Stack Overflow
Stack Overflow

Questions tagged [exploit]

An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch, or vulnerability in order to cause unintended or unanticipated behavior to occur. This frequently includes such things as gaining control of a computer system, allowing privilege escalation, or a denial of service attack.

790 questions
3
votes
1 answer

Understanding of return address calculation from Hacking: the art of exploitation?

The program is shown in the similar thread here. Let's assume that my OS doesn't implement ASLR or other protections from buffer overflow. Long story short, the author is spawning a child process from a parent process and passing the buffer created…
noob_user
  • 87
  • 7
3
votes
4 answers

PHP code injection. Do we have a security risk?

We have a simple php file that captures emails. It drops these emails into a csv file (which is not executable by php). We recently had someone who managed to hack our site and this seemed like one of the entry points, but I don't see how it's…
Jeremy
  • 437
  • 3
  • 16
3
votes
1 answer

Format string exploit length

I'm new to Software security and I'm studying it now at the university. I had some doubts about the Format String exploit, in particular how to count the length (in number of bytes) of a format string exploit. Suppose that I have the following…
Mattia Surricchio
  • 1,362
  • 2
  • 21
  • 49
3
votes
1 answer

How to disable the warning about using deprecated gets in GCC?

I'm running a CTF and I am currently writing a problem that exploits C's gets function. I understand that the function is deprecated and dangerous and I would never use it in any other circumstance. Unfortunately, gcc compiles my code and when I run…
will
  • 137
  • 3
  • 9
3
votes
2 answers

Increasing the length of md5 output

I have a question related to some old hashes like MD5 and SHA-1. Both of them are not very safe for sure, but is there any way to increase its output length? The output length of the MD5 is 32 hex digits or 16 bytes and I want to extend it to 18…
Matthew Darens
  • 129
  • 2
  • 8
3
votes
0 answers

My program is crashing at 0x16 even with my ROP chain

So I recently started working on my binary which is vulnerable to Use-After-Free. I found it too easy to just jump to secret(). So I added a variable to the _DATA section and set its value to 0. and then I added a hard coded check in…
Tomi Tokics
  • 39
  • 1
  • 4
3
votes
1 answer

Spectre fix impact on sorting performance

One of the most famous stackoverflow questions is why sorting a sorted array is so fast; and the answer is because of branch prediction. Will the application of Intel's and Microsoft spectre fixes effectively nullify the answer given in this…
Phillip Ngan
  • 15,482
  • 8
  • 63
  • 79
3
votes
1 answer

Using XSS to execute PHP Code

INTRO I was reading a report on hackerone.com and someone submitted an XSS bug, which uses Wordpress stream function, to Uber. First he displayed a simple alert box, but later he displayed custom php code, phpinfo();, which gets executed. Question I…
mroWsymaS
  • 196
  • 12
3
votes
2 answers

Is HttpUtility.HtmlEncode safe?

I want the user to enter text and i would like to show the text back to the user and keep all the whitespaces. I dont want any exploits and have the user inject html or javascript. Is HttpUtility.HtmlEncode safe enough to use? ATM it looks correct…
user34537
3
votes
0 answers

Running script on Meterpreter in Msfconsole

The purpose of my task is to run a Ruby script, which executes key-logger exe file, and starts working on remote computer. I manage to successfully connect by apache2 server (i.e. my other VM enters a link in the browser and meterpreter starts to…
ExploitBeg
  • 31
  • 1
3
votes
2 answers

Is this file (gcc.sh) in cron.hourly malware?

I have been experiencing spikes up to 1 Gbps on my server and have been looking for virus' and malware. I found this file: gcc.sh in /etc/cron.hourly and was wondering if anyone has seen anything like it, and would have some insight into the code.…
checked01
  • 93
  • 1
  • 1
  • 5
3
votes
1 answer

Why not have separate CODE and DATA stacks

Why don't processors have separate stack registers for CODE and DATA? This would make it almost impossible to alter the flow of control of the program by overwriting the stack with a local stack buffer overflow, changing the original return address…
Walt Howard
  • 7,676
  • 1
  • 16
  • 11
3
votes
2 answers

Vulnserver - Buffer overflow NOP characters aren't being passed in properly

I'm currently working on a buffer overflow test on the vulnserver app. Overflowing the buffer with hex values of A seemed to be passed into the program without an issue. The EIP was overwritten without an issue as well. However when I begin the NOP…
user2313602
  • 303
  • 4
  • 10
3
votes
0 answers

Buffer Overflow - Guessing the right offset does not work correctly

to understand the buffer overflow concept I write a little code, called overflow.c: #include #include int main(int argc, char *argv[]){ char buffer[100]; if(argc > 1){ strcpy(buffer, argv[1]); } else{ …
user3097712
  • 1,565
  • 6
  • 27
  • 49
3
votes
2 answers

Error: unaligned opcodes detected in executable segment

When compiling poc of CVE-2015-1528 from https://github.com/secmob/PoCForCVE-2015-1528 via ndk-build, this error appears: [armeabi] Compile++ thumb: exploitmedia <=…
john.smith
  • 31
  • 1
  • 3
1 2 3
52 53