Master the fundamental concepts of binary exploitation through this focused micro-challenge.
By overflowing a buffer on the stack, an attacker can overwrite the saved return address of the current function. When the function returns, the CPU pops this corrupted address into RIP, diverting execution to an attacker-chosen location.
The key step is finding the exact byte offset from the buffer start to the return address:
char buf[16] gives offset = 16 + 8 = 24 bytes to the return addressTools like pwntools' cyclic() and GDB's pattern_create automate finding this offset by generating unique byte sequences.
You will calculate and document the exact offset to the return address and simulate overwriting it with a controlled value. This offset-calculation technique is what CTF players and pentesters use to hijack RIP in real vulnerability exploitation.
After finding the offset, you place a target address at exactly that byte position. In a real exploit, the address might point to shellcode (pre-NX), a ROP gadget (post-NX), or a win() function in a CTF binary. GDB's x/20gx $rsp shows the stack layout live, confirming your offset calculation before you build the final payload with a tool like pwntools.
Implement a C program that demonstrates return address overwriting.
Requirements:
Success Criteria:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github