Tags: c++ buffer-overflow string got one_gadget arbitrary-read
Rating:
In `SECCON 2018 - profile` challenge, there is a `buffer overflow` vulnerability which leads to overwriting the `return` address. In this challenge, we need to have a good understanding of `string` class's internal memory layout. Using this vulnerability, we can overwrite a string's internal pointer which gives us an `arbitrary read`. We first leak the `canary` value, then leak `read@GOT` address to find `libc` base address, and finally overwrite the return address with `one gadget` to execute `/bin/sh`. This is an interesting `C++` challenge to learn bypassing protections like `NX`, `Canary`, `Partial RELRO`, and `ASLR` in `x86_64` binaries.