Dabbling in Buffer Overflows

Soldato
Joined
2 Dec 2009
Posts
4,006
Location
Midlands
Hi guys,

I've recently been having relatively good success at remote buffer overflow as I learn about pen-testing online services, however, I've really run aground in my learning.

Once I've connected with the poorly constructed service via netcat on Kali, I've deduced that 24 bytes is the limit, hence I use the following to call my fixed 'success' function (located at 0x5656c26d):

Code:
AAAAAAAAAAAAAAAAAAAAAAAAAA\x6D\xC2\x56\x56

However, I just keep getting it incorrect no matter how I present the input with the following error:

Code:
NX Alert: Terminating Process for Bad Address.

I'd naturally assumed the Function is stored in little Endian, but it still won't function. Any ideas please?!
 
Associate
Joined
16 Oct 2006
Posts
558
Location
U.K.
You might be running foul of protections afforded by modern compilers. GCC, for instance, you'd need to compile the broken application with something like -fno-stack-protector.
 
Last edited:
Back
Top Bottom