| description | cover | coverY | layout | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
5-30-2024 |
-73 |
|
👋 Now welcoming... a special guest, our victim program!!!! Be sure to give it an overwhelming amount of love and support, just be sure not to overdo it or unexpected results may follow suit 😝
.png)
=
simple-bof.c:
#include <stdio.h>
#include <stdlib.h>
int main() {
puts("Hello, welcome to the deep dive into a super simple, textbook stack-based buffer overflow!!\n");
puts("Let me first create a super SECURE buffer for us to store our user input ;)\n");
char buf[50];
puts("[+] Okay, our secure buffer has been created\n");
puts("What could possibly go wrong if we use gets() to handle our input?\n");
puts("Enter some data...");
gets(buf);
puts("We're still alive, right?");
return 0;
}Be sure to compile with the following options for an easy follow along with this write up!
gcc simple-bof.c -o simple-bof -g -fno-stack-protector -z execstack -no-pie
I will need to learn more about ARM-based exploitation such as the x30, link register (this holds the return address) and relative addressing. Once I feel confident in these realms, I will be finishing this post.