The skill required for this challenge is basic buffer overflow, bypassing stack canary, and arbitrary code execution on the respectable vulnerability platform, Hack The Box.
The vulnerability is caused by a buffer overflow problem where the DumpStack class allows more bytes to be read from the stack than is intended, and the bounceBack function has no length or size validation.
After triggering the condition and identifying the offset, we continue with the buffer overflow to bypass the stack canary and finally get the address of the win function (duck_attack) on the stack and redirect the return address to it to win.
The main function is theentry point of our buffer overflow and the printable string “Quack Quack” will be used to find the exact offset. After that, we can overwrite the return address with the address to our win function (duck_attack).