Questions tagged [debugging]

Debugging is a methodical process of finding and reducing the number of bugs, or defects, in a computer program.

69 questions
47
votes
7 answers

Why is application crash considered insecure?

If an application crashes, the program stops and there is nothing anyone can do about it, other than starting the program again. Crash is a bad behaviour in general and should be avoided, but why are they seen as security vulnerability?
19
votes
4 answers

Is this verbose error message on the DOT website a security issue?

I was looking for a form on the US Department of Transportations website, and I came to a page that gave me an error, with a full debug report and stack trace. Hopefully, you can get the same result by going to the page as…
CodyBugstein
  • 579
  • 5
  • 12
13
votes
2 answers

Malware sandbox detection

I started some reverse engineering exercises using Ollydbg, IDA Pro and other tools like Sysinternals suite, etc. Some of these exercises are about malware. I downloaded some different malware from the awesome github repository called The Zoo. I…
OscarAkaElvis
  • 5,185
  • 3
  • 17
  • 48
11
votes
1 answer

Help in understanding an application's crash - exploitable?

Being new to researching vulnerabilities in native applications (as opposed to web apps), I'm having difficulties understanding a crash in Debian's browser, Epiphany (version 2.30.6), and determining if it is exploitable. I've discovered that the…
mds
  • 119
  • 4
11
votes
1 answer

Does analysing Malicious code in gdb pose a security risk?

I have encountered a Malicious Shell-Code & i have ported the shellcode into a compatible C Code which can run the shellcode, i compiled it using gcc -fno-stack-protector -z execstack shellcode.c -o code which gives output ELF file code, i am…
10
votes
5 answers

Does GHIDRA have a debugger?

Does GHIDRA have a debugger attached for dynamic analysis of application?
pentesterxvi
  • 101
  • 1
  • 1
  • 4
8
votes
1 answer

Program getting exploited inside gdb, new shell is spawned but terminated immediately

I am trying to exploit a SUID program. The program is: #include #include #include #include #define e(); if(((unsigned int)ptr & 0xff000000)==0xca000000) { setresuid(geteuid(), geteuid(), geteuid());…
7
votes
3 answers

Does a working JTAG diagnostics port on Android phone add unnecessary risk?

Not enough people seem to know about JTAG outside the hacker and LEO communities but the short version is that JTAG allows anyone with physical access to your phone to chew their way right into it. I can't understand why fundamentally disposable…
Mark Mullin
  • 381
  • 2
  • 9
6
votes
2 answers

Why is my debugger detected as a Trojan by anti-virus software?

I'm trying to use a deugger (namely OllyDbg) to analyze some exe files. However, all the versions I downloaded from the Internet are considered as Trojans by some anti-virus software. (I use www.virustotal.com to scan the binary I downloaded) Are…
lyenliang
  • 61
  • 1
  • 2
6
votes
3 answers

Disabling android application debug mode as a security practice

There's a security practice which says you should not publish your android application with debug mode enabled. While an attacker can use apktool to decompile your application, enable the debug flag in AndroidManifest.xml and recompile it, how does…
Silverfox
  • 3,369
  • 2
  • 19
  • 39
5
votes
4 answers

What is the use of disabling detailed exception pages on open-sourced apps?

Frameworks for web apps typically can run in either production mode or development mode. One of the major differences between the two modes is how exceptions are handled: in development mode the browser will typically be sent a detailed exception…
gaazkam
  • 5,607
  • 11
  • 24
  • 37
5
votes
2 answers

Privilege escalation fails outside gdb

I have an application with the following source code: #include #include #include int bof(char *str) { char buffer[12]; strcpy(buffer, str); return 1; } int main(int argc, char **argv) { char…
4
votes
1 answer

Explaining a buffer overflow vulnerability in C

Given this C program: #include #include int main(int argc, char **argv) { char buf[1024]; strcpy(buf, argv[1]); } Built with: gcc -m32 -z execstack prog.c -o prog Given shell code: EGG=$(printf…
janos
  • 93
  • 9
4
votes
2 answers

Why does my stack contain the return address to __libc_csu_init after main is initialised?

I wrote a simple program in C, compiled it, opened it in gdb, set a breakpoint at line 11 and inspected the stack. 1 #include 2 3 int main(int argc, char *argv[]){ 4 char arr[4] = "AABB"; 5 int square = foo(2); 6 …
Hugh Pearse
  • 141
  • 1
  • 4
4
votes
2 answers

return to libc- finding libc's address and finding offsets

So I tried performing a return-to-libc according to https://sploitfun.wordpress.com/2015/05/08/bypassing-nx-bit-using-return-to-libc/ . I found libc's address by using "ldd vuln", and found system's offset by using "readelf -s…
1
2 3 4 5