Store shellcode in environment variable
<p>In the <a href="https://medium.com/@danielorihuelarodriguez/stack-based-buffer-overflows-6d8e17764c4c" rel="noopener">previous post</a> we explained how stack-based buffer overflows work. In the last exercise, we inserted the shellcode in the stack. However, this might be a problem. What happens if the shellcode doesn’t fit in the stack? We can store it in an environment variable.</p>
<h1>Manually store shellcode in env var</h1>
<p>We will export the shellcode manually and use it in our exploit.</p>
<p>Let’s keep working with the <code>notesearch</code> program (the last exercise of the previous post). Remember that the shellcode was <code>\x48\x31\xf6\x56\x48\xbf\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x57\x54\x5f\x6a\x3b\x58\x99\x0f\x05</code>. We need to export it as a binary into the env var. Otherwise, the code won’t be executed.</p>
<p><a href="https://medium.com/@danielorihuelarodriguez/store-shellcode-in-environment-variable-1058062b8b5e"><strong>Learn More</strong></a></p>