I was trying to solve SEED security lab regarding buffer overflow attack but in that exercise we get buffer address and ebp and thus offset of it. so we are able to guess where the return address is stored. I know that without getting ebp and calculating offset you can also do this attack by writing the return address every 4 bytes until the maximum possible range of buffer(Let's assume I know maximum size of the buffer and starting address of buffer). now my question is what if we just know the maximum size of buffer and not the starting address of buffer? How can we do this attack? My vulnerable program is using strcpy() function. Link to exercise is below(task 4). Full exercise link from SEED labs
Asked
Active
Viewed 376 times
