Questions tagged [buffer-overflow]

Usually occurs when you attempt to copy data into a buffer without checking for sufficient space, causing data to be overwritten in neighboring cells.

0
votes
0answers
60 views

Innocent input breaks buffer overflow exploit?

Below is a simple program, vulnerable to buffer overflow; it is as similar as I could make it to a bigger (CTF) program I was working on and I "extracted" (re-wrote) only that piece where the bug lies....
0
votes
2answers
26 views

Buffer Overflow Test on Fedora 32-bit not changing $eip register value

I am trying to perform a simple buffer overflow on 32-bit Fedora, but the eip register value is not changing My C code is as follows : #include <string.h> int main(int argc, char ** argv){ ...
-1
votes
0answers
10 views

As a software programmer, how protect my software against Buffer Overflow attacks?

As a software programmer, how to protect my software against Buffer Overflow attacks? (in general, no specific programming language)
-2
votes
1answer
54 views

Bufferoverflow, snprintf instead char resizes? [duplicate]

I have a hard time to understand why the below code is not resulting in a bufferoverflow and instead some how seems to resize the char example from 1 to 16. I checked the snprintf documentation but ...
1
vote
1answer
42 views

Why is the following code susceptible to heap overflow attack

I'm new to cyber security, and I am trying to understand why the following code is susceptible to a heap overflow attack... struct data { char name[128]; }; struct fp { int (*fp)(); }; void ...
-1
votes
0answers
8 views

Find the number of clerks in a bank M/M/m/B queues

A bank manager should determine how many clerks should work on Fridays. For each minute that a customer awaits in the queue, the bank falls into a loss of 0,05 euros. Customers arrive at a rate of two ...
4
votes
1answer
72 views

How to exploit a buffer overflow to execute instructions on the stack

I'm starting to tinker with buffer overflows, and wrote the following program: #include <unistd.h> void g() { execve("/bin/sh", NULL, NULL); } void f() { long *return_address; char ...
1
vote
1answer
27 views

Python cannot find substring that I can see in EIP overflow

I have a script that I am using to automate and understand application fuzzing. I am running vulnserver and fuzzing to find the point at which the stack is overflowed and then generate a unique string ...
0
votes
0answers
35 views

How to fix “Single step event at ntdll.774A01E8” in Immunity debugger?

I'm trying to practice stack-based buffer overflow for Windows exploit development. I'm using Windows 7 64 bit virtual machine and Immunity debugger. Tutorials use Windows XP but I'm using win 7. The ...
0
votes
0answers
38 views

Shellcode successfully executes /bin/sh but immediately terminates

I'm trying to solve a very simple exploiting challenge as exercise. It is about injecting shellcode via buffer overflow, there is no ASLR and the stack is executable. The payload I send is the ...
0
votes
0answers
38 views

exploit development issues with nops

I am doing corelan course , but I am stuck at tutorial #2 push ret I am trying to overwrite my eip with my push esp ret to lauch my shellcode in this case a calc.exe , but it always overwrite with the ...
0
votes
0answers
51 views

Buffer Overflow not spawing shell?

Note: This is only for educational purposes. Below is the exploit elements. Script: #include <stdio.h> #include <string.h> int main(int argc, char *argv[]){ char buf[500]; ...
0
votes
1answer
31 views

certain parts of injected string are missing on stack frame

I'm trying return-to-libc exploit on simple program. I've managed to locate stack address where input string is stored, and locations of libc functions and build my payload base on it. [padding(252-...
0
votes
0answers
214 views

How to approach a Buffer Overflow problem with a limited string scanf and hashing?

PRE: There is only one similar question to this here with a different hashing algorithm and changed array sizes but that did not answer some questions in my head and post is from 2016. The problem is ...
0
votes
2answers
36 views

What is the difference between stack buffer overflow, stack underflow and stack overflow?

My teacher from data structures mentioned it during our lectures today when studying stack, but didn't give proper explanation to it.
0
votes
1answer
70 views

Buffer Overflow, modified Seedlab question?

In this Lab, I have exploit.c, stack.c and call_shellcode.c. Stack.c has been modifed so it prints out the buffer address and ebp address. I am running this on Virtual Machine, ubuntu 12.04 32 bit. ...
-3
votes
0answers
42 views

“Buffer Overflow - Array Index Out of Bounds” when arrays sizes are correctly managed

I'm getting "Buffer Overflow - Array Index Out of Bounds" for the following code : typedef struct { char apn[100 + 1]; char user[22 + 1]; char pass[22 + 1]; } GprsParam_t; typedef ...
0
votes
0answers
40 views

Buffer overflow attack, executing an uncalled function

So, I'm trying to exploit this program that has a buffer overflow vulnerability to get/return a secret behind a locked .txt (read_secret()). vulnerable.c //no edits here #include <stdlib.h&...
1
vote
0answers
85 views

Buffer overflow attack, getting password from locked text file

So, I'm trying to exploit this program that has a buffer overflow vulnerability to get/return a password behind a locked .txt contains the password. I shouldn't need to use GDB for this. vuln.c //no ...
0
votes
0answers
12 views

How to make ROP gadget for shell to work?

I have the below ROP gaget to execv shell. from struct import pack p ="\x90"+"a"*71 p += pack('<Q', 0x0000000000001b96+0x007ffff79e4000) # pop rdx ; ret p += pack('<Q', 0x00000000003eb1a0+...
0
votes
1answer
39 views

Serial port sysbuffer outSize exceeds the value specified through fconfigure

If I open a serial port: % set serial_com6 [open com6 r+] file1a21465b4a0 and set set its outSize and inSize through % fconfigure $serial_com6 -sysbuffer {512 512} so far things seem ok: % ...
0
votes
0answers
9 views

How to execve an halt program?

I'm trying an exploit where I'm creating a ROP gadget for halting the system. I need to execve halt program which shuts down the system. What are the arguments do I need to pass for execve to run that?...
0
votes
1answer
108 views

Yolo training on google colab crashes with error buffer over flow

I am trying to train a standard unmodified model using yolov3-tiny.cfg . I am using Google Colab because i can't afford a good GPU to train my data on. I am training on 2 classes. and this error ...
0
votes
0answers
17 views

*** buffer overflow detected ***: When Launching External Process From Tomcat

I'm trying to launch an external C-based program from a Tomcat webapp. I'm running Tomcat 8.5.38 on Ubuntu Server 18.04.1 LTS with openjdk-8-jre-headless. I can launch the program successfully from ...
0
votes
0answers
51 views

Why doesn't buffer overflow work with a x64 cpu? [duplicate]

So I've been learning basics of hacking by the book Hacking: The Art of Exploitation, 2nd Edn by Jon Erickson (2008), since I wanna be a penetration tester in future. This book is great. Still there ...
0
votes
1answer
32 views

Getting “buffer overflow detected” when trying to run NVIDIA FleX

I have been using Singularity 2.6 for a while and recently upgraded my Singularity to 3.0 (I cannot upgrade to 3.0.3 for technical reasons). Using Singularity 3.0 I build my new container with the ...
0
votes
0answers
40 views

Any idea how to disable the NX bit in Ubuntu?

I know that Linux provides default implementation of the NX (Non- Executable Bit) to prevent buffer overflow attacks, You can also check the status of the bit by: dmesg | grep NX But how do you ...
1
vote
0answers
16 views

How to bypass stack guard

The root owns the following program, and all other user can execute it: vulnerable.c I want to modify the following program(exploit.c) to bypass the stack guard: #include <stdlib.h> #define ...
0
votes
1answer
74 views

How to get privilege escalation using a vulnerable program with root privilege?

I am trying to exploit privilege escalation for a vulnerable program with root privilege. I tried a shell code for that but I do not know where I am making a mistake. #include <stdio.h> #...
0
votes
0answers
41 views

How to prevent strings to read CTF flags in C

I am creating a simple CTF in buffer overflow below is the sample code: #include <stdio.h> void secretFunction() { printf("this is your flag!\n"); } void echo() { char buffer[20]; ...
0
votes
1answer
18 views

PC register changes supplied value

I'm new to buffer overflows and although I believe I get the process, I feel that something is wrong here. I am studying from a book about exploitation and in the example, there is a simple buffer ...
1
vote
1answer
44 views

Return address in stack before function call: To which segment points the return address?

I am currently learning on buffer overflow attacks. I understand that the idea is to overwrite the return address. The return address points to the statement that follows the function call. What I ...
2
votes
0answers
54 views

Python: Capture stdout of crashed program via subprocess

I have a simple C program that asks for input and echoes it back, so essentially a gets and then a printf. I want to call this program through Python subprocess and capture the output - even when the ...
-1
votes
1answer
47 views

How do I send raw bytes interactively for a buffer overflow exploit?

I am trying, as part of an exercise, to exploit a simple program by overwriting a value of a variable though a buffer overflow. I am pretty sure I have the idea behind the exploit figured out, but ...
1
vote
1answer
84 views

Buffer Overflow - unexpected values inserted

I'm trying to use buffer overflow to overwrite two local variables, so that I can call the hidden function. Here is the C code. #include <stdio.h> #include <stdlib.h> static void ...
0
votes
0answers
72 views

ROP Buffer Overflow Exercise Issues

I'm doing this buffer overflow exercise and I can't seem to get it to work... Under the Calling Arguments section of the article he exploits this program to use the variable not_used instead of /bin/...
2
votes
1answer
110 views

The Shellcode to open Calc.exe too long and complex, can't understand! My first exploit program

I wrote my first exploit program on Windows XP OS using the shellcode i foung on the web. It opens the calculator and the overall program works successfully. However, even though i did not write the ...
0
votes
1answer
112 views

Exploit BOF in c?

void main(int argc, char **argv) { char buffer[517]; FILE *badfile; /* Initialize buffer with 0x90 (NOP instruction) */ memset(&buffer, 0x90, 517); *((long *) (buffer + 36)) =...
0
votes
2answers
46 views

Buffer overflow - set relevant text to be printed

#include <unistd.h> char shellcode[] ="???"; int main(int argc, char* argv[]) { int* ret; ret = (int*) &ret + 2; (*ret) = (int) shellcode; } I have to change shellCode ...
1
vote
2answers
53 views

Executable vs NX stack in BOF?

I'm reading about BOF(buffer overflow) attack, one way to prevent it is by making stack or heap non executable. But that doesn't mean that we can't have a local variable. I did't see a new behavior by ...
0
votes
0answers
51 views

ELF-64 corrupted interpreter, what are the possible causes? (seems like an overflow issue)

I have an ELF-64 executable that says "No such file or directory" when executed. Then I proceeded to using the command file <filename> to see what's wrong and indeed the interpreter looks like ...
0
votes
1answer
34 views

How can author know the address of the enviroment variable with %100 certanity?

In the book of Art of Exploitation, at page 165, it is claimed that However, how can it be that in this adress 0xbffffffa be fixed ? I mean, the way author expresses himself suggests that this a ...
0
votes
1answer
81 views

ARM: ROP chain: Stack overflow fails on specific address

I am trying to exploit a slightly modified roplevel3 from Billy Ellis' Exploit-Challenges. However, overflowing the stack does not work using the address of the global variable internal_mode (...
0
votes
2answers
162 views

What is the vulnerability in this C code?

I'm trying to understand buffer overflow attacks better, this is one of the exercises that came up, that has a buffer overflow vulnerability. I would like to know how one can exploit the vulnerability ...
1
vote
0answers
16 views

Is it possible to crash entire computer from a buffer overflow by overwriting entire stack?

Is it possible to crash the computer by an extremely long buffer overflow? This is more to understand the mechanics of the overflow than the actual consequences. Lets say I run a program without any ...
-1
votes
1answer
71 views

Evaluating the offset of Return-Address [duplicate]

I'm trying to retrieve the offset of the Ret Address during a simple buffer overflow by using a cyclic pattern created in gdb-peda. I would expect a sigsegv on the return to callee frame, but I got it ...
0
votes
1answer
21 views

The address of an environment variable changes every time it is checked

I'm trying to learn how to use buffer overflow to change the address in esp to run a shell code; and I've defined a environment variable called "SHELLCODE" to store execution of the shell code, but ...
0
votes
0answers
146 views

Generate payload with msfvenom for C/C++ program which input is stdin (buffer overflow)

I'm trying to generate shellcode for my C/C++ program to exploit a buffer overflow vulnerability, my code is as follows: #include <stdio.h> #include <unistd.h> #include <stdlib.h> #...
0
votes
1answer
65 views

C - Getting Invalid Characters After Reading a File and Printing to a File, -maybe- Buffer Overflow

I have a file with names, surnames, ids, and e-mails which is in a random order. I have to organize these datas, write to structures and to an output file as organized. There may be more than one name ...
0
votes
0answers
20 views

Why does this program allocate more space on the stack than required?

I am currently playing the picoCTF 2018 challenges. Level "buffer overflow 1" gives you the followng source code: #include <stdio.h> #include <stdlib.h> #include <string.h> #include ...

http://mssss.yulina-kosm.ru