Blog search: #Buffer overflow

Learning about buffer overflows using MIPS

Posted on Nov. 23, 2015

Exploitation Buffer overflow; MIPS;

One of the most used architecture when teaching about processors at the university is the MIPS architecture. This is because MIPS is a RISC architecture (Reduced instruction set computing), this means it is easy to learn but also that it misses many shortcuts otherwise available in other instruction sets. So ...

Ascii_easy - Pwnable.kr

Posted on July 19, 2016

Writeups Pwnable.kr; Ret2libc; Buffer overflow; ASLR; Ascii armor;

As usual, we have a program: ascii_easy, which has the permissions to get the flag. After a fast reverse-engineering we can imagine that the source code from where it comes from should look more or less like this:

#define MEM 0x80000000

int is_ascii(char c){
    if (c <= 0x1f || c ...

Simple login - Pwnable.kr

Posted on Jan. 19, 2017

Writeups Pwnable.kr; Buffer overflow; EBP;

Fuzzing a little bit we can easily crash the program...there is something weird happening here.

$ ./login 
Authenticate : aaaaaaaaaaaaa
hash : 0df08ae957b3d5ae2d6445c9416fe1cd
Segmentation fault (core dumped)

Analyzing a little bit we can realize that the program crashes at the address 0x08049424:

 ,=< 0x0804940a      7513           jne 0x804941f   
 |   0x0804940c      e84efeffff     call ...

Echo1 - Pwnable.kr

Posted on Jan. 19, 2017

Writeups Pwnable.kr; Buffer overflow;

Once we execute the program, it will ask for our name and then present a menu from where we can choose one type of echo service. BOF echo is the only one working. If we try to overflow the buffer we get a beautiful Segmentation fault (core dumped) that's ...