In my previous blog post, I covered the development of a buffer overflow exploit for a simple vulnerable program with overflow protections disabled. In this post, I will demonstrate bypassing DEP/NX using return oriented programming.
A stack buffer overflow occurs when a program writes more data to the stack than what is allocated to the buffer. This results in the extra data overwriting possibly important data in stack and causing the program to crash or to execute arbitrary code by possibly overwriting the instruction pointer and hence being able to redirect the execution flow of the program.
I used Evan’s debugger to demonstrate the buffer overflow on Kali Linux.