Overwrite eip twice for buffer overflow?
This topic contains 1 reply, has 2 voices, and was last updated by B1tninja 1 month, 3 weeks ago.
- April 8, 2020 at 8:07 am #231919
So I have a binary I’ve been tasked with exploiting. However, I need to have root privileges to execute
a function in it that (hopefully) gives the password.
There is a function in the program that gives root privileges which I can run with a buffer overflow and pointing assigning the eip to the function’s address. The problem is that the moment the program stops root privileges are then lost and the privileges function does not take an input so there’s no option of a second overflow.
So I need to overflow the buffer to execute the `privilege` function which I’ve done, but I was wondering if there is way to overwrite the eip “twice” so that the second function can be executed after?
Here’s what I need to do in pseudocode form:
./binary $(<padding>*100 + <address of privilege function> + <way to overflow a second time to run next function>
Any tips or help here would be much appreciated.
- April 8, 2020 at 8:07 am #231920
We would need to see the disassembly of the area you’re overwriting
You must be logged in to reply to this topic.