Buffer Overflows
Finding the Offset
Let's casually find the offset by printing "A" in python and passing it to the binary until Segmentation fault.
Check the Security Properties of Binary
Ghidra Code Browser
fgets() is vulnerable to buffer overflow.
In GDB-PEDA, the command x/wx $rsp
is used to examine the memory content at the address pointed to by the stack pointer ($rsp
). Let's break down the command:
x
: This is the "examine" command in GDB, used to inspect memory content./wx
: These are the modifiers for the examine command. The/w
specifies that we want to display the memory as a 32-bit word (4 bytes), and the/x
specifies that we want to display the memory content in hexadecimal format.$rsp
: This is a GDB register variable representing the stack pointer. The stack pointer holds the memory address of the top of the stack.
Putting it all together, x/wx $rsp
will show you the 32-bit word at the memory location pointed to by the stack pointer in hexadecimal format.
Open Port using Socat on Target
Create BOF exploit using PwnTools Library
Execute Exploit and Gain shell
Last updated