All Questions
6 questions
0votes
0answers
353views
64 Bit ELF Buffer Overflow Not working possibly due to if statement
I wrote the following: #include <stdio.h> int win(){ printf("Won!\n"); return 0; } int vulnerable(){ char buffer[20]; memset(buffer, 0, 10); printf("Input: &...
2votes
1answer
512views
Does an Egghunter attack still make sense in a 64 bit system?
Background An Egghunter is basically a low size stub that acts as a first stage in a 2 stage exploitation attempt (whereas second stage is usually the malicious payload shellcode). In the first stage,...
- 375
7votes
1answer
2kviews
Exploit only works in gdb
tl;dr: Why my exploit only works inside gdb. I'm very new to the buffer overflow and exploit development fields. To improve my skills based on a serie of papers and videos I wrote this simple C ...
- 101
3votes
1answer
5kviews
How to exploit binary with no syscall gadget or information leak in full ASLR and NX?
So I have a Linux x86-64 binary linked with libc dynamically running on patched Ubuntu 16.04 remotely. The executable makes one call to libc read and exits, allowing simple stack overflow into ROP. ...
- 181
2votes
3answers
2kviews
How can I execute shell in this CTF exercise?
I am playing a CTF wargame and unfortunatley got stuck at this level, so I want to "crowdsource" it. No need for complete answer, but hints would be enough. How can I: Make strcmp to be 0 (evaluate ...
- 1,007
2votes
1answer
383views
Run fuzzer on any service or process in Linux
I have seen examples of fuzzers to submit different inputs to some application or port. How can we run fuzzers on services or processes like any background process for any application? Any ideas or ...
- 135
