Stack-Based Exploitation

Overview

Stack-based vulnerabilities exploit how functions store local variables, saved registers, and return addresses on the stack. Corrupting these values gives an attacker control over program execution — redirecting it to shellcode, library functions, or chains of existing code (ROP gadgets).

Topics in This Section

• Buffer Overflow — classic stack buffer overflow, offset finding, return address control
• Return-Oriented Programming — bypassing NX with ROP chains, gadget finding, pwntools ROP
• Format String Vulnerabilities — arbitrary read/write via format specifiers, GOT overwrite

General Approach

1. Identify a vulnerable function (unsafe copy, missing bounds check, user-controlled format string)
2. Determine the offset to the return address or target value
3. Check binary protections — choose technique accordingly (direct shellcode, ROP, ret2libc)
4. Build the payload with proper address packing (little-endian)
5. Test locally, then adapt for remote targets