In this series, I demonstrated how to exploit a buffer overflow vulnerability in a network daemon handling TCP connections.
I showed how to bypass the stack-based buffer overflow by using a write-what-where expression to control the instruction pointer, and then I jumped to a more complex exploit in which we needed to find another way to redirect the instruction pointer to our shellcode.
Finally, we crafted a working exploit and successfully received a reverse TCP shell from the target server.
We also covered some basic Exploit-game tactics, such as avoiding bad characters, finding a suitable POP POP RET sequence, and creating a reliable shellcode.
For the record, this server is vulnerable due to a buffer overflow in the execution of the strcpy() function, which could lead to full control over the system.