Buffer Overflow Explained | P23 | HackTheBox Pwnshop

We covered another case of a binary vulnerable to buffer overflow but has some protections enabled such as NX and PIE. To get around these protections, we leaked a binary address and subtracted the address from a specific offset found by subtracting a start of the user input in memory from the start of the stack. Then we build the ROP chain consisting of GOT, PLT, setvbuf, system and /bin/sh offsets so that these gadgets will execute in the memory stack and return shell.. This was part of HackTheBox Pwnshop Intro to Binary Exploitation track.

Get Buffer Overflow Notes

Fully working exploit script can be found here

Flag

HTB{th1s_is_wh@t_I_c@ll_a_g00d_d3a1!}

Video Walkthrough

Buffer Overflow, CTF Writeups, HackTheBox, HackTheBox Pwnshop

Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles

Buffer Overflow Explained | P23 | Stack Pivot and Ret2libc | HackTheBox Pwnshop

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Press ESC to close

Buffer Overflow Explained | P23 | Stack Pivot and Ret2libc | HackTheBox Pwnshop

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Share Article:

You might also like

OffSec Proving Grounds: Crane Walkthrough | OSCP Prep

HackTheBox Spookypass Challenge Writeup

HackTheBox Permx Writeup