c – Can you perform a buffer overflow and a format string attack at the same time?

So I hope I’m phrasing this right. I’m trying to exploit a piece of c code which you can see below.

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int user_age;
void secretClub(){
  if(user_age<18){
    printf("Come back when your old enough!!");
  }
  else{
    printf("Come on in.");
}
}

int main(){
  char name(30);
  user_age = 17;
  gets(name);
  printf("Hello there ");
  printf(name);
}

What I’m trying to do here is call the secretClub function and to print “Come on in”. So I know if I wanted to just call the secretClub function, I could just overflow the buffer enough with the memory address of the function at the end. And I know that I can use this programs string format vulnerability to modify the variable’s value in memory.

What I’m wondering is how to do both in one line? Sorry if this seems like a stupid and obvious question, upon searching I couldn’t find much. Any guidance would be greatly appreciated!

buffer overflow – Understanding ret2libc return address location

This is because on x86, stacks grow downwards (towards lower addresses), but buffers are filled upwards (towards higher addresses):

When writing out of the buffer, you are clobbering the return address of the stack frame above, at a higher address.

The ret instruction will then pop the return address off the stack and continue execution at the beginning of system. Then, system will pop its arguments off the stack, and upon returning, pop the address of the next function off the stack, i.e. the stack shrinks as you go through the chain, and the stack pointer grows larger.

reverse engineering – What is source of bad characters exist in buffer overflows

I’m new to exploit development and while watching a tutorial I came across the topic of “Bad character identification”. I’m referring to the process of sending all possible characters to the vulnerable process to see if there are characters which fail to pass to the receiver.

The existence and identification of those characters has been discussed many times before but I couldn’t find the root cause of their existence.

Why are there bad characters a target process mis-handles?

operating systems – Simultaneous buffer access in the bounded buffer problem

Galvin and various other resources only allow either the producer or the consumer to access the buffer at a time, the common code is as follows:

//Producer code

While(true)                     
{ down(empty);
  down(mutex);
  buffer(in) = item;
  in = (in+1) % buffer_size;
  up(mutex);
  up(full);
}

//Consumer code

While(true)
{ down(full);
  down(mutex);
  item = buffer(out);
  out = (out+1) % buffer_size;
  up(mutex);
  up(empty);
}

Here empty and full are semaphores which count the number of empty and full buffers. Mutex is initialised to 1, empty to buffer_size, full to 0.

I understand that multiple producers or consumers accessing the buffer at a time results in a race condition, but in my opinion a producer and a consumer can simultaneously access the buffer at a time without any problem. The solution given below seems to be fitting the constraints more precisely, so my question is, is there any problem(bounded wait not being satisfied, race condition, etc) in letting the producer and consumer access the buffer simultaneously like so?

While(true)
{ down(empty);
  down(producer_mutex);
  buffer(in) = item;
  in = (in+1) % buffer_size;
  up(producer_mutex);
  up(full);
}

While(true)
{ down(full);
  down(consumer_mutex);
  item = buffer(out);
  out = (out+1) % buffer_size;
  up(consumer_mutex);
  up(empty);
}

c – Having trouble with learning Buffer Overflows

So I have this program in C that I’m trying to exploit which has a vulnerability in a function, namely it’s using gets. I’m trying to overflow and change the return address so the program returns one or both of the two functions that are not called.

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

void half_win()
{
  printf("Well done, you got half the scoren");
}

void complete_win(){
  printf("FULL SCOREn");
}
void vuln_func(){
  char buffer(36);
  gets(buffer);
  printf("You have entered: %sn",buffer);
}

int main(int argc,char**argv){
  vuln_func();
}

So I overflow the buffer, I go to check the esp to calculate the offset by subtracting the address where the buffer starts from the esp’s address but what’s strange is that the buffer seems to overwrite the esp.

(gdb) x/24wx $esp
0xffffd0c8: 0x41414141  0x41414141  0x41414141  0xffffd100
0xffffd0d8: 0xffffd16c  0xffffd0f4  0x00000001  0xffffd164
0xffffd0e8: 0xf7fac000  0xf7fe574a  0xffffd160  0x00000000
0xffffd0f8: 0xf7fac000  0x00000000  0x00000000  0x98862ada
0xffffd108: 0xdada4cca  0x00000000  0x00000000  0x00000000
0xffffd118: 0x00000040  0xf7ffd024  0x00000000  0x00000000

So both their addresses are the same so the offset value is 0. I can’t figure out what I’m doing wrong here. If any could give some guidance you’d be really saving me.

It’s running on Ubuntu by the way.

I will do create 50 super web 2.0 buffer blogs with 150 do follow backlinks for $15

I will do create 50 super web 2.0 buffer blogs with 150 do follow backlinks

About my Service:

Web2.0 Service,

Web 2.0 blogs are the most popular SEO dofollow backlinks and boost your Google Search Engine ranking as most of the web 2.0 blogs have huge authority. Web 2.0 blogs get a lot of traffic so you can expect a good amount of organic traffic to your money site along with the super web 2.0 backlinks.

✔️ 100% Unique articles will be submitted to your keywords & links

✔️ Super web 2.0 backlinks from high authority domains.

✔️ High Domain Authority (DA 30 – 100) Web 2.0 backlinks

✔️ Contextual dofollow backlinks with your targeted keyword as an anchor!

✔️ Full reports of your created links in the excel sheet

.(tagsToTranslate)Web2(t)Dofollow(t)Blogs(t)Backllinks(t)LinkBuilding

opengl – GLSL link fails with C9999 (too many buffer declarations?)

I’m receiving a C9999 (*** exception during compilation ***) linker error for an OpenGl 4.6 compute shader. It seems to be related to the number of SSBOs I have declared (14 separate declarations), but it really doesn’t seem like it should be a problem, given that my GTX 1070 has 96 buffer binding locations.

None of the names are reserved keywords, and I’m not using double underscores. This has happened to me before, but I’ve worked around it by managing to split my code into separate shaders with fewer buffer declarations.

I’m finally asking about it because, for performance reasons, I’d really rather not split this up.

enter image description here

This is all the information the driver gives me in this case.

pivoting – Buffer overflow with reverse Windows shell won’t connect back to a meterpreter session

I have exploited a buffer overflow and can get a reverse Windows meterpreter session back to my attacker IP, so I know the shellcode works. When I have to send the shell back to a compromised host with a meterpreter session running on it (as root) the meterpreter session never “answers” the shell connecting back. I can see the traffic with wireshark on the correct port for the connection. The payload executes on a Windows box and I’m trying to connect back to a meterpreter session on a Ubuntu victim to route back to me.

Any advice on how to further troubleshoot the issue?

Operations on row buffer in DRAM

I am trying to understand what is the hardware structure of the row buffer in the main memory. If there can be any shift operations or any other opeartions that can be made on the row buffer? Also, any in-depth material/reference for this will be appreciated. Thanks!

How to load (buffer) a YouTube video while paused?

When watching a video on YouTube, the player only buffers a short time ahead, even when the video is paused. There used to be a time when videos were buffered to the end, which allowed a smooth watching even on slow connection. But at some point YT’s streaming algorithm was changed, w/o an option in the setting.

Over the years there’s been a couple of workarounds (as plugins or extensions like SmartVideo for YouTube), and there are a few older discussions in SE and other places. However, those do not seem to work anymore.

Is there a way to buffer a YouTube video, for smooth watch over slow connection?