stack overflow – Page 7 – WindowsTechs.com

Overflowing the buffer yet not jumping to address

Posted on July 5, 2018 by Nikolay Atanasov

I am a beginner at buffer overflows been studying this subject from a few days and i found this exercise (code from: here)

I think understand the basic concept i write more than 64 bytes characters and the gets function over… Continue reading Overflowing the buffer yet not jumping to address→

Smashing stack in x86_64

Posted on June 19, 2018 by Andy

Exploiting functions like strcpy() relies on the fact that the payload string must not contain zero bytes that would terminate the copy function. If the payload contains x86_64 addresses (e.g. in order to overwrite a return a… Continue reading Smashing stack in x86_64→

Stack around the variable is corrupted problem

Posted on May 31, 2018 by kst

My cpp program is very simple.
My char buffer array is of size 500.
I copy data from the argument to that array by strcpy.
I compile my program with Visual Studio 2008 Express Edition without GS(stack protection).
When I run … Continue reading Stack around the variable is corrupted problem→

How does gcc compiler guard stack for stack overflow?

Posted on May 25, 2018 by kst

When we compile c program with gcc, we have to inlude “-z execstack” option to enable stack overflow attack.
The question I want to ask is how does gcc implement this .
Without this option, how does gcc guard the stack?
Plea… Continue reading How does gcc compiler guard stack for stack overflow?→

Why do we need to remove null bytes from shell code?

Posted on April 30, 2018 by John Smith

I’m studying the basics of making shell codes. I have a question about it.

In my textbook, the author stores his shell code in an environment variable, and injects the address of it using strcpy() in a program.
When he mak… Continue reading Why do we need to remove null bytes from shell code?→

Buffer Overflow Stack Attack Exercise Help

Posted on April 28, 2018 by Joe Hopper

So I am trying to complete a buffer overflow exercise. The code I am trying to exploit is below. What I want to be able to do is to insert my own print statement through the overflow attack. What I would like to do, is to run… Continue reading Buffer Overflow Stack Attack Exercise Help→

Overwriting return address — why not just save a copy?

Posted on April 8, 2018 by ineedahero

In order to prevent stack buffer overflow attacks that overwrite the return address, why not just save a copy of the return address at the start of a function, and then load it back at the end?

push ebp
mov ebp, esp
sub esp,… Continue reading Overwriting return address — why not just save a copy?→

How do I bypass a return address overwrite not doing anything?

Posted on March 24, 2018 by Gabriel Reyes

This is main:

(gdb) disass main

Dump of assembler code for function main:
0x000000000040057c <+0>: push rbp
0x000000000040057d <+1>: mov rbp,rsp
0x0000000000400580 <+4>: sub rsp,0x40
0x00000000004005… Continue reading How do I bypass a return address overwrite not doing anything?→

C – Simple Buffer Overflow Exploitation, how is the EIP overwritten in different type calling functions?

Posted on March 21, 2018 by Kevin Ren

General Background:
I have written an echo server trying to implement an example of BoF in C that utilizes a strcpy() function call like such:

// …. including the corresponding libraries depending on host environment

#in… Continue reading C – Simple Buffer Overflow Exploitation, how is the EIP overwritten in different type calling functions?→

Protostar final0 shellcode exploit and padding order

Posted on February 20, 2018 by pascalao

I wrote an exploit for the exercise final0 of the protostar VM.
But I am a little bit confused about the order of the shellcode, padding, nops and return address.

When I use the following code (python) to exploit the final0… Continue reading Protostar final0 shellcode exploit and padding order→