buffer overflow – Page 2 – WindowsTechs.com

Problem overiding the return address when performing a buffer overflow, what am I missing?

Posted on June 6, 2024 by Salviati

Playing around with probably the most basic buffer overflow attack there is on my raspberry pi, looks like this
#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[]) {
char buf[256];
strcpy(buf, argv[… Continue reading Problem overiding the return address when performing a buffer overflow, what am I missing?→

Can’t print hexadecimal formatted address in buffer overflow

Posted on April 30, 2024 by CJG

I’m trying to overwrite the return address caused by a buffer overflow. I’ve already calculated the distance between the buffer and the return address. The address that I want to jump to is 0x00005555555314 but every time I try to use \x14… Continue reading Can’t print hexadecimal formatted address in buffer overflow→

Simple Buffer Overflow (Function Call) Problem

Posted on April 14, 2024 by FreezeLuiz

I’m trying to develop a simple buffer overflow CTF challenge inspired by the "Csaw 2016 Quals Warmup" challenge, here. I’ve managed to replicate the source code:
#include <stdio.h>
#include <stdlib.h>

int easy(){
s… Continue reading Simple Buffer Overflow (Function Call) Problem→

push /bin/sh to get a shell

Posted on March 20, 2024 by tpau

I usually use a different method to push /bin/sh in rdi to get a shell, but I wanted to try this one :
Put in case that I can control the RIP and there are no limitations or filters. So I can execute the assembly code as I want.
mov rax, … Continue reading push /bin/sh to get a shell→

No jmp rsp gadget in buffer overflow

Posted on March 20, 2024 by tpau

I have found the padding payload to gain a buffer overflow. Now I need to execute the shellcode. I’m looking for a jmp rsp gadget but I haven’t found it. Can I directly put the rsp address manually or should I combine other gadgets (ASLR d… Continue reading No jmp rsp gadget in buffer overflow→

How to return to main after performing stack buffer overflow

Posted on March 16, 2024 by user88178

#include <stdio.h>
#include <stdlib.h>

void reading();
void reading_hexa(char*);
void secret();

int main()
{
reading();
printf("Input done\n");
exit(0);
}

void reading() {
char buf[16];
reading_… Continue reading How to return to main after performing stack buffer overflow→

why does my shellcode segfault assembly x86-64bit? [migrated]

Posted on February 12, 2024 by Marius Romeiser

When I compile my shellcode and run it, Strace does not show an error.
When I use my shellcode tester, I get a segmentation fault. I don’t know why, maybe there’s a smarter guy than me who can help me solve the problem I’ve been having for… Continue reading why does my shellcode segfault assembly x86-64bit? [migrated]→

How to properly pack address into bytes to overwrite EIP register

Posted on December 5, 2023 by Jay

I’m learning how to exploit a tiny web server based on a well written post here: https://blog.coffinsec.com/2017/11/10/tiny-web-server-buffer-overflow-discovery-and-poc.html
I am very close to successfully exploiting it, but I am stuck on … Continue reading How to properly pack address into bytes to overwrite EIP register→

Leaking a got entry using puts function

Posted on November 13, 2023 by Simone Aiello

I have a 64-bit compiled binary with NX enabled, PIE and Canaries disabled and RELRO set to partial and I want to leak the address of the puts function via the GOT table.
The output of objdump -D on the binary is the following
000000000040… Continue reading Leaking a got entry using puts function→

Problem exploiting buffer overflow

Posted on November 13, 2023 by Jan

I have the following program in C:
#include <stdio.h>
#include <string.h>

void some_function(char * name) {
char buf[128];
strcpy(buf, "The next step is… ");
strcat(buf, name);
strcat(buf, "."… Continue reading Problem exploiting buffer overflow→