For this exploit tutorial we gonna use the Stack5 challenge from exploit-exercises. Okay, we save the file and compile it and we get this message: Even gcc informs us we use a vulnerable function! Damn! That means this attack is not going to be that easy for real life targets as long as the compiler informs the developers they have used an exploitable function. Note that we have every protection(ASLR, NX etc) disabled on this machine so the real life exploitation won't be that simple for sure. Let's start by debugging the program with skid's favourite debugger Exactly, GDB! Type ` gdb ./stack5 ` and disassemble the main function to take a look at what this program does. At this point we can see by ourselves the program is calling the gets function. Nice, let's try to overwrite the return address to take control of the program flow. The program tried to return at 0x41414141 that of course is not a valid address. That means we ov
Ret2libc is a very common buffer overflow attack. Let's see what WikiPedia has to tell us about this attack to get a better view of the exploitation method: A "return-to-libc" attack is a computer security attack usually starting with a buffer overflow in which a subroutine return address on a call stack is replaced by an address of a subroutine that is already present in the process’ executable memory, bypassing the NX bit feature (if present) and ridding the attacker of the need to inject their own code. If you had difficulty understanding this there is no problem because we will get our hands dirty on the next walkthrough of the attack. =====EXPLOITATION===== First step is to compile the executable with the command "gcc code.c" We have made a code.c file with the source code of Stack6 challenge on exploit exercises. #include <stdlib.h> #include <unistd.h> #include <stdio.h> #include <string.h>