Questions tagged [aslr]

Question 1

Reading a technical paper on the issue I wanted to test it on my computer. The idea is to provoke privilege escalation (change on the whoami output from peter to root) through a buffer overflow. The ...

Question 2

Let's assume we have this simple program: void main() { int x; printf("%p", &x); } Assuming the stack is mapped something like this: 0x007ffffffdd000 0x007ffffffff000 ...

Question 3

I have read about ASLR and understand that it randomizes the location in memory where an executable is loaded every time it is run. But I have a doubt, take an example of an elf executable. It tells ...

Question 4

The majority of my cyber security background comes in the form of web application vulnerability testing, and whilst I do have a degree of prior experience in studying and performing application ...

Question 5

I have this program that uses ASLR and it leaks information when i overflow a buffer, namely the address of printf. Furthermore i can overwrite the return address. How can i use this to spawn a shell? ...

Question 6

I just printed function addresses and offset between two functions, but the offset is fixed whenever the program is executed (base address is only changed). Code (test.c) #include <stdio.h> #...

Question 7

Using standard hardening options like PIC, Stack Protection ... does a mere recompilation make a program more secure against attacks? You have the source code of a program, compile it two times with ...

Question 8

I'm trying to exploit a basic C program (below) which I've written: #include <stdio.h> #include <string.h> void main() { char ch[10]; scanf("%s", ch); if(strcmp(&...

Question 9

With a single infoleak and access to the binary you can calculate the other addresses. Is this still possible when you don't have access to the binary?

Question 10

I am working on exploiting an application on MIPS to further my knowledge of ROP chaining. The library I am trying to build a ROP chain is libuClibc-0.9.30.3.so. I found a gadget that I want to use ...

Question 11

Let's say I have this piece of code that changes the 10 address to the value 20 and the following one to 30 mov ebx,10 mov [ebx],20 add ebx,1 mov ebx,30 How can the address change each time it is ...

Question 12

Is it safe to use non-ASLR DLL in an enabled ASLR EXE? Would the DLL be loaded to and will use random addressed, or should all the dependencies enable ASLR? In addition, what about other security ...

Question 13

I have following code: #include <stdio.h> #include <stdlib.h> int main() { int *ptr1 = malloc(16); int val1 = 0x12345678; printf("stack: %p\nheap: %p\n", &...

Question 14

From what I understand, ASLR has 3 Modes: 0 - turned off 1 - randomizes stack, heap, shared libraries, vDSO, mmap memory area and text area (if built with -fPIE -pie) 2 - additionally randomizes brk()-...

Question 15

If a packer or crypter is used to obfuscate a piece of executable code, it seems that calls and references made in that code will not be updated at load-time and will be incorrect when the code is ...

Stack Exchange Network

Questions tagged [aslr]

How should be set an unprotect environment on modern linux to test an old buffer overflow example?

Where do stack pointer differences to stack base originate from on Linux?

How does ASLR work [duplicate]

Are buffer overflow and similar attacks still possible?

How to exploit with Control over return address and knowing the address of printf

Fixed offset in linux ASLR?

Does recompiling a binary from source code make it more secure/obscure?

Buffer overflow outside gdb

Is a single infoleak enough to break ASLR if you don't have access to the binary?

ROP on MIPS Doesn't Land Where Calculated

How does ASLR work if in the assembly code the addresses are the same

Is it safe to use non-ASLR DLL in an enabled ASLR EXE

ASLR doesn't work?

Importance of ASLR Mode 2

How do packers/crypters deal with ASLR?

Hot Network Questions