buffer-overflow

I want to skip a line in C, the line x=1; in the main section using bufferoverflow ; however, I don't know why I can not skip the address from 4002f4 to the next address 4002fb in spite of the fact that I am counting 7 bytes form <main+35> to <main+42> . I also have configured the options the randomniZation and execstack environment in a Debian and AMD environment, but I am still getting x=1; . What it's wrong with this procedure? I have used dba to debug the stack and the memory addresses: 0x00000000004002ef <main+30>: callq 0x4002a4 **<function>** **0x00000000004002f4** <main+35>: movl $0x1,

I have vague memories of suggestions that sscanf was bad. I know it won't overflow buffers if I use the field width specifier, so is my memory just playing tricks with me? I think it depends on how you're using it: If you're scanning for something like int , it's fine. If you're scanning for a string, it's not (unless there was a width field I'm forgetting?). Edit : It's not always safe for scanning strings. If your buffer size is a constant, then you can certainly specify it as something like %20s . But if it's not a constant, you need to specify it in the format string, and you'd need to do:

I'm trying to execute a very simple buffer overflow attack. I'm pretty much a newbie to this. So, if this question is stupid, please excuse me :-) The code: #include<stdio.h> #include<stdlib.h> int i, n; void confused(int i) { printf("**Who called me? Why am I here?? *** %x\n ", i); } void shell_call(char *c) { printf(" ***Now calling \"%s\" shell command *** \n", c); system(c); } void victim_func() { int a[4]; printf("Enter n: "); scanf("%d",&n); printf("~~~~~~~~~~~~~ values and address of n locations ~~~~~~~~~~"); for (i = 0;i <n ;i++) printf ("\n a[%d] = %x, address = %x", i, a[i], &a[i]);

I'm supposed to come up with a program that exploits the "return to libc buffer overflow". This is, when executed, it cleanly exits and brings up a SHELL prompt. The program is executed in a bash terminal. Below is my C code: #include <stdio.h> int main(int argc, char*argv[]){ char buffer[7]; char buf[42]; int i = 0; while(i < 28) { buf[i] = 'a'; i = i + 1; } *(int *)&buf[28] = 0x4c4ab0; *(int *)&buf[32] = 0x4ba520; *(int *)&buf[36] = 0xbfffff13; strcpy(buffer, buf); return 0; } Using gdb , I've been able to determine the following: Address for "system": 0x4c4ab0 Address for "exit": 0x4ba520

How are buffer overflows used to exploit computers? How is one able to execute arbitrary code simply by causing stack or heap overflows? I understand that portions of the programs memory are overwritten that aren't supposed to be, but I don't see how this leads to one executing their own code. Also, must the 3rd party's malicious code be written in the target processors assembly language? This is the most widely known document on the subject: Smashing the Stack for Fun and Profit However, 'stack overflows' have nothing to do with buffer overflows. Stack overflows are generally just an error

I have recently started to learn C and I am taking a class with C as the subject. I'm currently playing around with loops and I'm running into some odd behaviour which I don't know how to explain. #include <stdio.h> int main() { int array[10],i; for (i = 0; i <=10 ; i++) { array[i]=0; /*code should never terminate*/ printf("test \n"); } printf("%d \n", sizeof(array)/sizeof(int)); return 0; } On my laptop running Ubuntu 14.04, this code does not break. It runs to completion. On my school's computer running CentOS 6.6, it also runs fine. On Windows 8.1, the loop never terminates. What's even

This question already has an answer here: Why is the gets function so dangerous that it should not be used? 11 answers The declaration of gets is: char * gets ( char * str ); Note the glaring omission of a maximum size for str . cplusplus.com says 2 : Notice that gets is quite different from fgets: not only gets uses stdin as source, but it does not include the ending newline character in the resulting string and does not allow to specify a maximum size for str ( which can lead to buffer overflows ). And also: The most recent revision of the C standard (2011) has definitively removed this

Here is an example in c: #include <stdio.h> #include <string.h> void bad() { printf("Oh shit really bad~!\r\n"); } void foo() { char overme[4] = "WOW"; *(int*)(overme+8) = (int)bad; } int main() { foo(); } The fact that Python and PHP are interpreted like suggested by others isn't actually the point. The point is that almost all of the APIs and language semantics that they expose are heavily error-checked making it impossible to have exploitable undefined behavior. Even if you compile the languages, it would still be impossible. This doesn't mean that you couldn't expose unsafe APIs that can

void function(int a, int b, int c) { char buffer1[5]; char buffer2[10]; int *ret; ret = buffer1 + 12; (*ret) += 8;//why is it 8?? } void main() { int x; x = 0; function(1,2,3); x = 1; printf("%d\n",x); } The above demo is from here: http://insecure.org/stf/smashstack.html But it's not working here: D:\test>gcc -Wall -Wextra hw.cpp && a.exe hw.cpp: In function `void function(int, int, int)': hw.cpp:6: warning: unused variable 'buffer2' hw.cpp: At global scope: hw.cpp:4: warning: unused parameter 'a' hw.cpp:4: warning: unused parameter 'b' hw.cpp:4: warning: unused parameter 'c' 1 And I don't