In this chapter, we will look at exploiting a stack-based buffer overflow in an older version of a Windows-based FTP server. As we did in Chapter 16, we will attempt to overwrite the return pointer saved onto the stack when a function is called, as shown earlier in Figure 16-3. When the function
function1, the next instruction to be executed is saved on the stack, and a stack frame for
function1 is added to the stack.
The size of
function1’s local variables is determined when the application is compiled and fixed. The amount of space “reserved” on the stack for these local variables is fixed, too. This reservation is called a stack buffer. If we put more data in the stack buffer than ...