All Questions
Tagged with exploit-developmentbuffer-overflow
6 questions
10votes
2answers
8kviews
Why must a ret2libc attack follow the order "system(),exit(),command?
In a ret2libc attack, I understand that the return address can be overwritten with the address of the system command, which takes a command string as an argument. In this case, shouldn't the address ...
- 439
6votes
2answers
3kviews
Buffer overflow exploit works with gdb but not without
I am learning about buffer overflows and I’m developing my very first exploit. There is a server process that listens to a socket and forks a new process for each client. The child process has a ...
6votes
2answers
46kviews
return to libc- finding libc's address and finding offsets
So I tried performing a return-to-libc according to https://sploitfun.wordpress.com/2015/05/08/bypassing-nx-bit-using-return-to-libc/ . I found libc's address by using "ldd vuln", and found system's ...
- 73
5votes
1answer
6kviews
Using (cat $file; cat) to run a simple BOF exploit
Im getting acquainted with Buffer Overflows (BOF) and was replicating a simple attack described by Techorganic. They create a simple C program called "classic", which contains an obvious BOF ...
3votes
2answers
7kviews
Cannot overwrite EIP in basic exploitation example
I'm trying to replicate a simple buffer overflow for which I have the following code (strcpy_ex.c): #include <string.h> int main( int argc, char** argv ) { char buffer[500]; ...
- 209
2votes
1answer
2kviews
segmentation fault at strcpy while perforforming a buffer overflow
I have this code that I need to use to perform a ret2libc #include <stdio.h> #include <string.h> int main(int argc, char *argv[]) { char buf[256]; printf("buff is at:%p\n",buf); ...
- 23
