Background
Before you learn how to exploit a buffer overflow, you should understand how a software use memory.
I recommend you should read this https://manybutfinite.com/post/anatomy-of-a-program-in-memory/.
It is a relatively easy to understand the memory structure of a program, pretty much self explained.
Anatomy of memory In short
LocationSegmentDescriptionTopKernelOS usageStack
(Grows Down)Software function,
variablesHeap
(Grows Up)Global variables,
not assigned from software,
for C/C++, need to use
(malloc/calloc/free) to manipulateBottomText Segmentbinary, images, immutable
more example between Stack & Heap
https://www.gribblelab.org/CBootCamp/7_Memory_Stack_vs_Heap.html
Different languages have different implementations.
For example, NodeJS store Object in Heap, variables in Stack.
You may check for the refs upon hacking different systems.
What is inside stack?
LocationSegmentDescriptionTopExtended Stack PointerCalling from top to bottom,
fixed memory spaceBuffer SpaceDynamic memory spaceExtended Base PointerExtended Instruction Pointermain programming memory manipulationBottomReturn Address
More: http://www.godevtool.com/GoasmHelp/usstack1.htm
So what is buffer overflow?
LocationSegmentDescriptionTopExtended Stack PointerCalling from top to bottom,
fixed memory spaceBuffer Spacethrow shit load of junk data hereExtended Base Pointerif the code has poor sanitation,
we can keep poisoning the junk data
until the return addressExtended Instruction PointerBottomReturn Addresshere is the trick,
point it into our root shell code here
So, basically, buffer overflow is
- trying to fill up a function point memory space,
- try to manipulate the return address,
- or even better, inserting a rootkit on the return address.