All Questions
6 questions
0votes
1answer
4kviews
How to bypass DEP and ASLR at the same time? [duplicate]
I have read some articles about bypassing DEP and ASLR , but it seems that they bypass ASLR and DEP by using the instructions in the modules not applying ASLR.But how to bypass ASLR and DEP in the ...
- 11
15votes
3answers
4kviews
Compiling a buffer overflow example in modern Linux?
I'm trying to compile a simple buffer overflow example on a Debian i386 VM. The executable builds ok, but EIP does not get overwritten correctly despite being supplied a sufficiently large input to ...
- 313
1vote
0answers
340views
Buffer overflow and register contents?
I am doing an exam practice question, suppose I have a function like; void func(char* arg) { char buf[32]; strcpy(buf, arg); } command break func: -buf begins at 0xbffebfb0 -(gdb) x/2wx $...
- 145
3votes
1answer
2kviews
Bypass Full ASLR+DEP exploit mitigation
Let's assume that a vulnerabled process is set up with an ASLR and DEP against all the imported modules used in this process and there is no way to find a module that is aslr free.. More over, the ...
- 31
2votes
1answer
359views
Are stack buffer overflows even possible in this instance?
Let's say there is a C program that simply takes a string argv[1] and uses sprintf to copy it in a finite buffer. Classic stack buffer overflow. Let's even say the program is more complicated, ...
- 21
4votes
2answers
3kviews
How does SEH based exploit bypass DEP and ASLR?
I am new to structured exception handling based exploits. Why don't we put our return address directly in SE handler to jump to our shellcode? (with no safe SEH) Can anybody explain the reason of ...
- 41
