Questions tagged [c]
The C programming language, commonly used for low-level programming
301 questions
2
votes
1
answer
74
views
Can strtok()'s static buffer enable cross-container attacks in Kubernetes when containers share libc through copy-on-write?
Can strtok()'s static buffer enable cross-container attacks in Kubernetes when containers share libc through copy-on-write?
In Kubernetes, containers running on the same node often share memory pages ...
4
votes
0
answers
111
views
How much do ARM-like link registers make return-oriented programming harder?
ROP usually uses a buffer overflow to overwrite the x86 return address. However, ARM stores that in a register. What is the effect of this on return-oriented programming attacks on non-x86 ...
- 141
1
vote
0
answers
80
views
What are some good examples to illustrate CWE in C? [closed]
I want to give good illustrations for CWEs in C/C++. I define "good" as follows:
Most of the time when we want to illustrate stack overflow (CWE-121), we will show the following code (taken ...
- 11
2
votes
0
answers
205
views
How to do a bufferoverflow attack for a simple C program?
Consider the following simple C program that asks the user for to input their user name and password in order to get access to some website. (The correct username is supposed to be "admin" ...
- 121
4
votes
1
answer
260
views
Why does this malicious code work? (Lua, FFI)
Below is a sandboxed Lua script that uses FFI to execute malicious C code. A fixed memory address is used to load a windows function GetProcAddress which is subsequently used to run a powershell ...
0
votes
1
answer
332
views
How to return to main after performing stack buffer overflow
#include <stdio.h>
#include <stdlib.h>
void reading();
void reading_hexa(char*);
void secret();
int main()
{
reading();
printf("Input done\n");
exit(0);
}
void ...
1
vote
0
answers
131
views
String format exploit works differentely on my machine than on remote target
I'm learning binary exploitation with the picoCTF challenges. I solved Stonks, but I'm trying to learn more about how the stack works.
What I did was the following:
checked out the source, here is ...
- 11
1
vote
0
answers
178
views
How can I exploit the following code using string format vulnerabilities, Global offset table & GDB? [closed]
The following code should be exploited and I need to exploit it in such a way that it runs my command (l33t) and there should be shellcode and exploit included, so that it runs my command. I believe I ...
- 11
0
votes
0
answers
152
views
Proof of concept: Services File Permissions Weakness (T1574.010)
I am trying to do a proof of concept where I use technique T1574.010. In this technique, I should rewrite the binpath of some service in Windows 10 so that when the service starts again the payload ...
- 11
0
votes
1
answer
194
views
Does the presence of an "unsafe" function in an object file pose a security risk
I've read that there are unsafe functions that we should try to avoid when writing C/C++ programs for example the gets() or strlen() functions.
Let's say I compile a .cpp/.c file into an object file ...
- 101
0
votes
0
answers
162
views
How do I prevent the random alignment of the instructions during debugging using gdb? Even tried turning off the optimization with -O0 in gcc
I have started with the book 'Hacking: The art of exploitation!'. I know some of you might suggest that it's pretty old... But I think great buildings withstand due to their strong foundational base. ...
1
vote
1
answer
172
views
bufferoverflow chars gets replaced on stack [closed]
So I try to understand stack based buffer-overflow but now I am stuck. This is the vulnerable function (32 bit ELF).
int test(char* input)
{
char buf[100];
printf("Buffer is at %p\n",...
- 21
3
votes
1
answer
399
views
accessing ELF in memory (Unix/Linux)
On Linux (and maybe UNIX), you can access and even modify process's stack with things like ptrace, process_vm_ready, etc., but is there a way to access the copy of the binary that's being executed ...
- 209
0
votes
0
answers
804
views
Program segfaults when ran with GDB
this is my first time posting a question here, so forgive me if I don't give enough details. I will provide any extra details that are requested.
Basically, I'm practicing a buffer overflow, and I'm ...
0
votes
1
answer
323
views
Vulnerability in the source code, but can't elevate do Privilege Escalation
Playing a CTF, I am trying to gain access to level 3 (you have to gain access sequentially from level 1 to level 2 and so on...), and in the level 2 directory there's this source code 2.c and along ...
- 21