Page 1 of 1

More info on Apache Overkill Buffer overflow

Posted: Wed Oct 02, 2019 10:40 pm
by 00dc
Hi guys,

I tried to recreate the apache overkill buffer overflow and realised I had control over a1 and t1. The program crashes when loading t1 in t0 with the 'lb' instruction. Makes sense as t1 is holding more than a byte. I'm just wondering how exactly they made this into a useful exploit (as in how did they influence the return address using a temp register). I posted a screenshot of my diassembly below.