CompTIA
PT0-001 · Question #119
PT0-001 Question #119: Real Exam Question with Answer & Explanation
The correct answer is A: Stack pointer register. In a stack-based buffer overflow, the attacker overflows the buffer to corrupt stack memory, allowing manipulation of the stack pointer to redirect execution flow to attacker-controlled code.
Attacks and exploits
Question
Which of the following CPU register does the penetration tester need to overwrite in order to exploit a simple buffer overflow?
Options
- AStack pointer register
- BIndex pointer register
- CStack base pointer
- DDestination index register
Explanation
In a stack-based buffer overflow, the attacker overflows the buffer to corrupt stack memory, allowing manipulation of the stack pointer to redirect execution flow to attacker-controlled code.
Common mistakes.
- B. The index pointer register is not a standard x86 architecture register targeted in simple stack-based buffer overflows; controlling execution requires corrupting the stack's return address, not an index register.
- C. The stack base pointer (EBP) defines the base of the current stack frame but overwriting it alone does not redirect execution to attacker-controlled memory without also controlling the return address.
- D. The destination index register (EDI) is used for string and memory copy operations and has no role in controlling the return address or execution flow during a simple stack-based buffer overflow.
Concept tested. Stack-based buffer overflow execution control
Reference. https://owasp.org/www-community/vulnerabilities/Buffer_Overflow
Topics
#buffer overflow#CPU registers#stack pointer#exploit development
Community Discussion
No community discussion yet for this question.