Stack Overflow
Stack Overflow

Questions tagged [exploit]

An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch, or vulnerability in order to cause unintended or unanticipated behavior to occur. This frequently includes such things as gaining control of a computer system, allowing privilege escalation, or a denial of service attack.

790 questions
5
votes
2 answers

Why is the heap in Go executable?

I recently read this article http://codearcana.com/posts/2012/05/06/securing-and-exploiting-go-binaries.html which claims in Go that the heap is executable. This raises a few different questions for me about the interaction between the runtime and…
Carson Harmon
  • 319
  • 1
  • 8
5
votes
1 answer

Exploit Development - GETS and Shellcode

Trying to learn more about exploit dev and building shellcodes, but ran into an issue I don't understand the reason behind. Why am I not able to run a shellcode such as execve("/bin/sh") and spawn a shell I can interact with? While on the other…
Eplox
  • 143
  • 7
5
votes
3 answers

Write a simple C arbitrary code execution exploit on ARM Cortex-M3?

I'm trying to write a proof of concept in C that demonstrates code execution from a memory buffer in the stack on an ARM Cortex-M3. This will be useful to demonstrate that using the ARM MPU correctly can prevent such an attack. I figured a quick and…
satur9nine
  • 13,927
  • 5
  • 80
  • 123
5
votes
1 answer

How can I explain the behavior of the following shellcode exploit?

This is a shellcode to exploit the bufferoverflow vulnerability. It sets the setuid(0) and spawns a shell using execve(). Below is the way I have interpreted it: xor %ebx,%ebx ; Xoring to make ebx value 0 lea 0x17(%ebx),%eax ; adds 23 to…
Vinod K
  • 1,885
  • 11
  • 35
  • 45
5
votes
1 answer

Intentional buffer overflow exploit program

I'm trying to figure out this problem for one of my comp sci classes, I've utilized every resource and still having issues, if someone could provide some insight, I'd greatly appreciate it. I have this "target" I need to execute a execve(“/bin/sh”)…
CRO
  • 53
  • 1
  • 4
5
votes
1 answer

Buffer Overflow Exploit Example

I am working through some buffer overflow exploit examples and have written a basic vulnerable C app to test with: (target and attacker is the same Kali 2 machine and have run "echo "0" > /proc/sys/kernel/randomize_va_space") #include…
TheITGuy
  • 722
  • 4
  • 15
5
votes
1 answer

Cannot access memory at address, Buffer Overflow attempt

I'm learning how to overflow the buffer. I have a hard time overwriting return address. This is vulnerable code I'm trying to exploit: (gdb) disas main Dump of assembler code for function main: 0x0804845b <+0>: push ebp 0x0804845c <+1>: …
piesku
  • 75
  • 1
  • 6
5
votes
1 answer

Bypassing Windows ASLR by determining the library address using shared pages

I am quite familiar with ASLR, but today I heard a new interesting fact about the implementation of ASLR in Windows. In order to optimize performance if process A and B load the same dll Windows will only load it once to physical memory and both…
Michael
  • 796
  • 11
  • 27
5
votes
2 answers

Testing for security vulnerabilities on web applications

A lot of companies use CMS software that updates on the regular, often they are security fixes, implying that the previous version have security vulnerabilities. But most clients never upgrade this, or even the CMS has been modified so that an…
Moak
  • 12,596
  • 27
  • 111
  • 166
5
votes
3 answers

Is it possible to overwrite %eax using buffer overflow?

I know that a program stack looks somewhat like this (from high to low): EIP | EBP | local variables But where could I find %eax, and the other general registers? Is it possible to overwrite them using a buffer overflow? Update: In the…
LonelyWebCrawler
  • 2,866
  • 4
  • 37
  • 57
5
votes
6 answers

What does int (*ret)() = (int(*)())code mean?

Here is a copy of code from shellstorm: #include /* ipaddr 192.168.1.10 (c0a8010a) port 31337 (7a69) */ #define IPADDR "\xc0\xa8\x01\x0a" #define PORT "\x7a\x69" unsigned char code[]…
user2579274
  • 279
  • 1
  • 5
  • 11
5
votes
1 answer

Buffer overflow exploit : segfault on function ret to stack code

I'm trying to exploit a buffer overflow in a test program to execute arbitrary code. I'm on NetBSD 6 i386. Here is the C code: int checkPassword(char *password) { char savePassword[64] = {0}; char *logMessage; …
lesenk
  • 793
  • 1
  • 8
  • 22
4
votes
6 answers

C++ Buffer Overflow

I'm trying to teach myself about buffer overflows and exploitation in C++. I'm an intermediate C++ guy, at best, so bear with me. I've followed a few tutorials, but here's some example code to illustrate my question: #include #include…
sraboy
  • 903
  • 2
  • 13
  • 26
4
votes
2 answers

Writing a return-to-libc attack, but libc is loaded at 0x00 in memory

I'm writing a return to libc attack for my systems security class. First, the vulnerable code: //vuln.c #include #include int loadconfig(void){ char buf[1024]; sprintf(buf, "%s/.config", getenv("HOME")); return 0; } int…
stonethumb
  • 43
  • 1
  • 4
4
votes
2 answers

Would a C#/.Net web browser be susceptible to exploits?

Is it correct to say that the .Net platform is more secure because the CLR guards against buffer overflow attacks? Assuming there was a web browser running in a managed OS (like Cosmos, SharpOS or Singularity), would it be technically possible for…
laktak
  • 57,064
  • 17
  • 134
  • 164
1 2 3
52 53