when I ...
- 21
0
votes
2
answers
830
views
What is the maximum payload injection size
I have been conducting some minor research into the various forms of exploitation, such as buffer overflows and similar.
Most tutorials seem to focus on executing shellcode, that is code which ...
- 211
1
vote
0
answers
144
views
Question on stack overflow
I am preparing for an exam in Computer Security and doing a past-exam without soluions, so I wanted to check if my reasoning holds on a question about stack overflow. Below is the C code in question. ...
- 23
0
votes
1
answer
2k
views
Can you perform a buffer overflow and a format string attack at the same time?
So I hope I'm phrasing this right. I'm trying to exploit a piece of c code which you can see below.
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h&...
- 21
1
vote
1
answer
1k
views
Why does my compiler warn me about gets but not about scanf?
If I compile a code with gets, the compiler outputs a warning saying that the function shouldn't be used:
<source>:5:13: warning: 'char* gets(char*)' is deprecated [-Wdeprecated-declarations]
...
- 34