Questions tagged [debugging]
Debugging is a methodical process of finding and reducing the number of bugs, or defects, in a computer program.
76 questions
2
votes
0
answers
267
views
How do I get openssl s_client to output all information needed to analyze a TLS session in wireshark?
I'm trying to figure out why I'm seeing an
ssl3_read_n:unexpected eof while reading:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/sources/FreeBSD-src-RELENG_2_7_2/crypto/openssl/ssl/record/...
- 43
1
vote
1
answer
204
views
Segmentation fault without rip even getting overwritten Buffer Overflow
I was trying to overflow the return pointer of a simple program. I have asrl disabled and I compiled like this gcc returnexp.c -o returnexp -fno-stack-protector.
(I would disable noexecstack later on ...
1
vote
1
answer
666
views
ScyllaHide DLL Injection
When I try to perform a DLL injection with ScyllaHide in x32/x64 dbg, then it crashes for some reason, is this a bug? Both with stealthy injection as with normal injection, the program crashes when I ...
- 55
0
votes
0
answers
165
views
How do I prevent the random alignment of the instructions during debugging using gdb? Even tried turning off the optimization with -O0 in gcc
I have started with the book 'Hacking: The art of exploitation!'. I know some of you might suggest that it's pretty old... But I think great buildings withstand due to their strong foundational base. ...
0
votes
0
answers
819
views
Program segfaults when ran with GDB
this is my first time posting a question here, so forgive me if I don't give enough details. I will provide any extra details that are requested.
Basically, I'm practicing a buffer overflow, and I'm ...
2
votes
1
answer
281
views
Is it dangerous to publicly surf the web while my browser is being run in an IDE?
While developing web software, I typically run a browser (chrome) from my IDE. Here's an example launch.json in VSCode:
{
// Use IntelliSense to learn about possible attributes.
// Hover to ...
- 888
0
votes
1
answer
188
views
pvefindaddr p2 in mona?
Is there a !pvefindaddr p2 (search for all pop/pop/ret combinations in the entire process memory space) equivalent in mona.py?
Alternatively, is there any option to run pvefindaddr in latest versions ...
1
vote
0
answers
121
views
How to debug javascript code with Windows functions on Linux?
I am a beginner in analyzing javascript code on Linux and whenever the code is for a Windows machine I cannot proceed with debugging because there are undefined functions.
Examples:
GetObject(_6078(1),...
- 13
1
vote
0
answers
303
views
Penetration testing framework for Windows Desktop applications
Is there a burpsuite-like framework for Windows Desktop applications? I.e. I'm looking for something that would allow me to intercept user-input data sent to my application for manipulation to test ...
- 11
4
votes
1
answer
1k
views
Why does my RIP value change after overwriting via an overflow?
I've been working on a buffer overflow on a 64 bit Linux machine for the past few days. The code I'm attacking takes in a file. This original homework ran on a 32-bit system, so a lot is differing. I ...
1
vote
0
answers
185
views
How do you catch sigtrap so your malware will still run while being debugged?
I have written a small shellcode but it is trapped at execve() by the debugger if it is attached. Can this be bypassed? Note that I can add any instructions to my shellcode, but I don't have root ...
- 11
0
votes
1
answer
3k
views
Instead of JMP ESP can we use it's opcodes?
In a buffer overflow exploit, when we use a JMP ESP instruction to jump to the ESP, instead of using the address of the JMP ESP, can't we use the opcodes of it?. I generated the opcodes of the JMP ESP ...
- 101
0
votes
0
answers
318
views
How to dump the input of a seccomp BPF filter?
I am writing a program that creates BPF seccomp filters. These filters are supposed to check syscalls and their arguments against predefined allowed values. The logic to check the syscall by its ...
- 197
1
vote
1
answer
4k
views
Suspicious HTTP Requests in my logs [duplicate]
I'm running a PHP application with a user management system called userspice. It basically allows you to include the userspice PHP file and then control access to a certain PHP page.
As I have seen ...
- 11
1
vote
1
answer
2k
views
Can't overwrite EIP in bufferoverflow example
I am trying to make a simple buffer-overflow exploit on an example program to understand binary exploitation a bit better. The goal is to simple write shellcode on the stack and execute it.
However, ...
- 181
0
votes
0
answers
1k
views
How can I test if/how STIR/SHAKEN is working on my incoming calls? Both for detecting spoofed caller ID AND [bad sources]
How can I test if/how STIR/SHAKEN is working on my incoming calls? Both for detecting spoofed caller ID AND calls from disreputable (NON-'A' attestation) service providers/carriers/sources.
I'm ...
2
votes
1
answer
3k
views
CTF setup for debugging heap exploits
I'm currently studying binary heap exploitation (mainly the glibc (ptmalloc2) implementation), for CTF competitions. The problem I'm facing is debugging challenges designed for a certain glibc version....
2
votes
1
answer
1k
views
Memory address problem in GNU Debugger
I'm new to gbd. I've wrote a simple program which will print hello world 10 times(I've listed the program in the screenshot). Then I've displayed the assembly language and set the break point to main ...
- 197
1
vote
0
answers
178
views
How would you follow all JavaScript calls after a click?
I'm using Google Chrome developer tools.
Let's say I'm performing a bug bounty activity.
I found an obfuscated JS. I know user data goes into this JS and goes out encrypted.
I found a few files called ...
- 11
4
votes
1
answer
1k
views
What mechanisms prevent me from "ptraceing" a signed OSX application?
I want to debug an application I have installed on my Mac.
The application comes in a ".app" format, which is basically a folder including the binary and some other frameworks and resources.
I was ...
- 173
2
votes
1
answer
522
views
How to use "jmp" in ROP
I'm trying to put together a ROP chain. I'm looking for a gadget to do the following:
mov rdi, rdx ; mov rbp, rsp ; ret;
But instead, I have a gadget like this :
mov rdi, rdx ; mov rbp, rsp ; jmp ...
- 31
1
vote
0
answers
1k
views
Buffer bomb level 3 - Prevent stack corruption
I am trying to complete level 3 of buffer bomb lab. The task is to supply an exploit string that will cause getbuf to return my cookie (0x4b64b076) back to test, rather than the value 1. The exploit ...
- 111
0
votes
1
answer
576
views
Exploiting vulnerabilities in the C code
I'm preparing for an introductory information security examination in university and this is one of the examination questions on Secure Programming.
In such questions, I would usually catch for ...
1
vote
0
answers
213
views
Calling Powershell script from external program passing an argument
I have an external program which calls a PowerShell script with a random secret identifier as a single argument. The PowerShell script needs to return the same random secret id when it calls the REST ...
- 11
2
votes
1
answer
2k
views
Is the developer mode like the opened door for hackers to debug the mobile app?
The very good security recommendation is: the mobile app should check if the developer mode is turned on and it should not start. Both in android and iOS. Do you agree with this sentence? What the ...
- 39
5
votes
4
answers
1k
views
What is the use of disabling detailed exception pages on open-sourced apps?
Frameworks for web apps typically can run in either production mode or development mode. One of the major differences between the two modes is how exceptions are handled: in development mode the ...
- 6,851
10
votes
5
answers
27k
views
Does GHIDRA have a debugger?
Does GHIDRA have a debugger attached for dynamic analysis of application?
- 101
1
vote
1
answer
139
views
Masking configuration of physical workstation
Environment:
Physical workstation, HP, Dell, etc
Windows 7,8,10, no matter
Windows executables
Our goal:
For additional privacy, is it possible to wipe/change all configuration that can be read by ...
- 31
5
votes
2
answers
6k
views
Why does my stack contain the return address to __libc_csu_init after main is initialised?
I wrote a simple program in C, compiled it, opened it in gdb, set a breakpoint at line 11 and inspected the stack.
1 #include<stdio.h>
2
3 int main(int argc, char *argv[]){
4 char ...
- 151
2
votes
0
answers
398
views
How to extract the information about the stack or EIP/RIP registers from the ASAN (sanitizer) crash output?
I am testing Netwide Assembler(NASM) and verifying the latest bug [CVE-2018-10254] Stack-buffer-overflow (out of bound read).
I am trying to overwrite the EIP/RIP and make it crash but I don't know ...
- 51
0
votes
2
answers
231
views
Is revealing login name of macOS into internet a security risk?
For example, sometimes I need to post debug messages to internet like this:
No such file : /Users/xxxxx/Documents/test.sh
My question is, is forgetting replacing the login name into xxxxx a security ...
- 535
1
vote
2
answers
4k
views
Unable to understand $EIP changes with Buffer Overflow
I am learning Buffer Overflow, so the question might seem silly but here it is.
I started with this very simple buggy program
int main(int argc, char *argv[])
{
char buf[128];
printf("You entered ...
- 201
1
vote
0
answers
252
views
Why is there no SEH handler found in Windows 10?
I use immunity debugger and mona.py to find SEH pointer in Windows 10. Command is !mona seh.
But it says no pointer is found.
I want to know what has changed in Windows 10 to protect against this ...
- 71
-2
votes
1
answer
188
views
If I put a variable in the private section of a class, will the variable have more protection againsted reverse engineering? [closed]
class LockdownUnlock{
private:
/*snip*/
std::string rootCertificate; //Will this protect the data?
/*snip*/
public:
/*snip*/
}LDUnlock;
- 15
2
votes
1
answer
1k
views
Buffer Overflow CTF challenge
I am having trouble solving a challenge that requires using a buffer overflow to overwrite the return address and call another function that gives a shell. The program prompts the user for input, ...
- 31
3
votes
1
answer
8k
views
Buffer overflow: Why does the ESP Register change its value after access violation
Background: Currently trying to exploit a BoF vulnerability. After setting up the environment, running a compiled C program that contains the strcpy function, I disassembled the program as it's ...
- 375
1
vote
0
answers
190
views
Android Debugging: Error accessing memory address [closed]
I'm attempting to debug different native binaries in my Android device using the adb shell and gdbserver.
I receive the following error when i place a breakpoint in a program using gdb and continue ...
- 11
3
votes
1
answer
372
views
Methods for analysing android app on runtime [closed]
I want to analyse security of android app by monitoring its behaviour on runtime. I need to monitor variables modifications, accesses and api calls while android app is running on the device. I tried ...
- 151
2
votes
2
answers
5k
views
Debugging SUID for privilege escalation
When doing privilege escalation, assuming an application with the SUID set and a debugger, what stops us from starting a shell from within the debugger? I mean just write the shell code in an ...
- 151
13
votes
2
answers
2k
views
Malware sandbox detection
I started some reverse engineering exercises using Ollydbg, IDA Pro and other tools like Sysinternals suite, etc. Some of these exercises are about malware. I downloaded some different malware from ...
- 5,395
1
vote
0
answers
1k
views
Trick needed to make use of a local buffer overflow vulnerability to obtain root
I am working on a certain CTF trying to gain root privileges in it, I found a vulnerable program to buffer overflow vulnerability with Non executable stack security level (NX), I developed an exploit ...
- 44
6
votes
2
answers
47k
views
return to libc- finding libc's address and finding offsets
So I tried performing a return-to-libc according to https://sploitfun.wordpress.com/2015/05/08/bypassing-nx-bit-using-return-to-libc/ .
I found libc's address by using "ldd vuln", and found system's ...
- 73
1
vote
1
answer
800
views
Shell not always escalating privileges in narnia
I'm going through the various overthewire wargames and I have a question about narnia0. The code in c contains
if(val==0xdeadbeef)
system("/bin/sh");
else {
printf("WAY OFF!!!!\n");
I got it to work ...
- 63
1
vote
0
answers
408
views
How to debug a particular .c or .cpp file of AOSP?
I'm interested in security stuff and I want to start with Android devices to test this OS. I've seen that there are many exploits for Android (the most famous is the StageFright case) and I'm also ...
- 129
2
votes
0
answers
419
views
What are your favorite BLE (Bluetooth Low Energy) sniffing tools? (Hardware and Software) [closed]
I will soon need to debug BLE communication for a newly developed BLE device.
What are your favorite BLE (Bluetooth Low Energy) sniffing tools? (Hardware and Software)
- 581
0
votes
2
answers
2k
views
Buffer Overflow: Advice on exploiting
int play() {
int a;
int b;
char buffer[010];
a = 0x41414141;
b = 0x42424242;
if (write(STDOUT_FILENO, "For a moment, nothing happened. Then, after a second or so, nothing ...
- 307
4
votes
1
answer
583
views
several questions about linux kernel debugging - memory examination
I've read this Does Linux kernel use DEP for kernel memory?
but I'm debugging linux kernel (x86_64) on Vmware using vmware stub. I've attached gdb to my linux kernel.
the kernel version is 3.x
and I ...
- 41
1
vote
2
answers
8k
views
How does Server-side Handle the same multiple requests at the same time?
According this YouTube video:
https://www.youtube.com/watch?v=oIkhgagvrjI&feature=youtu.be&t=7m19s
YouTube Videos views are frozen at 300 until they're verified, sometimes at 301 or even up to ...
user111609
4
votes
2
answers
1k
views
How attaching to a process with a debugger can compromise system's security?
Visual Studio shows a warning, trying to attach to a different user's process:
Searching for an explanation, I've found the MSDN article, claiming that:
An untrusted process that contains malicious ...
- 323
11
votes
1
answer
3k
views
Does analysing Malicious code in gdb pose a security risk?
I have encountered a Malicious Shell-Code & i have ported the shellcode into a compatible C Code which can run the shellcode, i compiled it using
gcc -fno-stack-protector -z execstack shellcode.c ...
- 464