Dabbling in Buffer Overflows

Soldato
Joined
2 Dec 2009
Posts
4,009
Location
Midlands
Hi guys,

I've recently been having relatively good success at remote buffer overflow as I learn about pen-testing online services, however, I've really run aground in my learning.

Once I've connected with the poorly constructed service via netcat on Kali, I've deduced that 24 bytes is the limit, hence I use the following to call my fixed 'success' function (located at 0x5656c26d):

Code:
AAAAAAAAAAAAAAAAAAAAAAAAAA\x6D\xC2\x56\x56

However, I just keep getting it incorrect no matter how I present the input with the following error:

Code:
NX Alert: Terminating Process for Bad Address.

I'd naturally assumed the Function is stored in little Endian, but it still won't function. Any ideas please?!
 
You might be running foul of protections afforded by modern compilers. GCC, for instance, you'd need to compile the broken application with something like -fno-stack-protector.
 
Last edited:
Back
Top Bottom