buffer-overflow

问题 We are at our company planning to make our application Unicode-aware, and we are analyzing what problems we are going to encounter. Particularly, our application will for example rely heavily on lengths of strings and we would like to use wchar_t as base character class. The problem arises when dealing with characters that must be stored in 2 units of 16 bits in UTF-16, namely characters above U+10000. Simple example: I have the UTF-8 string "蟂" (Unicode character U+87C2, in UTF-8: E8 9F 82)

问题 I'm currently reading (for the second time) "Hacking : The Art of Exploitation" and have stumbled on something. The book suggests two different ways to exploit these two similar programs : auth_overflow and auth_overflow2 In the first one, there is a password checking function layed out like this int check_authentication(char *password) { int auth_flag = 0; char password_buffer[16]; strcpy(password_buffer, password); ... } Inputing more than 16 ASCII characters will change the value of auth

问题 I am trying to write a very simple program that highlights how a buffer overflow exploit can be used to bypass a password protected system. The code is given below: #include <stdio.h> #include <string.h> int main(void) { char buff[15]; char tempbuff[15]; int pass = 0; printf("\n Enter a password of length between 1 and 15 characters : \n"); gets(buff); //strcpy("%s",buff); printf("\n Enter your password : \n"); gets(tempbuff); //strcpy("%s",tempbuff); if(strcmp(tempbuff, buff)) { printf ("\n

问题 I'm trying to bof a particular exploitme on DVL by redirecting input (to gets) using run < inputfile inside gdb I can overflow the program successfully but am having trouble appending hex values to the string.. I have tried quotations, converting the value of the mem addr to ascii and various escape attempts (\,\,\) with no luck Input file example: AAAA\x42 In the above example it would appear that the backslash is being read as an ascii char (5c) and the value 42 remains in the stack (oddly?

问题 I tried the code provided by this question,but it doesn't work. How to contrive an overflow to wrap my head around? Update: .file "hw.cpp" .section .rdata,"dr" LC0: .ascii "Oh shit really bad~!\15\12\0" .text .align 2 .globl __Z3badv .def __Z3badv; .scl 2; .type 32; .endef __Z3badv: pushl %ebp movl %esp, %ebp subl $8, %esp movl $LC0, (%esp) call _printf leave ret .section .rdata,"dr" LC1: .ascii "WOW\0" .text .align 2 .globl __Z3foov .def __Z3foov; .scl 2; .type 32; .endef __Z3foov: pushl

问题 I looked at the basics of buffer overflow vulnerabilities and tried to understand how the stack is working. For that I wanted to write a simple program which changes the address of the return address to some value. Can anybody help me with figuring out the size of the base pointer to get the offset from the first argument? void foo(void) { char ret; char *ptr; ptr = &ret; //add some offset value here *ptr = 0x00; } int main(int argc, char **argv) { foo(); return 1; } The generated assembler

问题 I'm trying to recreate a stack buffer overflow using the classic overflow with strcpy using this function: #include <stdio.h> #include <string.h> void main(int argc, char **argv) { char buf[100]; strcpy(buf,argv[1]); printf("Done!\n"); } I have tried compiling with all the various flags in order to remove the stack protection gcc -o vuln vuln.c -fno-stack-protector -g -z execstack as well as removing ASLR with sudo echo 0 > /proc/sys/kernel/randomize_va_space . I can get my nop-shellcode

问题 I'm taking a class in computer security and there is an extra credit assignment to insert executable code into a buffer overflow. I have the c source code for the target program I'm trying to manipulate, and I've gotten to the point where I can successfully overwrite the eip for the current function stack frame. However, I always get a Segmentation fault, because the address I supply is always wrong. The problem is that the current function is inside a pthread, and therefore, the address of

问题 I just found out that there is a STATUS_STACK_BUFFER_OVERRUN and a STATUS_STACK_OVERFLOW. What's the difference between those 2? I just found Stack overflow (stack exhaustion) not the same as stack buffer overflow but either it doesn't explain it or I don't understand it. Can you help me out? Regards Tobias 回答1: Consider the following stack which grows downward in memory: +----------------+ | some data | | +----------------+ | growth of stack | 20-byte string | V +----------------+ limit of

问题 Can there be buffer overflow/overrun vulnerabilities in completely managed asp.net web portal.If yes how can this be tested. 回答1: Not unless you exploit the webserver or .NET/ASP.NET stack itself. 回答2: In the general case, you don't need to worry about buffer overruns. This is one of the major advantages of managed code, garbage collection being perhaps the other major advantage. There are a few edge cases that you should be aware of - any time your managed code interacts with unmanaged code