Skip to main content

Buffer Overflow for Binary

Often, we don't have access to source code and want to discover vulnerabilities in executable files. In the drills/tasks/overflow-for-binary/support/ directory of the laboratory resource archive, you will find an executable file. Using ghidra or gdb for investigation, discover how to exploit the buffer overflow vulnerability to make the program display the message Great success.

IMPORTANT To run ghidra on the overflow_in_binary executable file, you need to create a new project and import the executable file. Ghidra will automatically detect the file format. Run the analysis of the executable, then search in the Symbol Tree for the main function. HINT Identify in the disassembled code how input is passed to the program. Identify where the buffer overflow occurs. Identify the comparison condition you want to trigger. Then build the corresponding payload and deliver it in the appropriate format to the program.

If you're having difficulties solving this exercise, go through this reading material.

WARNING If you try using a payload generated with python and it doesn't work, try simply copying its content in the terminal

Resources

If you found the laboratory interesting in a positive way, you can learn more about this type of attack, as well as cybersecurity in general, on this channel.