Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Stack-based buffer overflow exploitation techniques
From: Carlos Eduardo Santiviago <segfault () brturbo com>
Date: 12 Jan 2004 18:28:13 -0000


Hello,

supposing this simple vuln code:

int main(int argc, char *argv[])
{
   char buf[128];

   strcpy(buf, argv[1]);
   return 0;
}

I am doing a research about stack-based exploitation techniques and i know 4 ways to do it (to help me overwrite saved 
eip/ebp):

1. using nop sled (P49-14)
2. using environment variables (murat, netric.org)
3. using ptrace() (RaiSe's linuxconfig exploit)
4. returning-into-libc

The question is: is there any other way to exploit it?

thanks,
--
/sf

  By Date           By Thread  

Current thread:
  • Stack-based buffer overflow exploitation techniques Carlos Eduardo Santiviago (Jan 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]