Skip to main content
Reverse Engineering

Questions tagged [buffer-overflow]

Ask Question

A classical programming bug that may lead to a possible security flaw in software. Exploitation of this bug is usually taking place either in the stack or in the heap.

103 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
1 vote
1 answer
228 views

I'm trying to exploit a buffer overflow vulnerability in an ARM64 program from this blog. When I give as input 100*'A', and I compile the program for ARM 32 bit (without canaries), the program crashes ...
alond22's user avatar
  • 113
4 votes
1 answer
175 views

I found a couple of interesting integer underflows leading to memcpy() wild copies in a TLV parser process of some random IoT firmware. It is 32-bit ARMv7. I'm able to emulate the userspace process ...
Attila Szász's user avatar
  • 61
2 votes
0 answers
86 views

I'm attempting to do a buffer overflow with gets(). I've figured out how to write over the return address and I'm able to do so, however, I cannot write in the address I need because the 0x7F at the ...
user42774's user avatar
  • 21
3 votes
0 answers
172 views

I am new to buffer overflows and I was trying to overwrite the saved RIP to point to a buffer containing a shellcode. The buffer is located onto the stack so its address is randomized. How can I leak ...
Jacob's user avatar
  • 51
3 votes
0 answers
55 views

I have stackoverflow in MIPS arch (without ASLR/canary) In Ida I see that the buffer that has the overflow located in SP+200 In the beginning if function I can see the stack size because I see the ...
Kokomelom's user avatar
  • 291
1 vote
1 answer
2k views

I was reading this article by Hackers Grimoire on Windows buffer overflow attacks. The article made sense, except for the part where the author searched for a DLL (.dll) file which contained a JMP ESP ...
securityauditor's user avatar
  • 195
0 votes
0 answers
783 views

I work on a online program in which I should do a buffer Overflow. When I run the program, I have to complete a sum of two numbers generated randomly) : >>> 451389913 + 1587598959 = If I put ...
Julien's user avatar
  • 101
0 votes
1 answer
5k views

I'm an absolute newbie when it comes to all this side of reverse engineering. Each time I try and understand it, I get lost almost immediately. I am trying a lab. I open it up in Binary Ninja. I get ...
pee2pee's user avatar
  • 221
0 votes
1 answer
447 views

I am trying to exploit this program test with ret2libc. Only NX is enabled. #include <stdio.h> void vuln() { char buffer[256]; gets(buffer); } int main() { vuln(); return 0; } ...
Mr Krisey's user avatar
  • 33
1 vote
0 answers
200 views

#include<stdio.h> #include<stdint.h> char shellcode[] = "\xb8\x3c\x00\x00\x00" "\xbf\x14\x00\x00\x00" "\x0f\x05"; int ...
user8166560's user avatar
  • 11
0 votes
1 answer
98 views

Full disclosure: I am seeking help to complete a college assignment. I am seeking help on steps where I am stuck and unable to move forward, not a ready made answer. I need to exploit it to get a ...
Sid Swamy's user avatar
  • 1
0 votes
1 answer
1k views

I am working with a binary that involves a buffer overflow on two contiguous memory blocks allocated with malloc. The binary filles up the first buffer with whatever the user inputs and hardcodes the ...
Ronald Rivera's user avatar
  • 5
2 votes
2 answers
515 views

In the sourcecode i can clearly see that the Array called "buf" is 32 byte long since 1 char = 1 byte I assume that the array starts at the address [rbp-0x30] and the argv[ ] is stored in ...
Fluctuation23's user avatar
  • 51
1 vote
1 answer
218 views

In Ida pseudo-code when I press at stack's variable I can see the place of this variable in stack. char buffer[XXX]; // [sp+YYh] How can I get that information (buffer size and place of this buffer ...
func's user avatar
  • 43
0 votes
1 answer
236 views

I was wondering if there is some way to get information about buffer size via reversing the binary, created in C language. can we also know how many buffers we have created while writing that script. ...
lucky thandel's user avatar
  • 143
1 vote
1 answer
910 views

I'm working inside a Warzone VM with no ALSR or NX bit. The program I'm trying to exploit is really simple: #include <stdlib.h> #include <stdio.h> #include <string.h> /* * compiled ...
smbullet's user avatar
  • 113
1 vote
0 answers
186 views

I have a question, I have a device that i can perform on it buffer overflow. The problem is that is that there is an ASLR(on all addresses in /proc/binary/maps, but not on the binary itself, but all ...
Logan's user avatar
  • 71
0 votes
0 answers
60 views

I have buffer overflow in a program i check(it is an array of pointers, and i can overflow the data in the first pointer), but the data i can write is not on the stack, it is on a space the system ...
Raien land's user avatar
  • 1
1 vote
2 answers
750 views

This video https://youtube.com/watch?v=4HxUmbOcN6Y presents how modern compilers protect stack overflows with stack cookies and function __stack_chk_fail. How can one identify if a binary has stack ...
wfj96649BcaooCom's user avatar
  • 49
0 votes
1 answer
93 views

I'm learning on how to cause a buffer overflow. My victim program has to read input from a file encoded with UTF-16, 2-bytes by 2-bytes, and I want to overrun the EBP with an address like 0x0012F468. ...
Thành Vũ's user avatar
  • 63
1 vote
2 answers
2k views

I am facing problem in finding bad characters because the hex codes are being replaced with \x3F & some other codes. Here I have all the 256 hex chars from \x01 to \xFF and as you can see many of ...
Mukesh's user avatar
  • 121
0 votes
0 answers
132 views

I want to do a buffer overflow exploit in the stack. For this i read in data via the "gets"-function. void ExploitMe() { char buffer[256]; gets(buffer); } I compile this file with gcc test.c -...
AndiYo's user avatar
  • 49
3 votes
1 answer
5k views

I using following C code for testing stack based simple buffer overflow #include<stdio.h> #include<string.h> void copier(char *arg){ char buffer[100]; strcpy(buffer,arg); } int ...
mapper2496's user avatar
  • 35
1 vote
0 answers
849 views

I wrote this short C program to practice buffer overflow exploits: #include <stdio.h> #include <string.h> #include <stddef.h> #include <inttypes.h> char *decode(char *s){ ...
corporateWhore's user avatar
  • 143
1 vote
0 answers
252 views

So I have this sample problem that I need to buffer overflow. Its an elf file that require to be run on a separate terminal then using "nc localhost 'port' " on a separate terminal we can see the ...
Omar Elgafri's user avatar
  • 11

1
2 3