IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [assembly]

Assembly language is a low-level programming language whose instructions map almost 1-to-1 to a computer's machine code.

Assembly language is a low-level programming language whose instructions map almost 1-to-1 to a computer's machine code.

When analyzing an executable whose source code is unknown (e.g. the payload of an attack), the analyst can use a tool called a disassembler. A disassembler translates the machine code instructions (the numbers that form the unknown code) to assembly language, helping the analyst to better understand what the code is doing.

Below is a simple example of what assembly code looks like. Although assembly code looks quite cryptic, all the words are names or abbreviations. The example is for the x86 family of processors.

CLC
MOV  AX, 5   
ADD  AX, [SI]
MOV  [SI], AX
82 questions
3
votes
1 answer

Buffer overflow: Why does the ESP Register change its value after access violation

Background: Currently trying to exploit a BoF vulnerability. After setting up the environment, running a compiled C program that contains the strcpy function, I disassembled the program as it's running in the Immunity Debugger, so the data at the…
0x5929
  • 335
  • 4
  • 13
3
votes
1 answer

Can anyone explain what Ret2plt means and how it works?

I'm reading about stack overflow protection mechanism like DEP, and it's written that Ret2plt and system() can be used to bypass it. What is Ret2plt and how does it work? I cannot find a single explanation of this term on google.
palerna
  • 31
  • 1
  • 2
3
votes
1 answer

Is it "normal" to find procedures in the middle of a .mov file with a disassembler?

I used hopper disassembler to see if there was any strange activity on this particular mov file. What was bizarre and unexpected was This .mov file is particularly strange such as it seems to lower the audio quality on people's computers who play…
BillTheMagnificient
  • 61
  • 1
  • 8
2
votes
1 answer

Buffer Overflow and Segments

I know by overwriting the return address in vulnerable program we can change the offset of next instruction and make it to point to our injected buffer. but this buffer is in stack segment and the offset (ip) is calculated for "code segment" so how…
user2808671
  • 127
  • 1
  • 9
2
votes
0 answers

Assembly decoder with jmp-pop-call technique

This is a part of code in which I cannot figure out the mistake. I am using the jmp-pop-call technique and what I get is "Segmentation Fault". Tried to use GDB but things are really vague. Each byte is encoded by 1 in python and what I want is to…
George Diathesopoulos
  • 21
  • 1
2
votes
1 answer

Metasploit generating strange shellcode

So I just used metasploit to generate the payload/linux/x86/shell_bind_tcp payload without null bytes (generate -t raw -b '\x00' -f shellcode). Here's the shellcode: $ xxd -p…
gsgx
  • 1,225
  • 2
  • 12
  • 13
2
votes
1 answer

Study roadmap to write a crypter / backdoor

Recently I came across a site called SecurityTube.net, which has a ton of amazing security stuff. I'm following their Python Scripting Expert videos which are totally worth it. I also came across the concept of 'Crypters', which evade antiviruses…
Nitaai
  • 123
  • 4
2
votes
1 answer

Stack Smashing problem

I'm currently reading the popular article "Smashing the Stack for fun and profit" by Aleph One but I have a problem. I will try to isolate the problem and present to you only that detail. Even if I succeded in adapting the first examples for my…
Doru_RO
  • 23
  • 3
2
votes
1 answer

vulnserver - Can't find JMP ESP in ntdll.dll

This tutorial shows how to find a JMP ESP in nttdll.dll http://sh3llc0d3r.com/vulnserver-trun-command-buffer-overflow-exploit/ Find address for EIP In this step we have to check the registers and the stack. We have to find a way to jump to our…
Wolf
  • 347
  • 2
  • 3
  • 15
2
votes
2 answers

Overflowing the buffer yet not jumping to address

I am a beginner at buffer overflows been studying this subject from a few days and i found this exercise (code from: here) I think understand the basic concept i write more than 64 bytes characters and the gets function overflows the next address on…
Nikolay Atanasov
  • 451
  • 1
  • 5
  • 10
2
votes
2 answers

C - Simple Buffer Overflow Exploitation, how is the EIP overwritten in different type calling functions?

General Background: I have written an echo server trying to implement an example of BoF in C that utilizes a strcpy() function call like such: // .... including the corresponding libraries depending on host environment #include
0x5929
  • 335
  • 4
  • 13
2
votes
2 answers

Shellcode doesn't execute and EIP is overwritten

I've written a vulnerable program (below) and some shellcode (also below) to use in a buffer overflow exploit. I've had the same problems as in this link, and solved those using the answers there (-z execstack, -fno-stack-protector). I'm now having…
Henrik Oldcorn
  • 21
  • 1
  • 2
2
votes
1 answer

Challenge: Shellcode with unique bytes

Is it possible to have a (small) shellcode with unique bytes only? So far I noticed the smallest shellcode I can find online is 19 bytes for Linux x86, but it does repeat bytes, especially the "/" from "/bin/sh" and even some opcodes contain…
Alex
  • 131
  • 3
2
votes
1 answer

Eliminating 0x0a from ShellCode for unlink file

I have written a shellcode to unlink a file from the system, but when I extracted the hexcode off the binary file, it consists of \x0a byte, because the sys call number for unlink function is 10, so it is essentially being treated as new line…
Shubham Jain
  • 21
  • 1
2
votes
1 answer

Need help in bypassing Structured Exception Handling (SEH) + egghunter

I am practicing exploit development and trying to remake this exploit by myself in the same environment: exploit link I face an issue that the egghunter is not running I even tried the one in the exploit and it did not run also I run the exploit and…
HAlmusajjen
  • 44
  • 6
1 2
3
4 5 6