All Questions
Tagged with stack-overflowbuffer-overflow
32 questions
24votes
5answers
5kviews
Given extensive protections in modern operating systems that make buffer overflow exploits unfeasible, should I even bother studying these?
I’ve been diving into the world of buffer overflow vulnerabilities and their exploitation, which has been both challenging and fascinating. However, I’ve recently hit a mental roadblock and would love ...
1vote
0answers
38views
Can't print hexadecimal formatted address in buffer overflow
I'm trying to overwrite the return address caused by a buffer overflow. I've already calculated the distance between the buffer and the return address. The address that I want to jump to is ...
- 81
0votes
1answer
270views
How to return to main after performing stack buffer overflow
#include <stdio.h> #include <stdlib.h> void reading(); void reading_hexa(char*); void secret(); int main() { reading(); printf("Input done\n"); exit(0); } void ...
1vote
1answer
150views
bufferoverflow chars gets replaced on stack [closed]
So I try to understand stack based buffer-overflow but now I am stuck. This is the vulnerable function (32 bit ELF). int test(char* input) { char buf[100]; printf("Buffer is at %p\n",...
0votes
0answers
208views
Buffer Overflow with ROP Chain Output Problem
I have the following problem: I have this C program and I have done buffer overflow using ROP gadgets. I have a problem with the output. I want to stop the printf() call in the vuln function to get ...
0votes
2answers
906views
What is the maximum payload injection size
I have been conducting some minor research into the various forms of exploitation, such as buffer overflows and similar. Most tutorials seem to focus on executing shellcode, that is code which ...
- 221
1vote
0answers
150views
Question on stack overflow
I am preparing for an exam in Computer Security and doing a past-exam without soluions, so I wanted to check if my reasoning holds on a question about stack overflow. Below is the C code in question. ...
- 23
1vote
1answer
2kviews
Can you perform a buffer overflow and a format string attack at the same time?
So I hope I'm phrasing this right. I'm trying to exploit a piece of c code which you can see below. #include <stdlib.h> #include <unistd.h> #include <stdio.h> #include <string.h&...
2votes
1answer
364views
Having trouble with learning Buffer Overflows
So I have this program in C that I'm trying to exploit which has a vulnerability in a function, namely it's using gets. I'm trying to overflow and change the return address so the program returns one ...
0votes
0answers
239views
Where does the SP (Stack Pointer) point to when the buffer is overflown?
Let's consider a stack that grows downwards and a function that has a local variable for a buffer that takes 100 bytes of memory. So, reading from top to bottom, it would be a 4-byte long return ...
- 101
0votes
0answers
434views
Problem with return 2 libc in 64 bit arch
I want to perform return to libc in 64 bit architecture using execve. I found a gadget with /bin/sh in it (the /bin/sh offset is 18a143): cbcd8: 00 00 cbcda: 4c 89 ea ...
0votes
1answer
637views
BufferOverFlow - How come ESP points to the end of the payload
I just don't understand how ESP points to the shellcode let's say we've sent this string string = 100 * 'A' + 'BBBB' + 'CCCC' I have filled the stack with 'AAAA..' and overwritten the EIP value and ...
2votes
1answer
745views
Exploit education stack-five: trouble opening shell
Im trying the phoenix vm, challenge stack-five on exploit.education (http://exploit.education/phoenix/stack-five/). I run onto a problem while exploiting a stack overflow. The challenge is run execve('...
- 23
1vote
1answer
2kviews
Cannot execute shellcode using buffer overflow
As a home exercise I'm trying to achieve buffer overflow attack by running a simple char array program that stores the input argument in the program stack and then overflowing that stack with long ...
- 113
0votes
1answer
885views
EIP pointing to shellcode but shellcode is not executing?
I have successfully overwritten the EIP register (pointing to my shellcode) but the shellcode is not executing. I compiled with the command gcc -g -fno-stack-protector -z execstack -no-pie vuln.c -o ...
