All Questions
25 questions
0votes
0answers
353views
64 Bit ELF Buffer Overflow Not working possibly due to if statement
I wrote the following: #include <stdio.h> int win(){ printf("Won!\n"); return 0; } int vulnerable(){ char buffer[20]; memset(buffer, 0, 10); printf("Input: &...
1vote
1answer
2kviews
Can't overwrite EIP in bufferoverflow example
I am trying to make a simple buffer-overflow exploit on an example program to understand binary exploitation a bit better. The goal is to simple write shellcode on the stack and execute it. However, ...
- 181
2votes
1answer
745views
Exploit education stack-five: trouble opening shell
Im trying the phoenix vm, challenge stack-five on exploit.education (http://exploit.education/phoenix/stack-five/). I run onto a problem while exploiting a stack overflow. The challenge is run execve('...
- 23
1vote
1answer
229views
Does flooding with bytes cause buffer overflow? [closed]
If I flood a C program with bytes can I cause buffer overflow, or is there other stuff I have to take into account?
- 33
1vote
1answer
2kviews
64bit buffer overflow fails with SIGILL, cannot understand the reason
I have been doing 32bit buffer overflows for some time and I decided to try some 64bit overflows, to explore some more realistic scenarios. I have compiled my code with gcc -fno-stack-protector -z ...
- 151
2votes
0answers
267views
Why can't you jump from SEH straight to payload for SEH buffer overflow?
From my understanding a typical way to achieve SEP buffer overflow (ignoring protections like DEP, SafeSEH, etc.) is to overwrite SEH with POP POP RET which goes back to nSEH which we control. nSEH ...
- 515
2votes
1answer
365views
How to exploit buffer overflow without space after return address?
I'm working on a binary exploitation challenge where the target (ELF/x86_64) has stack canaries, NX and PIE enabled. It implements a simple forking TCP server. After a connection is established, it ...
- 121
4votes
1answer
19kviews
Problem with overwriting the return address (buffer overflow)
I'm trying to exploit the following code with a buffer overflow and make it run the overflowed function: #include <string.h> #include <stdio.h> void overflowed() { printf("%s\...
- 141
1vote
1answer
468views
Developing MIPS exploit in python memory address getting parse as a value [closed]
I am trying to develop an exploit in python. but I am not able to write an proper exploit. Below are the scenarios were i am facing problem. below is the HTTP request which occurs the crash POST /cgi-...
0votes
1answer
284views
Is a filler needed in a buffer overflow exploit?
Why do I see a filler being used in some exploits? Take as an example the code below: exploit = junk + eip + nops + shellcode fill = "\x43"*(BUF_SIZE-len(exploit)) buf = exploit + fill I guess the ...
- 183
1vote
0answers
795views
Bufferoverflow attack shell code address calculation
I've completed a bufferoverflow attack by injecting shellcode into buffer, and executing exploit by: ./binary $(python -c 'print overflow +shellcode + adressofshellcode') Above exploit is working and ...
- 11
6votes
2answers
46kviews
return to libc- finding libc's address and finding offsets
So I tried performing a return-to-libc according to https://sploitfun.wordpress.com/2015/05/08/bypassing-nx-bit-using-return-to-libc/ . I found libc's address by using "ldd vuln", and found system's ...
- 73
3votes
2answers
3kviews
Unable to execute shellcode in basic buffer overflow example
I have a basic example of a program vulnerable to buffer overflow (extracted from this other question). #include <string.h> void vuln(char *arg) { char buffer[500]; strcpy(buffer, arg)...
- 209
3votes
2answers
7kviews
Cannot overwrite EIP in basic exploitation example
I'm trying to replicate a simple buffer overflow for which I have the following code (strcpy_ex.c): #include <string.h> int main( int argc, char** argv ) { char buffer[500]; ...
- 209
0votes
1answer
3kviews
What exploits are possible in languages like C/C++ other than overflow errors? [closed]
I know that C/C++ programs are highly susceptible to overflow errors that lead to program compromise. But I was wondering, are there any other vulnerabilites that can exist other than overflow errors? ...
- 113
