Questions tagged [buffer-overflow]
A buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory.
514 questions
4votes
0answers
81views
How much do ARM-like link registers make return-oriented programming harder?
ROP usually uses a buffer overflow to overwrite the x86 return address. However, ARM stores that in a register. What is the effect of this on return-oriented programming attacks on non-x86 ...
- 141
0votes
0answers
46views
May read() syscall not set first bytes of a buffer?
I'm working on some pwn.college binary exploitation challenges. ASLR is disable, stack is executable and there is no canary. I'm not understanding one thing. I have my shellcode which open the flag ...
- 111
9votes
2answers
3kviews
Can buffer overflow attacks become impossible?
I admit that I don't fully understand how buffer overflow attacks works, but as far I understand, the attacker send an input that is longer than the section of memory that is supposed to temporarily ...
- 191
2votes
0answers
154views
How to do a bufferoverflow attack for a simple C program?
Consider the following simple C program that asks the user for to input their user name and password in order to get access to some website. (The correct username is supposed to be "admin" ...
- 121
24votes
5answers
5kviews
Given extensive protections in modern operating systems that make buffer overflow exploits unfeasible, should I even bother studying these?
I’ve been diving into the world of buffer overflow vulnerabilities and their exploitation, which has been both challenging and fascinating. However, I’ve recently hit a mental roadblock and would love ...
-1votes
1answer
138views
Recieve buffer overflow on WiFi/Ethernet card
Is it possible that if an attacker sends an abnormally large packet to a WiFi / Ethernet card of a computer, it will write past the buffer of the onboard memory and into other areas? Like maybe the ...
0votes
2answers
466views
How should be set an unprotect environment on modern linux to test an old buffer overflow example?
Reading a technical paper on the issue I wanted to test it on my computer. The idea is to provoke privilege escalation (change on the whoami output from peter to root) through a buffer overflow. The ...
- 101
0votes
0answers
151views
bin/sh in return-to-libc attacks
Return-to-libc is an attack where the attacker, in most cases, returns to the system function, which it uses to execute shell commands. However, I am confused about two things: The command that the ...
1vote
1answer
135views
Segmentation fault without rip even getting overwritten Buffer Overflow
I was trying to overflow the return pointer of a simple program. I have asrl disabled and I compiled like this gcc returnexp.c -o returnexp -fno-stack-protector. (I would disable noexecstack later on ...
1vote
0answers
82views
Jump-Oriented Programming: Why is it better/easier to jump to the dispatcher gadget than to jump from one functional gadget directly to another?
Jump-oriented Programming: Why is it better/easier to jump to the dispatcher gadget than to jump from one functional gadget directly to another functional gadget? My understanding of JOP: In jump-...
0votes
0answers
99views
Jump-Oriented Programming: Harder than ROP because the registers need to be prepared individually? + Turing complete, but large overhead/slow?
Full title: Jump-Oriented Programming: Is it harder than traditional return-oriented programming because you need to manually prepare all the addresses and registers or is there a different reason? ...
2votes
0answers
116views
When gets reads a string, it does not read \x00, which is the NULL character. So how to separate two different addresses to complete ROP?
First I used ROPgadget to find two assembly instructions: xor rax; ret and pop rcx; ret, They are at 0x401270 and 0x40133b. Then I tried to put them at the top of the stack, but because the gets ...
- 21
1vote
2answers
281views
Problem overiding the return address when performing a buffer overflow, what am I missing?
Playing around with probably the most basic buffer overflow attack there is on my raspberry pi, looks like this #include <stdio.h> #include <string.h> int main(int argc, char *argv[]) { ...
- 61
1vote
0answers
38views
Can't print hexadecimal formatted address in buffer overflow
I'm trying to overwrite the return address caused by a buffer overflow. I've already calculated the distance between the buffer and the return address. The address that I want to jump to is ...
- 81
0votes
1answer
862views
Simple Buffer Overflow (Function Call) Problem
I'm trying to develop a simple buffer overflow CTF challenge inspired by the "Csaw 2016 Quals Warmup" challenge, here. I've managed to replicate the source code: #include <stdio.h> #...
