Exploiting a GOT overwrite
Source
The very simplest of possible GOT-overwrite binaries.
Infinite loop which takes in your input and prints it out to you using printf
- no buffer overflow, just format string. Let's assume ASLR is disabled - have a go yourself :)
Exploitation
As per usual, set it all up
Now, to do the %n
overwrite, we need to find the offset until we start reading the buffer.
Looks like it's the 5th.
Yes it is!
Now, next time printf
gets called on your input it'll actually be system
!
If the buffer is restrictive, you can always send /bin/sh
to get you into a shell and run longer commands.
Final Exploit
64-bit
You'll never guess. That's right! You can do this one by yourself.
ASLR Enabled
If you want an additional challenge, re-enable ASLR and do the 32-bit and 64-bit exploits again; you'll have to leverage what we've covered previously.
Last updated