All Questions
Tagged with stack-overflowexploit
9 questions
10votes
2answers
8kviews
Why must a ret2libc attack follow the order "system(),exit(),command?
In a ret2libc attack, I understand that the return address can be overwritten with the address of the system command, which takes a command string as an argument. In this case, shouldn't the address ...
- 439
3votes
1answer
3kviews
Cannot exploit stack-based buffer overflow with ASLR-disabled, since RSP differs heavily between executions?
I have made a little toy program, compiled with ALSR disabled, that I want to exploit using stack-based buffer overflow: // gcc stackexec0x1.c -Wl,-z,execstack -no-pie -fno-stack-protector -o ...
- 1,297
2votes
1answer
2kviews
Stackpivoting techniques
I'm practicing exploit development and one of the scenario I am haing most difficulties with is stack pivoting besides the "ADD ESP, XXX" or something like that. The question is, during the writing ...
- 171
2votes
1answer
745views
Exploit education stack-five: trouble opening shell
Im trying the phoenix vm, challenge stack-five on exploit.education (http://exploit.education/phoenix/stack-five/). I run onto a problem while exploiting a stack overflow. The challenge is run execve('...
- 23
1vote
3answers
267views
Why Does Only 1 Of These 2 Almost-identical Payloads Give Me A Shell?
I wrote a vulnerable test program to practice buffer overflows; however, I was having trouble getting it to work. Finally, after slightly modifying the return address, I was able to gain a shell, but ...
- 113
1vote
1answer
2kviews
Bufferoverflow - jmp esp. Do I need nops sled? Does call esp also work?
I'm learning about stack buffer overflow and I'd appreciate help. I'm exploiting simple web server containing this log function. Argument s1 is the input that I supply via HTTP. Server is running on ...
1vote
1answer
2kviews
Cannot execute shellcode using buffer overflow
As a home exercise I'm trying to achieve buffer overflow attack by running a simple char array program that stores the input argument in the program stack and then overflowing that stack with long ...
- 113
0votes
0answers
208views
Buffer Overflow with ROP Chain Output Problem
I have the following problem: I have this C program and I have done buffer overflow using ROP gadgets. I have a problem with the output. I want to stop the printf() call in the vuln function to get ...
-1votes
3answers
2kviews
ret2libc - why need 4 bytes of garbage
So I started to learn reverse engineering, and I came across the ret2libc exploit. I tried to understand how it works and I got a bit confused. They say that when you return to the address of system ...
