Basic Linux Exploit – Buffer Overflow – Part 3 – Exploiting buffer overflow with small buffer

Tram Ho

Hello everyone, following the previous part, this part I will introduce the mining method with small buffer. As before, our buffer has a size of 64 bytes, enough to contain the shellcode and modify the return address. However, in this part, the buffer is only 10 bytes in size, let’s learn the mining method below using environment variables.

1. Add shellcode to environment and get env address with C code

On linux, to add env we can simply use with cmd export, we add shellcode like the previous part to env as follows:

Then, create a c file to proceed to get the shellcode address:


We actually compile the file: gcc -m32 get_env.c -o get_env Test run we get the following results:

Ok, we have the address of the shellcode, next do a debug with gdb to find the offset to modify the return address.

2. Debug with gdb find offset eip and write exploit file

We have the file small_buff.c

Compile: gcc -m32 -z execstack -mpreferred-stack-boundary=2 small_buff.c -o small_buff

Debug with gdb: We create a pattern to find the offset (you need to install gef, the link is in part 1):

Run the file with the input you just created

We get the result that the program stops at 0x61666161, use the following statement to find the offset

So offset = 18, we write file

Run the program and I get 1 shell

Share the news now

Source : Viblo