Exploiting a Partial Return Address Overwrite - Exploit Dev 10

🔥 Learn How to Bypass ASLR using a partial RET overwrite
👨‍💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon:   / guidedhacking  
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking

🔗 Article Link: https://guidedhacking.com/threads/bin...

🔗 Exploit Education: https://exploit.education/phoenix/sta...

📜 Video Description:
Bypassing ASLR without leaking a memory address? By utilizing a partial instruction pointer overwrite this exploitation technique becomes possible. What do we mean by that? We are talking about overwriting a portion of the return address.

So far, the goal every time was to completely overwrite the return address, which led to full control over the instruction pointer (EIP/RIP, depending on the architecture) when writing binary exploits.

Alternatively, one could also overwrite just parts of the return address, leading to partial control over the instruction pointer.

There are two reasons why an attacker might do this:
1) Because of limitations, controlling the whole RIP is impossible.
2) There is no info leak that could be used to bypass ASLR

Interestingly, different technologies or architectures use different kinds of endianness in certain situations. Modern computers use little-endian when working e.g. with memory and CPU registers. Because of that, a buffer long enough to exploit a buffer overflow will first overwrite the "last" byte of the return address.

📝 Timestamps:
0:00 Analyzing Source Code
1:27 Partial RET Overwrite Explained
2:14 GDB Setup and Analysis
3:27 Join GuidedHacking.com
3:57 Return Instructions
4:50 Target Address Identification
6:11 Base Pointer Adjustment
7:00 Writing the Exploit Script
8:16 Exploit Execution & Results

✏️ Tags:
#exploitdevelopment #bufferoverflow #reverseengineering
partial ret overwrite
guidedhacking
exploit dev
partial return address overwrite
exploit development
partial return overwrite
buffer overflow
partial ret overwrites
exploit development course
partial return overwrites
partial return address overwrites
guided hacking
buffer overflows
binary exploitation
ethical hacking
exploit development tutorial
binary exploitation tutorial
binary exploit development