All Questions

3 questions

10votes

2answers

8kviews

Why must a ret2libc attack follow the order "system(),exit(),command?

In a ret2libc attack, I understand that the return address can be overwritten with the address of the system command, which takes a command string as an argument. In this case, shouldn't the address ...

Lew Wei Hao

asked Sep 12, 2016 at 21:31

6votes

2answers

46kviews

return to libc- finding libc's address and finding offsets

So I tried performing a return-to-libc according to https://sploitfun.wordpress.com/2015/05/08/bypassing-nx-bit-using-return-to-libc/ . I found libc's address by using "ldd vuln", and found system's ...

Jonathan

asked Aug 24, 2017 at 7:33

3votes

2answers

7kviews

Cannot overwrite EIP in basic exploitation example

I'm trying to replicate a simple buffer overflow for which I have the following code (strcpy_ex.c): #include <string.h> int main( int argc, char** argv ) { char buffer[500]; ...

Jausk

asked Jul 28, 2017 at 19:32

Stack Exchange Network

All Questions

Why must a ret2libc attack follow the order "system(),exit(),command?

return to libc- finding libc's address and finding offsets

Cannot overwrite EIP in basic exploitation example

Hot Network Questions

All Questions

Related Tags