All Questions
4 questions
1vote
1answer
1kviews
Understanding ret2libc return address location
I recently was studying x86 buffer overflows + ret2libc attacks from https://www.ret2rop.com/2018/08/return-to-libc.html and I noticed the order is as follows: bytes to fill buffer + address of system ...
- 653
2votes
1answer
2kviews
segmentation fault at strcpy while perforforming a buffer overflow
I have this code that I need to use to perform a ret2libc #include <stdio.h> #include <string.h> int main(int argc, char *argv[]) { char buf[256]; printf("buff is at:%p\n",buf); ...
- 13.3k
2votes
2answers
2kviews
Cannot build a ROP chain
My ROP exploit crashes with segmentation fault for unknown reason. This is a vulnerable code (compiled via command gcc h2.c -no-pie -fno-stack-protector -m32 -o h2): #include <stdio.h> #include &...
CommunityBot
- 1
3votes
1answer
3kviews
Why ret2libc is not working in the below code on x86_64?
I am trying to bypass DEP in x86_64 (64 bit - ASLR OFF). I have my own vulnerable code and I have also written an exploit code with a basic ROP to jump into system() with parameter "/bin/sh",...
CommunityBot
- 1
