15 Dec

How to turn off gcc compiler optimization to enable buffer overflow

up vote55down votefavorite 35 I’m working on a homework problem that requires disabling compiler optimization protection for it to work. I’m using gcc 4.4.1 on ubuntu linux, but can’t figure out which flags are are the right ones. I realize it’s architecture dependant – my machine runs w/ 32-bit Intel processor. Thanks. c gcc buffer-overflow compiler-optimization 6 Answers activeoldestvotes up […]

read more »
CHECKSEC.SH NOW WITH FORTIFY_SOURCE SUPPORT
02 Dec

CHECKSEC.SH NOW WITH FORTIFY_SOURCE SUPPORT

New checksec.sh release. What’s new with version 1.4: * Support for FORTIFY_SOURCE (–fortify-file, –fortify-proc) * Lots of other bugfixes and improvements   – Check if the readelf command is available   – readelf support for 64-bit ELF files   – Check if the requested files and directories do exist   – ‘–dir’ is now case-sensitive and correctly deals with […]

read more »
Exploit writing tutorial part 1 : Stack Based Overflows
16 Nov

Exploit writing tutorial part 1 : Stack Based Overflows

Last friday (july 17th 2009), somebody (nick)named ‘Crazy_Hacker’ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En), via packetstormsecurity.org. (see http://packetstormsecurity.org/0907-exploits/). The vulnerability report included a proof of concept exploit (which, by the way,� failed to work on my MS Virtual PC based XP SP3 En). Another exploit was released just a little bit […]

read more »
A Stack-based Buffer Overflow
16 Nov

A Stack-based Buffer Overflow

A Stack-based Buffer Overflow Introduction Basic of x86 Architecture Assembly Language Compiler, Assembler & Linker Function Operation Stack Stack Operation Stack based Buffer Overflow Shellcode: The Payload Vulnerability & Exploit Examples Another BOF ‘Research’         TESTING BUFFER OVERFLOW CODE In the following program example, we are going to investigate how the stack […]

read more »