Thread: Buffer overflow gone wrong

I wrote two programs, one with a vulnerability, and the other to exploit it. However, when I run the exploit, I get "The system cannot find the file specified" (And yes, I checked the obvious, it is in the directory)

5. Messages relating to cracking, (erroneously called "hacking" by many), copyright violations, or other illegal activities will be deleted. Due to the overlapping boundaries of code with malicious intent, and other legitimate uses of it, the moderators will assess each potential infraction on a case by case basis.

<<code deleted>>

Same if I put the full path. I think it has something to do with sprintf();.

Lol, i didnt know that this forum delimits the discussion of shellcoding.

Originally Posted by Wolf`

What do you mean?

Probably that it's quite an interesting subject, and you can learn a lot about processors, assembly language and C by learning about that. And seriously, if you exploit your own written program, what harm can you do with it?

That was my thought. The only reason it's supposed to work is because the program is totally unrealistic. After a while of coding my own OS, I figured it would be cool to try a shellcode stack exploit on MY OWN PROGRAM, cause low-level coding is fun.

The Moderators should allow shellcoding and exploit discussions as they help us to be aware of the possible vulnerabilities during coding, Especially in these c/c++ language.

Originally Posted by valthyx

The Moderators should allow shellcoding and exploit discussions as they help us to be aware of the possible vulnerabilities during coding, Especially in these c/c++ language.

Couldn't agree more. I hope the moderators will soon reconsider this rule. Of course, I can imagine you can't post an apache buffer overflow and ask how to exploit it. But exploiting your own scripts... There's nothing wrong with that.

The Moderators should allow shellcoding and exploit discussions as they help us to be aware of the possible vulnerabilities during coding, Especially in these c/c++ language.

We've had to be very strict on this rule because even when white-hat-hackers and security professionals come here, all their code and explanations are visible to script kiddies and malicious hackers, and we want no part in that.

But exploiting your own scripts... There's nothing wrong with that.

We made the assumption that if you can code your own OS as he is claiming, you can debug your own shell script. The last time I saw someone post here claiming they were just "researching vulnerabilities", they didn't even know how to use gcc properly. Those are the rules, and we're aware that they do inhibit some legitimate conversations, but we have to be strict about it.

I'm pretty sure I know which mod edited your post, and I trust their judgment - they don't go on power trips.

And it's kind of silly to expect us to believe you're security-testing your own OS when you lack some basic skills... like stuff that's taught in first or second semester. That's exactly my point - the rule doesn't exist to restrict access to that information. The rule exists to stop this from turning into script-kiddie haven.