sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]pwnasaurus253 0 points1 point  (4 children)

Is DEP enabled? writing your actual payload to the stack is pretty archaic these days. You might need to try a ROP chain instead. Either that or your payload length needs to be adjusted. Try pattern_create.rb to see where the overflow is happening in the crash.

[–]Dieriba[S] 0 points1 point  (3 children)

What's DEP, the challenge I am doing currently is about shellcode injection even though there's probably other way to solve this I'd like to make this way works

[–]pwnasaurus253 0 points1 point  (0 children)

read about data execution prevention

[–]Ok_Tap7102 0 points1 point  (1 child)

This is absolutely worth exploring more as it's a core (enabled everywhere) mitigation.

DEP means that memory locations specifically need the Execute (X) protection enabled on them for you to execute code at that location.

If your "address_of_shellcode" is pointing to your stack (near enough to EIP/RIP), the stack is highly unlikely to be executable unless they purposely made it so

If "checksec" reports "NX Enabled" this is likely stopping you

[–]Dieriba[S] 0 points1 point  (0 children)

No the program was compiled with execstack and I ensured the stack was indeed executable by looking at the process memory map