All Questions
Tagged with buffer-overflowmemory
24 questions
4votes
0answers
81views
How much do ARM-like link registers make return-oriented programming harder?
ROP usually uses a buffer overflow to overwrite the x86 return address. However, ARM stores that in a register. What is the effect of this on return-oriented programming attacks on non-x86 ...
- 141
-1votes
1answer
139views
Recieve buffer overflow on WiFi/Ethernet card
Is it possible that if an attacker sends an abnormally large packet to a WiFi / Ethernet card of a computer, it will write past the buffer of the onboard memory and into other areas? Like maybe the ...
0votes
0answers
353views
64 Bit ELF Buffer Overflow Not working possibly due to if statement
I wrote the following: #include <stdio.h> int win(){ printf("Won!\n"); return 0; } int vulnerable(){ char buffer[20]; memset(buffer, 0, 10); printf("Input: &...
0votes
1answer
535views
Buffer overread
I am trying to understand buffer overread in my course in school. This code is an example from one of the lectures where buffer overread can be a problem. However, I do not understand how buffer ...
1vote
0answers
150views
Question on stack overflow
I am preparing for an exam in Computer Security and doing a past-exam without soluions, so I wanted to check if my reasoning holds on a question about stack overflow. Below is the C code in question. ...
- 23
0votes
1answer
569views
Assigning memory address of shellcode to buffer (for buffer overflow input)
I am attempting to exploit HEVD kernel driver buffer overflow challenge: https://github.com/hacksysteam/HackSysExtremeVulnerableDriver However when running the below code my windows 7 machine doesn't ...
- 11
0votes
2answers
1kviews
Find Buffer Overflows at a target you want to gain access
I want to pass my OSCP exam and I am learning with the material I got. I watched the videos and read the pdf but I have a question about buffer overflows. In the example in the videos, the guy has ...
- 121
1vote
0answers
410views
Is a Buffer Overflow / NOP Slide possible for memory addresses that contain null bytes?
I have been reading up on Buffer Overflows and NOP Sleds. I tried to use the exploit on an example target and I got stuck because I needed to inject a null byte in the return address for my BP so that ...
- 11
2votes
0answers
656views
Format String Vulnerability - Can't read an address from stdin with read() in C
I wanted to exploit this code using format string vulnerability: int jackpot; void fmt_str(void) { char buf[128]; puts("Give me a string to print"); read(0, buf, 128); printf(buf); ...
- 21
1vote
2answers
531views
Buffer overflow attack
I am learning about buffer overflow attacks and one thing that i am not able to understand is that in most operating systems an stack is may not necessarily be a contiguous block of memory in the ...
5votes
1answer
2kviews
Buffer Overflows - Memory Addresses
Alright, I've been looking into buffer overflows lately out of curiosity. What I don't understand is when you develop the exploit with a virtual machine or whatever, you find the memory address to ...
- 53
14votes
2answers
4kviews
Viewing the stack
I recently started learning about buffer overflows and how they work. Someone shared a binary to practice on (in a vm, don't worry). I've been feeding strings to the socket that the binary opens, and ...
- 278
2votes
0answers
136views
Mobile processors with hardware support for efficient bounds checking
Are there any mobile or embedded processors that provide hardware support for efficient bounds checking? Intel's newest x86 processors provide MPX, which enables compilers to add automatic bounds ...
- 100k
5votes
4answers
11kviews
Is this integer overflow vulnerability exploitable?
Is this integer overflow exploitable and if the answer is yes, how can i exploit it? char buffer[20]; int len = atoi(argv[1]); if(len < 20) memcpy(buffer,argv[2],len); If I set len to -1 the ...
- 159
0votes
3answers
382views
What is the future of exploitations? [closed]
With the advent of "Safe" languages like Rust, the prevalence of Software Correctness, and improved type checking in existing systems, memory based exploits are very hard if not possible at all, to ...
- 11
