Stack

What is?

The stack is a structure of data in the memory of a program, it is used to save information about the state of the program, such as local variables, return addresses and other information. Since in the stack is stored the return address of a function, if we are able to change it we can change the flow of the execution flow of the pogram and execute arbitrary code.

Stack structure

The stack structure is the following:

• Return address
• RBP (Base pointer)
• Program local variables

As discussed before, the return address is the address where the function will return after it finishes. The RBP is the base pointer of the stack of the previous function. For example think about the following callback: main() -> foo() when we are in the foo() function the base pointer is pointing to the base of the main stack. Then there are the local variables of the function, for example variables declared in the code.

As you can imagine the stack is a structure that is created for each function call, and it is destroyed when the function returns. So every time a function is called, a new stack is created. Here is a image of the stack structure:

The key idea is to try to change the return address with something that we can control, so we can execute arbitrary code and get our flag!

There are some function in the libc (The C standard library) which aren’t safe and therefore shouldn’t be used, here a small list of them: strcpy, gets, strcat, sprintf, scanf, etc. These function don’t check if the size of the destination buffer is big enought to contain the data that we want to write.