ASLR – Page 2 – WindowsTechs.com

How to exploit with Control over return address and knowing the address of printf

Posted on June 14, 2021 by Fluctuation10111

I have this program that uses ASLR and it leaks information when i overflow a buffer, namely the address of printf. Furthermore i can overwrite the return address. How can i use this to spawn a shell? My approach would have been to calcul… Continue reading How to exploit with Control over return address and knowing the address of printf→

Fixed offset in linux ASLR?

Posted on May 13, 2021 by user257164

I just printed function addresses and offset between two functions, but the offset is fixed whenever the program is executed (base address is only changed).
Code (test.c)
#include <stdio.h>
#include <stdint.h>

void func() {
… Continue reading Fixed offset in linux ASLR?→

Serious Security: The Linux kernel bugs that surfaced after 15 years

Posted on March 17, 2021 by Paul Ducklin

Anyone could have found these bugs, but everyone assumed someone would, and in the end, no one did. (Until now.) Continue reading Serious Security: The Linux kernel bugs that surfaced after 15 years→

Does recompiling a binary from source code make it more secure/obscure?

Posted on March 4, 2021 by plsrespond

Using standard hardening options like PIC, Stack Protection …
does a mere recompilation make a program more secure against attacks?
You have the source code of a program, compile it two times with the same options. One of the binaries yo… Continue reading Does recompiling a binary from source code make it more secure/obscure?→

Buffer overflow outside gdb

Posted on February 10, 2021 by Abhirup Bakshi

I’m trying to exploit a basic C program (below) which I’ve written:
#include <stdio.h>
#include <string.h>

void main()
{
char ch[10];
scanf("%s", ch);
if(strcmp("1235", ch))
printf("\nA… Continue reading Buffer overflow outside gdb→

Is a single infoleak enough to break ASLR if you don’t have access to the binary?

Posted on February 8, 2021 by aslr

With a single infoleak and access to the binary you can calculate the other addresses. Is this still possible when you don’t have access to the binary?

Continue reading Is a single infoleak enough to break ASLR if you don’t have access to the binary?→

ROP on MIPS Doesn’t Land Where Calculated

Posted on November 18, 2020 by joshu

I am working on exploiting an application on MIPS to further my knowledge of ROP chaining. The library I am trying to build a ROP chain is libuClibc-0.9.30.3.so. I found a gadget that I want to use using Ropper. The offset is marked to be,… Continue reading ROP on MIPS Doesn’t Land Where Calculated→

How does ASLR work if in the assembly code the addresses are the same

Posted on October 27, 2020 by for the

Let’s say I have this piece of code that changes the 10 address to the value 20 and the following one to 30
mov ebx,10
mov [ebx],20
add ebx,1
mov ebx,30

How can the address change each time it is executed?
is it require change that the c… Continue reading How does ASLR work if in the assembly code the addresses are the same→

BlindSide: Intel/AMD Speculation Bugs Under Microscope Again

Posted on September 15, 2020 by Richi Jennings

Researchers have published frightening details on what they’re calling BlindSide, which relies on co-opting our old friend speculative execution.
The post BlindSide: Intel/AMD Speculation Bugs Under Microscope Again appeared first on Security Boulevar… Continue reading BlindSide: Intel/AMD Speculation Bugs Under Microscope Again→

Is it safe to use non-ASLR DLL in an enabled ASLR EXE

Posted on September 9, 2020 by whiteberryapps

Is it safe to use non-ASLR DLL in an enabled ASLR EXE?
Would the DLL be loaded to and will use random addressed, or should all the dependencies enable ASLR?
In addition, what about other security mechanisms such as DEP and SHE?

Continue reading Is it safe to use non-ASLR DLL in an enabled ASLR EXE→