☠️
smadi0x86 Playground
  • πŸ’€Welcome to smadi0x86 Playground
    • 🍷Resources
    • 🚬Projects
    • πŸŽ“Certifications
    • πŸ“ŒPinned
    • ❓Questions
    • πŸ“žContact
  • 🏞️Cloud Native
    • Docker
      • Quick Reference
      • Introduction
      • Containers
      • Images
      • Storage & Volumes
      • Security
      • Cheatsheet
    • Git
    • Serverless Framework
    • YAML
  • πŸ”¨Software Engineering
    • System Design
    • Environment Variables
    • JSON Web Tokens
  • πŸ‘ΎArchitecture
    • C Language
      • Introduction
      • GCC Compilation
      • Libraries & Linking
      • I/O
      • Files
      • Pointers
      • Dynamic Memory Allocation
      • Data Types
      • Strings Manipulation
      • Bit Manipulation
      • Pre-processors
      • Macros
      • Type Qualifiers
    • C/C++ Build Systems
      • Fundamentals for Linking
      • Symbolic Linking
      • Cross-Platform Compilation
      • CMake for Building and Linking
      • Shared Libraries
      • Dynamic Linking and Dependency Management
    • Operating Systems
      • OS & Architecture
      • Processes
      • CPU Scheduling
      • Memory Management
  • πŸ›©οΈCyber Warfare
    • Flight Physics
    • Communication
      • PWM & PPM
      • MAVLink
  • πŸ΄β€β˜ οΈOffensive Security
    • Active Directory
      • Introduction
    • Web Attacks
      • Server Side
        • OS Command Injection
        • Information Disclosure
        • Directory Traversal
        • Business Logic
        • Authentication
        • File Upload
        • SSRF
      • Client Side
        • CSRF
        • XSS
    • Recon
      • Active
        • Host discovery
        • Nmap
        • Mass Scan
      • Passive
        • Metadata
      • Web Applications
        • Discovery
        • Subdomains & Directories
        • SSL Certs
        • CMS
        • WAF Detection
      • Firewall Evasion
  • Binary Exploitation
    • Stack Smashing
      • x86
      • x86_64
    • pwntools
      • Processes and Communication
      • Logging and Context
      • Cyclic
      • Packing
      • ELF
      • ROP
  • 😈Advanced Persistent Threat
    • C2
      • Sliver
    • Malware
      • Techniques
        • COFF Loader
      • Sektor7
        • Essentials
        • Common Techniques & APIs
  • πŸ’ŒCertifications
    • AWS Certified Cloud Practitioner (CLF-C01)
      • Cloud Foundations
      • Domain 1: Cloud Concepts
      • Domain 2: Security and Compliance
      • Domain 3: Technology
      • Domain 4: Billing and Pricing
    • AWS Certified Solutions Architect - Associate (SAA-C03)
      • Foundation
    • Certified Kubernetes Administrator (CKA)
      • Core Concepts
      • Scheduling
      • Logging & Monitoring
      • Application Lifecycle Management
      • Cluster Maintenance
      • Security
      • Storage
      • Networking
      • Design Kubernetes Cluster
      • Kubernetes The Kubeadm Way
      • Troubleshooting
      • JSONPATH
      • Lightning Lab
      • Mock Exams
      • Killer Shell
    • Certified Kubernetes Security (CKS)
      • Foundation
      • Cluster Setup
      • Cluster Hardening
      • Supply Chain Security
      • Runtime Security
      • System Hardening
      • Killer Shell
    • (KGAC-101) Kong Gateway Foundations
      • Introduction to APIs and API Management
      • Introduction to Kong Gateway
      • Getting Started with Kong Enterprise
      • Getting Started with Kong Konnect
      • Introduction to Kong Plugins
  • πŸ“œBlog Posts
    • Modern Solutions For Preventing Ransomware Attacks
Powered by GitBook
On this page
  • Difference between x86 & x86_64
  • Vulnerable code snippet
  • Trigger the overflow
  1. Binary Exploitation
  2. Stack Smashing

x86_64

Difference between x86 & x86_64

The first major difference is the size of memory address. No surprise here :) So memory addresses are 64 bits long, but user space only uses the first 47 bits; keep this in mind because if you specified an address greater than 0x00007fffffffffff, you'll raise an exception.

So that means that 0x4141414141414141 will raise exception, but the address 0x0000414141414141 is safe.

I think this is the tricky part while you're fuzzing or developing your exploit. In fact there are tons of others differences, but for the purpose of this paper, it’s not important to know all of them.

Vulnerable code snippet

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

int main(int argc, char **argv) {
    char buffer[256];
    if(argc != 2) {
        exit(0);
    }
    printf("%p\n", buffer);
    strcpy(buffer, argv[1]);
    printf("%s\n", buffer);
    
    return 0;
}

I decide to print the buffer pointer address to save time through the exploit development.

You can compile this code using gcc:

gcc -m64 bof.c -o bof -z execstack -fno-stack-protector

Trigger the overflow

Previousx86Nextpwntools

Last updated 10 days ago

Page cover image