Skip to content

Commit

Permalink
Update MobileHackingLab-Android-Stack-Overflow-Writeup.md
Browse files Browse the repository at this point in the history
  • Loading branch information
kousha1999 authored Sep 26, 2024
1 parent b3897ed commit 1695cf4
Showing 1 changed file with 10 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -219,3 +219,13 @@ In this code:
* We use `recvuntil` to receive and display the welcome message, confirming that the connection is successful and ready for further interaction.

This sets up the initial communication with the server before moving on to exploiting the vulnerabilities.

### 2. Leaking the Stack Address

In the second step, the goal is to leak an address from the **stack region**. Why is this important? Leaking a stack address helps us locate the **top of the stack**, which will be crucial later when pointing to the arguments for the `system()` call.

### Why Bother with This?

We need to perform this stack leak because modern security mechanisms, like **stack canaries**, **NX**, and **RELRO**, make it difficult to exploit vulnerabilities directly. These protections are designed to prevent traditional exploitation methods. However, by leaking memory through the **format string vulnerability**, we can gather enough information to bypass these defenses and continue with our exploit.

In short, the memory leak helps us bypass the security features that are otherwise preventing direct exploitation, allowing us to control execution flow with precision.

0 comments on commit 1695cf4

Please sign in to comment.