All Questions
6 questions
0votes
0answers
208views
Buffer Overflow with ROP Chain Output Problem
I have the following problem: I have this C program and I have done buffer overflow using ROP gadgets. I have a problem with the output. I want to stop the printf() call in the vuln function to get ...
2votes
1answer
745views
Exploit education stack-five: trouble opening shell
Im trying the phoenix vm, challenge stack-five on exploit.education (http://exploit.education/phoenix/stack-five/). I run onto a problem while exploiting a stack overflow. The challenge is run execve('...
- 23
1vote
1answer
2kviews
Cannot execute shellcode using buffer overflow
As a home exercise I'm trying to achieve buffer overflow attack by running a simple char array program that stores the input argument in the program stack and then overflowing that stack with long ...
- 113
1vote
3answers
267views
Why Does Only 1 Of These 2 Almost-identical Payloads Give Me A Shell?
I wrote a vulnerable test program to practice buffer overflows; however, I was having trouble getting it to work. Finally, after slightly modifying the return address, I was able to gain a shell, but ...
- 113
1vote
1answer
2kviews
Bufferoverflow - jmp esp. Do I need nops sled? Does call esp also work?
I'm learning about stack buffer overflow and I'd appreciate help. I'm exploiting simple web server containing this log function. Argument s1 is the input that I supply via HTTP. Server is running on ...
10votes
2answers
8kviews
Why must a ret2libc attack follow the order "system(),exit(),command?
In a ret2libc attack, I understand that the return address can be overwritten with the address of the system command, which takes a command string as an argument. In this case, shouldn't the address ...
- 439
