All Questions
Tagged with buffer-overflowexploit
140 questions
4votes
0answers
81views
How much do ARM-like link registers make return-oriented programming harder?
ROP usually uses a buffer overflow to overwrite the x86 return address. However, ARM stores that in a register. What is the effect of this on return-oriented programming attacks on non-x86 ...
- 141
1vote
1answer
135views
Segmentation fault without rip even getting overwritten Buffer Overflow
I was trying to overflow the return pointer of a simple program. I have asrl disabled and I compiled like this gcc returnexp.c -o returnexp -fno-stack-protector. (I would disable noexecstack later on ...
1vote
0answers
82views
Jump-Oriented Programming: Why is it better/easier to jump to the dispatcher gadget than to jump from one functional gadget directly to another?
Jump-oriented Programming: Why is it better/easier to jump to the dispatcher gadget than to jump from one functional gadget directly to another functional gadget? My understanding of JOP: In jump-...
0votes
0answers
99views
Jump-Oriented Programming: Harder than ROP because the registers need to be prepared individually? + Turing complete, but large overhead/slow?
Full title: Jump-Oriented Programming: Is it harder than traditional return-oriented programming because you need to manually prepare all the addresses and registers or is there a different reason? ...
2votes
0answers
116views
When gets reads a string, it does not read \x00, which is the NULL character. So how to separate two different addresses to complete ROP?
First I used ROPgadget to find two assembly instructions: xor rax; ret and pop rcx; ret, They are at 0x401270 and 0x40133b. Then I tried to put them at the top of the stack, but because the gets ...
- 21
1vote
0answers
175views
How to properly pack address into bytes to overwrite EIP register
I'm learning how to exploit a tiny web server based on a well written post here: https://blog.coffinsec.com/2017/11/10/tiny-web-server-buffer-overflow-discovery-and-poc.html I am very close to ...
- 111
0votes
1answer
757views
Unable to execute shellcode on x86_64 architecture
I currently got interested in binary exploitation (even though I do not know if today is still useful). I started studying shellcode and buffer overflow (stack-buffer overflow, specifically). I know ...
1vote
2answers
1kviews
Finding offset using Buffer overflow pattern generator
I am trying to find the offset for a buffer overflow attack for a simple C program using a Buffer overflow pattern generator #include <stdio.h> #include <string.h> int main (int argc, ...
- 11
0votes
0answers
208views
Buffer Overflow with ROP Chain Output Problem
I have the following problem: I have this C program and I have done buffer overflow using ROP gadgets. I have a problem with the output. I want to stop the printf() call in the vuln function to get ...
2votes
1answer
280views
Avoid stack addresses containing zeros
I'm learning some hacking with Erickson's "The Art of Explotation". To try out the exploits myself, I'm using C on a virtual maching with 32-bit Debian on my windows laptop (in VirtualBox). ...
- 131
0votes
0answers
353views
64 Bit ELF Buffer Overflow Not working possibly due to if statement
I wrote the following: #include <stdio.h> int win(){ printf("Won!\n"); return 0; } int vulnerable(){ char buffer[20]; memset(buffer, 0, 10); printf("Input: &...
2votes
2answers
2kviews
ROP executes system("/bin/sh") but does not attach to it
Here is the code: import struct buf = "" buf += "A" * 552 buf += struct.pack('<Q', 0x401493) # pop rdi; ret buf += struct.pack('<Q', 0x7ffff7f79152) # /bin/sh buf += ...
- 121
0votes
1answer
500views
Bufferoverflow for small return address
I am using buffer overflow to overwrite the return address and calls another function. The name of function I call by overwriting the return address is not_called. Here is how I create the payload (...
- 103
1vote
1answer
2kviews
Can't overwrite EIP in bufferoverflow example
I am trying to make a simple buffer-overflow exploit on an example program to understand binary exploitation a bit better. The goal is to simple write shellcode on the stack and execute it. However, ...
- 181
4votes
2answers
314views
Instruction Overwrites with Garbage?
I am practicing a function return address overwriting exploit. However, the program instruction pointer instead gets overwritten by gibberish. I have tried compiling with -fno-builtin and -fno-...
- 2,032
