Master the fundamental concepts of binary exploitation through this focused micro-challenge.
A stack buffer overflow occurs when a program writes more data into a stack-allocated buffer than it was designed to hold. The excess bytes overwrite adjacent memory, including the saved frame pointer and return address, potentially hijacking execution.
On x86-64, the stack grows downward with this layout (high to low addresses):
When strcpy(buf, input) writes past a char buf[16], the overflow corrupts RBP first, then the return address. On function return, the CPU jumps to the attacker-controlled address.
Vulnerable functions include gets(), strcpy(), strcat(), and sprintf() because they perform no bounds checking.
You will demonstrate a stack buffer overflow conceptually, printing the stack layout before and after corruption. Understanding this mechanism is the foundation for every stack-based exploitation technique in the rest of this subtrack.
Draw the stack from high to low addresses: return address at the top, saved RBP below it, then your buffer. A 24-byte write into a 16-byte buffer overwrites 8 bytes of saved RBP and 8 bytes of return address on x86-64. Defensive coding replaces strcpy with strncpy or snprintf, and compilers emit stack canaries when you build with -fstack-protector. Legacy codebases still contain unchecked copies.
Implement a C program that demonstrates a stack buffer overflow.
Requirements:
Success Criteria:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github