All Questions
13 questions
0votes
1answer
271views
How to return to main after performing stack buffer overflow
#include <stdio.h> #include <stdlib.h> void reading(); void reading_hexa(char*); void secret(); int main() { reading(); printf("Input done\n"); exit(0); } void ...
1vote
1answer
150views
bufferoverflow chars gets replaced on stack [closed]
So I try to understand stack based buffer-overflow but now I am stuck. This is the vulnerable function (32 bit ELF). int test(char* input) { char buf[100]; printf("Buffer is at %p\n",...
0votes
0answers
208views
Buffer Overflow with ROP Chain Output Problem
I have the following problem: I have this C program and I have done buffer overflow using ROP gadgets. I have a problem with the output. I want to stop the printf() call in the vuln function to get ...
1vote
0answers
150views
Question on stack overflow
I am preparing for an exam in Computer Security and doing a past-exam without soluions, so I wanted to check if my reasoning holds on a question about stack overflow. Below is the C code in question. ...
- 23
1vote
1answer
2kviews
Can you perform a buffer overflow and a format string attack at the same time?
So I hope I'm phrasing this right. I'm trying to exploit a piece of c code which you can see below. #include <stdlib.h> #include <unistd.h> #include <stdio.h> #include <string.h&...
2votes
1answer
364views
Having trouble with learning Buffer Overflows
So I have this program in C that I'm trying to exploit which has a vulnerability in a function, namely it's using gets. I'm trying to overflow and change the return address so the program returns one ...
0votes
0answers
434views
Problem with return 2 libc in 64 bit arch
I want to perform return to libc in 64 bit architecture using execve. I found a gadget with /bin/sh in it (the /bin/sh offset is 18a143): cbcd8: 00 00 cbcda: 4c 89 ea ...
0votes
1answer
885views
EIP pointing to shellcode but shellcode is not executing?
I have successfully overwritten the EIP register (pointing to my shellcode) but the shellcode is not executing. I compiled with the command gcc -g -fno-stack-protector -z execstack -no-pie vuln.c -o ...
0votes
2answers
588views
In Return-Oriented Programming how can the machine execute unaligned instructions?
I am reading "The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)". The author claims that x86 code is like English written without punctuation or spaces, ...
- 120
2votes
2answers
4kviews
Overflowing the buffer yet not jumping to address
I am a beginner at buffer overflows been studying this subject from a few days and i found this exercise (code from: here) I think understand the basic concept i write more than 64 bytes characters ...
1vote
2answers
1kviews
Buffer Overflow Stack Attack Exercise Help
So I am trying to complete a buffer overflow exercise. The code I am trying to exploit is below. What I want to be able to do is to insert my own print statement through the overflow attack. What I ...
2votes
2answers
2kviews
C - Simple Buffer Overflow Exploitation, how is the EIP overwritten in different type calling functions?
General Background: I have written an echo server trying to implement an example of BoF in C that utilizes a strcpy() function call like such: // .... including the corresponding libraries depending ...
- 375
2votes
2answers
288views
Software overflow exploitation lab
Working through a binary exploitation course posted by RPI a few years ago. Currently on the ASLR lab and having some trouble with it (although not with the parts related to ASLR). I can't figure out ...
- 101
