<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Stack-based buffer overflow exploitation techniques

Stack-based buffer overflow exploitation techniques

From: Carlos Eduardo Santiviago <segfault_at_brturbo.com>
Date: 12 Jan 2004 18:28:13 -0000

('binary' encoding is not supported, stored as-is) Hello,

supposing this simple vuln code:

int main(int argc, char *argv[])
{
   char buf[128];

   strcpy(buf, argv[1]);
   return 0;
}

I am doing a research about stack-based exploitation techniques and i know 4 ways to do it (to help me overwrite saved eip/ebp):

1. using nop sled (P49-14)
2. using environment variables (murat, netric.org)
3. using ptrace() (RaiSe's linuxconfig exploit)
4. returning-into-libc

The question is: is there any other way to exploit it?

thanks,
--
/sf
Received on Jan 13 2004

This message: [ Message body ]
Next message: OUAH: "RE: Buffer UNDERFLOWS: What do you know about it?"
Previous message: Inode: "get SP on Solaris (SPARC) with GCC 3.3.2"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos