Stack Overflow
Stack Overflow

Questions tagged [exploit]

An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch, or vulnerability in order to cause unintended or unanticipated behavior to occur. This frequently includes such things as gaining control of a computer system, allowing privilege escalation, or a denial of service attack.

790 questions
2
votes
1 answer

How to find the address of a not imported libc function when ASLR is on?

I have a 32bit elf program that I have to exploit remotely (for academic purposes). The final goal is to spawn a shell. I have a stack that I can fill with any data I want and I can abuse one of the printf format strings. The only problem is that…
Bálint Juhász
  • 304
  • 1
  • 16
2
votes
1 answer

String format exploit: set negative value = "-1" use %n

I'm trying to set the value of a variable using Format String exploit. I was able to change the variable by the value of the length of the string using the modifier %n. code #include #include int main(int argc, char *argv[]){ …
NK99Dev
  • 61
  • 7
2
votes
1 answer

How to generate payload with python for buffer overflow?

I'm trying to provoke a buffer overflow in order to execute a function on C code. So far I already managed to find out what is the number of bytes to take over EBP register. The only thing next is to substitute the address of EIP to the function I…
fish202
  • 65
  • 1
  • 2
  • 7
2
votes
2 answers

How can I exploit a buffer overflow?

I have a homework assignment to exploit a buffer overflow in the given program. #include #include int oopsIGotToTheBadFunction(void) { printf("Gotcha!\n"); exit(0); } int goodFunctionUserInput(void) { …
Kaoteni
  • 49
  • 9
2
votes
1 answer

How to set a conditional break point when a instruction is dealing with an address on a specific range?

I am doing some exploiting exercises, and I see my current exe is storing information in a specific address range. Apparently the information stored seems to be encoded, so I need to debug the procedure that stores that information. As the exe…
user8115488
  • 23
  • 2
2
votes
0 answers

POC Help - OCR exploit to run code gathered from JPEG

I have been thinking about security concerns in regards to OCR programs such as Tesseract. My theory is that malicious code printed out in plain text can be photographed and saved an image file. ( This leaves the hex and headers free from a year…
Adam Smith
  • 21
  • 1
2
votes
2 answers

How to fix GDB probable charset issue NOP 0x90 translating to 0x90c2 in memory?

I have a strange problem when working on a challenge and exploiting a executable in kali linux with gdb-peda. #>gdb -q someVulnerableBinary gdb-peda$…
Tschabadu
  • 161
  • 1
  • 8
2
votes
1 answer

Format string attack - jump to shell on x64

How to exploit printf format string vulnurability on 64 bit system with NX enabled? In this code example, what could you do to get a shell? void f(char *buf) { printf(buf); exit(0); } int main() { char buf[1024]; scanf("%1024s", buf); …
Mr M.
  • 715
  • 1
  • 8
  • 24
2
votes
1 answer

Sanitize a grabbed attribute value

I grab a href value like this: var $url = jQuery('body').find('.download a').attr('href'); How to I sanitize this value? I tried adding .text() but didn't work.
Henrik Petterson
  • 6,862
  • 20
  • 71
  • 155
2
votes
1 answer

Insecure dependency in printf while running setgid

As part of my security class we had to exploit a number of vulnerabilities in a less secure version of ubuntu. I solved all the challenges, however I came across one problem which I am hoping someone can shed some light on. Each challenge was a…
bboe
  • 4,092
  • 3
  • 29
  • 39
2
votes
1 answer

Segmentation fault on buffer buffer overflow

I tried to learn how buffer overflow works and I did some exercises from exploit-exercises.com. I tried to solve Protostar Stack 5 problem. The code is writen in C. Here is the code: #include #include #include…
AlbertusFar
  • 145
  • 3
  • 10
2
votes
4 answers

Preventing exploits in Drupal

Is there a good resource or list of known fixes for exploits in Drupal (including common modules) that I can use to close up holes in my sites? I'm using 6.19 on all my sites, as well as making sure that any security updates for modules are…
jsims281
  • 2,206
  • 2
  • 30
  • 57
2
votes
1 answer

exploiting mips stack based overflow (rop chain)

I'm trying to develop my first MIPS stack based exploit, using ROP chain technique with zero luck...I'm failing on the first ROP gadget and I can't figure out why. I'm following Bowcaster python framework and some blog posts I've googled. As the…
Jane Doe
  • 21
  • 5
2
votes
3 answers

Unpatched Linux Kernel Vulnerabilities

I recently found out that there are several vulnerabilities in the linux kernel that allow for privilege escalation, that have not been patched yet in the major distributions, and have public exploits on the usual sources. For example, I could get…
Jeroen Ooms
  • 31,998
  • 35
  • 134
  • 207
2
votes
1 answer

Strncat copied to the destination with an offset

So am trying to disassemble this simple c program on strncat , #include int main(int argc, char **argv) { char buf[128]; strncat(buf,argv[1],sizeof(buf)); } After disassembling it So the thing is the string in argv1…
Dhayalan Pro
  • 579
  • 1
  • 5
  • 20
1 2 3
52 53