security - Buffer size and chance of ASLR brute force -


how increasing buffer size increase chances of aslr brute force succeeding?

this related project did. had exploit_1.c program had buffer/character array (originally of size 517). buffer set nops memset. place shellcode , return address buffer, written file called badfile. program took 1 argument return address. had stack.c program which, in function called bof, copied contents of badfile buffer of size 12.

i had read 1 method put jump @ end of nop sled , have redirect shellcode. however, shellcode 24 bytes, , @ maximum had 16 bytes before return address. did put shellcode @ end of buffer.

the 3rd task given pick return addresses such exploit program (modified buffer size of course) had higher average chance of succeeding buffer sizes 1000, 10000, , 100000. used bash while loop counter count how many tries aslr brute force took.

so thinking more memory nop sled longer. there's got more that.

the addresses picked were: 0xbf87f030 0xbf82e3d0 0xbfe0fb60


Comments

Post a Comment

Popular posts from this blog

ios - iPhone/iPad different view orientations in different views , and apple approval process -

i force app's home screen portrait , other views landscape. apple rejects app if this? if not , how force first screen launch in portrait mode? , force other screens launch in landscape. this not duplicate question search every possible answer in website. i force app's home screen portrait , other views landscape. apple rejects app if this? no apple not reject app this. have lot of apps doesn't support orientation. forcing on 1 screen won't cause app reject. if not , how force first screen launch in portrait mode? , force other screens launch in landscape. can on write : -(nsuinteger)supportedinterfaceorientations; function.
Read more

php - HTTP_REFERER woes: How can I allow access to a specific page, only when a visitor has visited another specific page beforehand? -

php newbie here, struggling crazy head around how go implementing http_referer-based security feature woefully inept downloads system. basically, have file download pages have specific string appended end of url, specific string being: ?thanks if visible in url, users able download file situated on it. works great, it's easy 'unlock' page adding '?thanks' part onto url themselves. allowing users bypass clumsy security , access premium files ease. if possible, i'd add security measure whereby attempting access page containing string '?thanks' did not arrive page containing '?pending' redirected homepage. make perfect solution me. just clarity, typical pre-download process goes this: user visits download page: [website]/download/page/123/ user completes recaptcha, gets redirected here: [website]/download/page/123/?pending user fills in details, gets redirected here: [website]/download/page/123/?thanks user receives file long-...
Read more

java Extracting Zip file -

i'm looking way extract zip file. far have tried java.util.zip , org.apache.commons.compress, both gave corrupted output. basically, input zip file contain 1 single .doc file. java.util.zip: output corrupted. org.apache.commons.compress: output blank file, 2 mb size. so far commercial software winrar work perfectly. there java library make use of this? this method using java.util library: public void extractzipnative(file filezip) { zipinputstream zis; stringbuilder sb; try { zis = new zipinputstream(new fileinputstream(filezip)); zipentry ze = zis.getnextentry(); byte[] buffer = new byte[(int) ze.getsize()]; fileoutputstream fos = new fileoutputstream(this.tempfolderpath+ze.getname()); int len; while ((len=zis.read(buffer))>0) { fos.write(buffer); } fos.flush(); fos.close(); } catch (filenotfoundexception e) { // todo auto-generated catch block ...
Read more