All Questions
Tagged with exploit-developmentbuffer-overflow
47 questions
1vote
0answers
38views
Can't print hexadecimal formatted address in buffer overflow
I'm trying to overwrite the return address caused by a buffer overflow. I've already calculated the distance between the buffer and the return address. The address that I want to jump to is ...
- 81
0votes
0answers
353views
64 Bit ELF Buffer Overflow Not working possibly due to if statement
I wrote the following: #include <stdio.h> int win(){ printf("Won!\n"); return 0; } int vulnerable(){ char buffer[20]; memset(buffer, 0, 10); printf("Input: &...
1vote
1answer
2kviews
Can't overwrite EIP in bufferoverflow example
I am trying to make a simple buffer-overflow exploit on an example program to understand binary exploitation a bit better. The goal is to simple write shellcode on the stack and execute it. However, ...
- 181
0votes
1answer
570views
Assigning memory address of shellcode to buffer (for buffer overflow input)
I am attempting to exploit HEVD kernel driver buffer overflow challenge: https://github.com/hacksysteam/HackSysExtremeVulnerableDriver However when running the below code my windows 7 machine doesn't ...
- 11
1vote
1answer
1kviews
Understanding ret2libc return address location
I recently was studying x86 buffer overflows + ret2libc attacks from https://www.ret2rop.com/2018/08/return-to-libc.html and I noticed the order is as follows: bytes to fill buffer + address of system ...
- 13
2votes
1answer
745views
Exploit education stack-five: trouble opening shell
Im trying the phoenix vm, challenge stack-five on exploit.education (http://exploit.education/phoenix/stack-five/). I run onto a problem while exploiting a stack overflow. The challenge is run execve('...
- 23
2votes
1answer
2kviews
segmentation fault at strcpy while perforforming a buffer overflow
I have this code that I need to use to perform a ret2libc #include <stdio.h> #include <string.h> int main(int argc, char *argv[]) { char buf[256]; printf("buff is at:%p\n",buf); ...
- 23
1vote
1answer
229views
Does flooding with bytes cause buffer overflow? [closed]
If I flood a C program with bytes can I cause buffer overflow, or is there other stuff I have to take into account?
- 33
2votes
1answer
547views
How many actions do you need to take to disable DEP
I am attempting to disable DEP on a program that will be used in a demonstration of how a basic buffer overflow works. The application is a C++ app written in visual studio and I am running into ...
- 21
2votes
2answers
2kviews
Cannot build a ROP chain
My ROP exploit crashes with segmentation fault for unknown reason. This is a vulnerable code (compiled via command gcc h2.c -no-pie -fno-stack-protector -m32 -o h2): #include <stdio.h> #include &...
- 59
1vote
1answer
2kviews
64bit buffer overflow fails with SIGILL, cannot understand the reason
I have been doing 32bit buffer overflows for some time and I decided to try some 64bit overflows, to explore some more realistic scenarios. I have compiled my code with gcc -fno-stack-protector -z ...
- 151
2votes
0answers
267views
Why can't you jump from SEH straight to payload for SEH buffer overflow?
From my understanding a typical way to achieve SEP buffer overflow (ignoring protections like DEP, SafeSEH, etc.) is to overwrite SEH with POP POP RET which goes back to nSEH which we control. nSEH ...
- 515
2votes
1answer
1kviews
buffer overflow in MIPS - jump to address 0x0040xxxx
I'm trying to exploit a buffer overflow vulnerability in MIPS architecture. ASLR is enable, but the binary compiled without PIE (hence loaded always to 0x00400000). However, the vulnerable code uses ...
1vote
1answer
3kviews
What is the purpose of using hex escape sequences when writing buffer overflow exploits?
I was trying to overwrite fp function pointer to 0x8048424(win() location) so that function win() will be called to solve this problem(machine is little endian) #include <stdlib.h> #include <...
- 187
2votes
1answer
365views
How to exploit buffer overflow without space after return address?
I'm working on a binary exploitation challenge where the target (ELF/x86_64) has stack canaries, NX and PIE enabled. It implements a simple forking TCP server. After a connection is established, it ...
- 121
