Questions tagged [buffer-overflow]
A buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory.
513 questions
0
votes
0
answers
667
views
Shell does not execute after buffer overflow
I am trying to do a buffer overflow on 64-bit Kali VM. When I execute the program and inject the NOP sled + shellcode + return address, the shell does not execute. I think it might have something to ...
- 1
4
votes
2
answers
347
views
Instruction Overwrites with Garbage?
I am practicing a function return address overwriting exploit. However, the program instruction pointer instead gets overwritten by gibberish. I have tried compiling with -fno-builtin and -fno-...
- 2,032
2
votes
1
answer
881
views
How can hackers find buffer overflow without source code?
I am a student in networking, we learn cybersecurity, but we don't learn buffer overflow vulnerabilities in depth, I understand how it works, but I don't understand how an hacker can detect this ...
- 55
5
votes
1
answer
15k
views
How to do string buffer overflow with scanf function?
I'm new to buffer overflow exploitation. I've written a simple C program which will ask the user to input a string (as a password) and match that string with "1235". If matched then it will ...
- 197
0
votes
2
answers
204
views
Working code examples for stack or heap buffer overflows?
I understand how this exploits work on the theoretical level, but I can't find detailed worked tutorials that show for example how to overwrite the return adress in the stack when overflowing a given ...
- 29
-1
votes
1
answer
2k
views
Doing buffer overflow attack without knowing buffer size and address
I was trying to solve SEED security lab regarding buffer overflow attack but in that exercise we get buffer address and ebp and thus offset of it. so we are able to guess where the return address is ...
- 21
0
votes
1
answer
241
views
Does limiting size of images prevents buffer overflow?
I am writing an app that serves images to clients.
The app is written mostly in python. I store the images in AWS s3 and serve the clients them directly from there.
Am I vulnerable to buffer overflow ...
- 1
0
votes
2
answers
754
views
Basic questions about a buffer overflow attack example
People say buffer overflows are serious security bugs that can usually be exploited. Here is an artificial buffer overflow
#include <stdio.h>
int main(){
int a[3]={0,1,2};
printf("...
- 125
1
vote
1
answer
1k
views
Understanding ret2libc return address location
I recently was studying x86 buffer overflows + ret2libc attacks from https://www.ret2rop.com/2018/08/return-to-libc.html and I noticed the order is as follows:
bytes to fill buffer + address of system ...
- 13
0
votes
0
answers
1k
views
Exploit stdin to call local function in C
Note: this is extra credit for a homework assignment
I'm trying to figure out how to call win() via stdin. I assumed that the vulnerability would be exploited by a buffer overflow, but I can't even ...
- 1
1
vote
1
answer
445
views
ROP on MIPS Doesn't Land Where Calculated
I am working on exploiting an application on MIPS to further my knowledge of ROP chaining. The library I am trying to build a ROP chain is libuClibc-0.9.30.3.so. I found a gadget that I want to use ...
- 121
1
vote
0
answers
108
views
Bash - SUID Program's Child Process did not inherit Parent Process UID as EUID [duplicate]
Background
In practicing pentesting a VM on Vulnhub I encountered an issue that is quite interesting with Brainpan. After initial access with a limited shell generated from a BoF exploit on a service ...
- 375
0
votes
1
answer
858
views
How do you adjust offest and kernel stack size from an exploit?
Needless to I say I have no idea how to do this.
I'm performing a pentest and I found an exploit related the box : https://www.exploit-db.com/exploits/44298
In the exploit comments, the author said :
...
0
votes
0
answers
255
views
Where does the SP (Stack Pointer) point to when the buffer is overflown?
Let's consider a stack that grows downwards and a function that has a local variable for a buffer that takes 100 bytes of memory.
So, reading from top to bottom, it would be a 4-byte long return ...
- 101
31
votes
2
answers
9k
views
Is there any security risk in not setting a maximum password length?
I'm a listener of the podcast "Security Now" where they often claim that there are no reasons to limit the number of characters a user can use in their passwords when they create an account ...
- 420
2
votes
2
answers
684
views
Are call stack addresses predictable with all protections disabled?
I'm currently practicing buffer overflows, but there is one thing I don't understand yet. I have read this similar question. I understand that if you don't know the address of ESP you must look for an ...
- 257
7
votes
1
answer
1k
views
How can I exploit a Buffer Overflow on a Raspberry Pi 4?
I am trying to exploit a bufferoverflow on raspberry pi 4 which makes use of Cortex-A72 (ARM v8) 64-bit SoC.
The linux kernel version is v4.19 and the OS a Debian Buster compiled for the raspberry pi ...
- 71
0
votes
1
answer
543
views
Esp changes to different (incorrect) value when overwritten
I am attempting to overwrite the eip of a binary (in order to perform a ret2libc attack). The program has full relro, PIE and NX.
Here's my thought process.
First I try this, I input "C"*260 + "...
1
vote
0
answers
138
views
What is this "prepare" variable used for in this SEH based buffer overflow payload?
I am trying to understand how a SEH based buffer overflow is working and I have to write a paper about how an exploit works. I took this PoC for my paper.
junk = "\x41" * 4091
nseh = "\x61\x62"
seh ...
- 11
0
votes
1
answer
693
views
Understanding why this buffer overflow attack isn't working
I'm doing a buffer overflow challenge, and I can't understand what exactly I'm doing wrong. Through debugging, I managed to figure out how my input should look like such that I can force the program ...
- 101
1
vote
1
answer
2k
views
Cannot execute shellcode using buffer overflow
As a home exercise I'm trying to achieve buffer overflow attack by running a simple char array program that stores the input argument in the program stack and then overflowing that stack with long ...
- 113
0
votes
3
answers
1k
views
C Security Code Review
I have an interview where I am expecting to have to review some vulnerable C code and point out the vulnerability(s). I am by no means a C developer, but I do know that the common vulnerabilities are ...
- 249
1
vote
1
answer
423
views
Dealing with a large number of bad chars
I have recently discovered a Buffer Overflow vulnerability that leads to Remote Code Execution. However, due to the structure of the application assessed, a lot of so-called 'bad chars' came up. The ...
- 1,012
1
vote
0
answers
1k
views
Buffer bomb level 3 - Prevent stack corruption
I am trying to complete level 3 of buffer bomb lab. The task is to supply an exploit string that will cause getbuf to return my cookie (0x4b64b076) back to test, rather than the value 1. The exploit ...
- 111
1
vote
1
answer
1k
views
Overwrite pointer with an address
struct record {
char name[24];
char * message;
};
int main() {
puts("GOT Overwrite");
// Create the struct record
struct record student;
strcpy(student.name, "Alice");
student.message = (char *) ...
- 11