Overwrite eip twice for buffer overflow? – Digitalmunition

Overwrite eip twice for buffer overflow?

Home Forums Overwrite eip twice for buffer overflow?

This topic contains 1 reply, has 2 voices, and was last updated by  B1tninja 1 month, 3 weeks ago.

  • Author
  • #231919


    So I have a binary I’ve been tasked with exploiting. However, I need to have root privileges to execute
    a function in it that (hopefully) gives the password.

    There is a function in the program that gives root privileges which I can run with a buffer overflow and pointing assigning the eip to the function’s address. The problem is that the moment the program stops root privileges are then lost and the privileges function does not take an input so there’s no option of a second overflow.

    So I need to overflow the buffer to execute the `privilege` function which I’ve done, but I was wondering if there is way to overwrite the eip “twice” so that the second function can be executed after?

    Here’s what I need to do in pseudocode form:

    ./binary $(<padding>*100 + <address of privilege function> + <way to overflow a second time to run next function>

    Any tips or help here would be much appreciated.

  • #231920


    We would need to see the disassembly of the area you’re overwriting

You must be logged in to reply to this topic.