In the previous post we explained how stack-based buffer overflows work. In the last exercise, we inserted the shellcode in the stack. However, this might be a problem. What happens if the shellcode doesn’t fit in the stack? We can store it in an environment variable.
Manually store shellcode in env var
We will export the shellcode manually and use it in our exploit.
Let’s keep working with the notesearch program (the last exercise of the previous post). Remember that the shellcode was \x48\x31\xf6\x56\x48\xbf\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x57\x54\x5f\x6a\x3b\x58\x99\x0f\x05. We need to export it as a binary into the env var. Otherwise, the code won’t be executed.