All Questions
Tagged with reverse-engineering buffer-overflow
12 questions
1
vote
0
answers
284
views
Buffer overflow on a program that only accepts arguments as input
I've got a pretty tricky flag that I have been beating my head against for a while now and would love an explanation for how something like this would be possible. I have a program that when run, ...
- 11
1
vote
1
answer
387
views
ROP on MIPS Doesn't Land Where Calculated
I am working on exploiting an application on MIPS to further my knowledge of ROP chaining. The library I am trying to build a ROP chain is libuClibc-0.9.30.3.so. I found a gadget that I want to use ...
- 121
0
votes
1
answer
595
views
Reverse engineering and buffer overflows: zero to hero [closed]
When I do CTFs, I can usually cope well with and understanding everything pretty much apart from buffer overflows, binary exploitation and reverse engineering
Almost to the point that I would ...
- 297
0
votes
1
answer
546
views
Exploiting vulnerabilities in the C code
I'm preparing for an introductory information security examination in university and this is one of the examination questions on Secure Programming.
In such questions, I would usually catch for ...
1
vote
0
answers
244
views
Limited ESP Length in Buffer Overflow Sample C Program
May I know how to increase the length of ESP on a sample c program which allows me to execute shellcode on the stack. However, as of now, the sample c program only has an ESP length of 61 thus ...
2
votes
2
answers
4k
views
Overflowing the buffer yet not jumping to address
I am a beginner at buffer overflows been studying this subject from a few days and i found this exercise (code from: here)
I think understand the basic concept i write more than 64 bytes characters ...
- 471
1
vote
2
answers
2k
views
Segmentation fault error when calling user defined function in shellcode
I am getting the segmentation fault error when I called function "target" in my shellcode.
Here's the C code of program:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#...
- 113
8
votes
1
answer
858
views
Exploitation: EIP refuse to jump to the stack although it's executable
I wrote a program in C that is exploitable to BOF.
TL;DR - My payload (NOP-sled + shellcode + return address) overrides EIP but I can't set EIP to point to the
address of my payload, although I ...
- 81
0
votes
2
answers
2k
views
Buffer Overflow: Advice on exploiting
int play() {
int a;
int b;
char buffer[010];
a = 0x41414141;
b = 0x42424242;
if (write(STDOUT_FILENO, "For a moment, nothing happened. Then, after a second or so, nothing ...
- 297
2
votes
1
answer
769
views
Interactive shell not opening
I'm performing a buffer overflow attack on a binary and I managed to get proper return address and execute my shell code. It successfully ran the shell code. But I'm not getting a shell.
When I type ...
14
votes
2
answers
4k
views
Viewing the stack
I recently started learning about buffer overflows and how they work. Someone shared a binary to practice on (in a vm, don't worry). I've been feeding strings to the socket that the binary opens, and ...
- 278
1
vote
1
answer
750
views
How can I find the size of an array just from compiled C program?
I'm playing around with buffer and heap overflow vulnerabilities, and it is all fine to exploit stuff when you have the source code and can see all the variables, their sizes and values, etc. But, ...
user20878