Buffer Overflows on x64 Windows: A Practical Beginners Guide (Part 2): Exploitation

Introduction Welcome back. Mirrai here. In part 1 we covered the theory. The stack, RIP, and what a buffer overflow actually is. Now we get our hands dirty. By the end of this guide you should have a working exploit that gives you control of RIP and redirects execution to your own code. Before we start, make sure you have x64dbg and pwntools installed from part 1. You'll also need the vulnerable program we wrote. If you haven't read part 1, go do that first. Buckle up, this might take a while. For your convenience, here's the old vuln program code #include <stdio.h> #include <windows.h> int main() { setvbuf(stdout, NULL, _IONBF, 0); DWORD old_protect; char username[500] = {0}; VirtualProtect(username, 500, PAGE_EXECUTE_READWRITE, &old_protect); printf("What is your username?: "); gets(username); printf("%s %s\n", "Hello", username); } Compilation Before we can exploit anything we need to compile our vulnerable program with protections disabled. To be clear, buffer overf