All Questions
10 questions
0
votes
0
answers
113
views
How do I prevent the random alignment of the instructions during debugging using gdb? Even tried turning off the optimization with -O0 in gcc
I have started with the book 'Hacking: The art of exploitation!'. I know some of you might suggest that it's pretty old... But I think great buildings withstand due to their strong foundational base. ...
20
votes
6
answers
10k
views
Do high level languages allow for buffer / heap overflow?
I'm learning about basic x86 overflows in C but normally I code with Python. Is there anyway that programs written in higher level languages can suffer from buffer/heap overflow?
- 235
1
vote
0
answers
971
views
Buffer bomb level 3 - Prevent stack corruption
I am trying to complete level 3 of buffer bomb lab. The task is to supply an exploit string that will cause getbuf to return my cookie (0x4b64b076) back to test, rather than the value 1. The exploit ...
- 111
0
votes
2
answers
556
views
In Return-Oriented Programming how can the machine execute unaligned instructions?
I am reading "The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)".
The author claims that x86 code is like English written without punctuation or spaces, ...
- 120
1
vote
3
answers
4k
views
If x86 architecture has overflow flag in the CPU, then why can't we use it to detect integer overflows in C binaries? [closed]
I'm talking about the overflow flag that is used in some architectures like x86:
https://en.wikipedia.org/wiki/Overflow_flag
why aren't operating systems using this overflow flag to stop integer ...
- 410
7
votes
1
answer
8k
views
Why does my x86 shellcode test program segfault?
I am trying to learn how to create shellcode, my goal is to call execve(). I wrote the code in assembly and it works perfectly, there are no null-bytes or absolute addressing methods. The code works ...
- 79
7
votes
2
answers
7k
views
How to exploit variable's value
I'm trying to exploit a binary file which I have access to the source code.
int flag = 0;
int main() {
char buf[0x50];
puts("Who are you? ");
printf("> ");
fgets(buf, 0x50, stdin);...
- 119
10
votes
2
answers
1k
views
Are memcpy() based race conditions exploitable for causing remote code execution?
Let’s say I have the following pseudocode in the trusted part of a sandbox which prevent untrusted code calling mprotect() and mmap() and ptrace() directly (mutext isn’t accessible from sandboxed ...
- 1,492
4
votes
2
answers
647
views
Is dereferencing a null pointer in C a security risk if the program isn’t a daemon, but a small script lauched as a separate process for each request?
The following code is part of a program that is spawned at every request by the nginx’s ruby on rails script :
static void time_t_to_dos_time(time_t user_supplied_time_t, int *dos_date, int *dos_time)...
- 1,492
0
votes
0
answers
570
views
Stack buffer overflow: Is compiler changing variables order, preventing me to overwrite EIP properly?
I am learning about stack buffer overflow. A little info about my target: A x86 little endian intel-based computer, with a target compiled with TCC Compiler with no protections of any kind running on ...
