Fundamentals of buffer overflow attacks and detection techniques

 Co esponding au ho : Bogdan Ba chuk
Copy igh © 2025 Au ho (s) e ain he copy igh o his a icle. This a icle is published unde he e ms o he C ea i e Commons A ibu ion Liscense 4.0.
Fundamen als o bu e o e low a acks and de ec ion echniques
Bogdan Ba chuk *
Independen esea che .
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 2895-2908
Publica ion his o y: Recei ed on 31 Janua y 2025; e ised on 19 May 2025; accep ed on 22 May 2025
A icle DOI: h ps://doi.o g/10.30574/wja .2025.26.2.1967
Abs ac
Bu e o e lows emain a majo secu i y isk o so wa e. The a icle p esen s he undamen als o inding bu e
o e low weaknesses and me hods o analyzing hem. Manual and au oma ed uzzing app oaches allow he disco e y
o possible ins ances o he s ack o e low a ack. Immuni y Debugge aids in disco e ing c ashes, sc u inizing egis e
clus e s, and p ecisely de e mining he poin a which bu e o e lows occu wi hin he memo y o a p og am. O he
app oaches o iden i ying and elimina ing such “badby es” a e also add essed. The s udy add esses app oaches o
bypassing he secu i y measu es implemen ed in con empo a y OSs such as ASLR and DEP. This pape p o ides sc ip s
and case s udies allowing secu i y expe s and esea che s o e ec i ely loca e, cha ac e ize, and emo e a mo e
ulne abili ies ela ed o bu e o e lows in many so wa e sys ems.
Keywo ds: Bu e O e low; Fuzzing Techniques; Exploi De elopmen ; Debugge Analysis; ASLR Bypass; Shellcode
Injec ion
1. In oduc ion
A bu e o e low ulne abili y is exploi ed when da a w i en o a bu e o e uns he bu e ’s alloca ed memo y, illing
s o age space ou side he bu e . In ei he case, he machine migh s op wo king o he in ude migh secu e
comp ehensi e con ol o e i by execu ing unwan ed commands. Acqui ing insigh s in o bu e o e low scena ios and
how hey can be iden i ied will enable you o de elop obus code ha is able o wi hs and ulne abili y a acks.
Tu o ials and simula o s a e now a ailable o each use s abou bu e o e low a acks and how hey unc ion. The
au ho s ha e designed an in e ac i e u o ial ha enables p og amme s o de elop he abili y o ecognize and espond
o such inciden s.
In addi ion, comp ehensi e in es iga ions in o bu e o e lows in la ge applica ions ha e shown ha his ype o
ulne abili y is qui e common and o en appea s in speci ic o ms. A eam o esea che s examined nume ous C/C++
p ojec s and de e mined he o igin as well as he main ea u es o bu e o e lows. The examina ion e eals ha
p o ec ing la ge so wa e p ojec s om bu e o e lows is ex emely challenging and emphasizes he need o
ad anced ways and de ices.
I has been obse ed ha a mix o educa ional ma e ials and empi ically-based s udies plays an essen ial pa in
enhancing skills and inno a ion in p o ec ing agains bu e o e low assaul s.
1.1. O e iew
A bu e o e low weakness occu s when da a is copied in o a memo y space ha 's less han he numbe o by es o
memo y ha can be alloca ed. These weaknesses may esul om inadequa e checks on da a en e ed by use s o lawed
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 2895-2908
2896
managemen o compu e memo y, en icing nume ous a acke s. Examples o me hods used by hacke s o exploi hese
ypes o ulne abili ies include inse ing da a h ough he command line, ne wo k connec ions, iles loaded by he
p og am o web o ms and ex ields. Unde s anding he o igins o weaknesses enables you o iden i y and deal wi h
hem wi hin so wa e.
The iden i ica ion o laws now elies la gely on sc u iny o e o s and he use o au oma ed es ing. Immuni y Debugge
enables you o moni o unc ions wi hin a p og am, analyze i s memo y s a e and explo e he easons behind memo y
o e lows in uns uc u ed da a. Examining he execu ion in de ail enables secu i y p ac i ione s o iden i y he o igin
o an o e low and de e mine how i a ec s he managemen o he p og am. Fuzzing can help loca e laws by
unco e ing he e ec s caused by exposing so wa e o a ange o a ied inpu s. I ensu es ha a ious ypes o in alid
inpu s a e injec ed in o he sys em o iden i y po en ial p oblems.
Mo e ad anced uzzing app oaches a e enhancing he abili y o expe s o ind bugs and weaknesses in compu e
so wa e sys ems. They p opose using a combina ion o s a ic and dynamic echniques o inc ease he e ec i eness o
unco e ing ulne abili ies in so wa e applica ions. Fo ins ance, Ho Fuzz has been implemen ed o loca e and
ep oduce issues like algo i hmic denial o se ice using a ge ed mic o- uzzing me hods.
Combining debugging and uzzing p o ides an e ec i e echnique o iden i ying and unde s anding secu i y laws
ela ed o bu e o e lows in di e en so wa e p oduc s.
1.2. P oblem S a emen
Iden i ying po en ial bu e o e low laws in cu en so wa e sys ems can be e y challenging. Mo e sophis ica ed
so wa e makes i inc easingly di icul o examine all he a ious o ms o inpu used in he p og am’s sou ce code.
Ad anced ope a ing sys ems in oduce andomiza ion echniques o p o ec ion agains bu e o e low exploi s.
None heless, his de elopmen signi ican ly complica es when de e mining bu e o e low laws in applica ions.
1.3. Objec i es
This a icle desc ibes me hods o disco e ing and aking ad an age o bu e o e low laws.
• Iden i ying he condi ions ha can make an inpu s ing suscep ible o exploi a ion in di e en ypes o
so wa e.
• In oducing he uzzing p ocess and ools commonly used o inding checking p og ams o ulne abili ies
ela ed o bu e o e lows.
• S eps p o ided o loca ing and examining he unde pinnings o bu e o e low e o s wi h Immuni y
Debugge .
• Discussing means o bypass ASLR and DEP o inc ease consis ency in loca ing and exploi ing bu e o e low
e o s in applica ion code.
1.4. Scope and Signi icance
The pape discusses me hods ha can be employed o iden i y and capi alize on o e lowing bu e laws. By ealizing
his objec i e i helps hose esponsible o es ing so wa e and diagnosing and esol ing simila p oblems in eal-
wo ld scena ios. Ca ying ou ou doo ac i i ies in ol ing he use o debugge s and uzze s pe mi s de eloping
s a egies ha can be applied in a ious se ings. The esul s p o ided con ibu e o enhancing an o ganiza ion’s
secu i y by allowing i o iden i y and espond e ec i ely o a ious kinds o cybe h ea s.
2. Li e a u e e iew
2.1. De ec ion o A ack Vec o s
Iden i ying bu e o e low ulne abili ies in ol es de e mining all a enues h ough which an a acke o e s da a o a
p og am. A acke s o en use CLI, GUI and ne wo k connec ions o inse da a ha could po en ially cause a bu e
o e low. Unde s anding he ea u es and ans e s o such in e aces enables he iden i ica ion o a eas wi hin hem
p one o o e low manipula ion.
Some so wa e ha u ilizes a CLI in e ace accep a ange o commands and pa ame e s om use s, some o which could
lead o memo y o e lows. Many GUI in e aces con ain a ious loca ions ha could allow an ad e sa y o injec da a
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 2895-2908
2897
ha could cause bu e o e lows. They highligh he signi icance o c ea ing secu e GUIs ins ead o insecu e ones. In
o de o p e en secu i y issues in a GUI, inpu alida ion and con ol is c i ical e e y ime i is used.
Using ne wo k in e aces in SDNs exposes he sys em o po en ial a acks since he con inual communica ion depends
on p o ocols. In SDNs, La i e al. (2020) ound ha p oblems wi h he in e ace p o ocols o en occu ei he due o using
he p o ocols in he w ong way o by mis akenly handling inpu s, esul ing in bu e o e lows. Iden i ying how da a is
ansmi ed o p ocessed wi hin he ne wo k p o ocols necessi a es u ilizing expe ins umen s.
Tools such as Immuni y Debugge and Mona help in analyzing a sys em’s beha io as di e en inpu s a e inpu ed. A
a ie y o ace-based me hods and comp ehensi e examina ion a e applied by secu i y p o essionals o loca e po en ial
loca ions whe e an o e low can ake place.
2.2. Fuzzing he Ta ge
Fuzzing is a undamen al echnique used in iden i ying bu e o e low ulne abili ies by sending unexpec ed o
mal o med inpu s o a p og am o igge abno mal beha io , such as c ashes o memo y co up ion. The co e concep
in ol es sys ema ically injec ing payloads o inc easing size o complexi y, o en composed o epea ing cha ac e s like
“AAAA,” o obse e how he a ge so wa e esponds.
A success ul uzzing a emp is ypically indica ed by an access iola ion o c ash in he a ge p og am, which can be
analyzed using debugging ools such as Immuni y Debugge . In he sc eensho p o ided (Image 1), he p og am
ulnse e .exe is shown c ashing wi h an access iola ion e o . The c i ical clue he e is he p esence o 41414141 in
se e al CPU egis e s, mos no ably in he Ins uc ion Poin e (EIP) egis e . The hexadecimal alue 41414141
co esponds o he ASCII cha ac e s “AAAA,” con i ming ha he inpu sen du ing uzzing has o e w i en he EIP. This
egis e con ols he low o execu ion in he p og am, and i s o e w i e signi ies a success ul bu e o e low, whe e
he a acke gains con ol o e he execu ion pa h.
Figu e 1 Access iola ion c ash in Immuni y Debugge showing 41414141 (ASCII "AAAA") o e w i en in he
Ins uc ion Poin e (EIP), indica ing success ul bu e o e low
Fuzzing can be pe o med manually by inc emen ally inc easing inpu sizes and moni o ing p og am beha io .
Howe e , au oma ion using sc ip s can expedi e he p ocess by sending ba ches o payloads wi h sys ema ically a ied
leng hs o con en s. The key is o ca e ully obse e when he p og am c ashes and co ela e he inpu size wi h he poin
o ailu e.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 2895-2908
2898
The e idence om Immuni y Debugge , such as he o e w i en egis e s and he access iola ion, p o ides in aluable
insigh s. I no only con i ms he ulne abili y bu also assis s in pinpoin ing he exac loca ion wi hin he bu e whe e
o e low occu s. This da a is essen ial o c a ing p ecise exploi payloads and u he ulne abili y analysis.
In summa y, uzzing combined wi h debugge analysis, as demons a ed in Image 1, o ms a c i ical ounda ion in
de ec ing and exploi ing bu e o e low ulne abili ies, enabling esea che s o iden i y weak poin s and de elop
e ec i e mi iga ion s a egies.
2.3. Au oma ing Fuzzing wi h Sc ip s
Au oma ing uzzing is a i al s ep in e icien ly iden i ying bu e o e low ulne abili ies, especially when es ing
complex so wa e o ne wo k se ices. Manual uzzing, while use ul o ini ial disco e y, can be ime-consuming and
e o -p one. The use o sc ip ing languages like Py hon enables secu i y esea che s o sys ema ically gene a e and
send payloads o a ying sizes o a ge applica ions, he eby accele a ing he ulne abili y disco e y p ocess.
The p o ided Py hon sc ip (Image 2) demons a es an e ec i e app oach o au oma ing uzzing agains a ne wo k
se ice, speci ically he ulne able ulnse e . The sc ip begins by ini ializing a bu e a ay wi h a single "A" cha ac e
and se s a coun e a 100. Wi hin a loop, i appends inc easingly la ge s ings o "A"s—s a ing a 100 by es and
inc emen ing by 200 by es each i e a ion— o he bu e un il he lis con ains 30 payloads o inc easing leng h. This
app oach ensu es b oad co e age o inpu sizes, which is c ucial o unco e ing he exac poin a which he bu e
o e low occu s.
Using Py hon's socke lib a y, he sc ip es ablishes a TCP connec ion o he a ge IP add ess (192.168.15.230) on po
9999, which co esponds o he ulne able se ice. Fo each payload s ing in he bu e , he sc ip sends a command
o ma ed as 'TRUN /.:/' conca ena ed wi h he uzz s ing. The use o his command is speci ic o ulnse e 's command
s uc u e, which p ocesses inpu ollowing TRUN /.:/. A e sending he payload, he sc ip closes he socke and
p oceeds o he nex i e a ion.
This au oma ion allows o apid es ing o a wide ange o inpu s while moni o ing he a ge 's beha io , such as
c ashes o anomalies, which a e indica i e o po en ial ulne abili ies. In eg a ing au oma ed uzzing wi h debugging
ools like Immuni y Debugge enhances he abili y o de ec , analyze, and exploi bu e o e low condi ions e ec i ely.
In conclusion, sc ip ing uzzing ou ines as shown p o ides a scalable, epea able, and p ecise me hod o disco e ing
o e low ulne abili ies, making i an indispensable ool in mode n pene a ion es ing and ulne abili y esea ch.
Figu e 2 Py hon sc ip au oma ing uzzing by sending inc easing payload sizes o “A” cha ac e s o he ulne able
ne wo k se ice ulnse e
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 2895-2908
2899
2.4. De ec ion o Exac O e low Posi ion
Iden i ying he p ecise loca ion wi hin a bu e whe e an o e low occu s is c ucial o de eloping e ec i e exploi s and
eliable de ec ion echniques. A common and powe ul app oach in ol es using unique, non- epea ing pa e n s ings
gene a ed by ools such as Me asploi ’s pa e n_c ea e. b. These pa e ns ensu e ha each subs ing wi hin he inpu is
dis inc , enabling secu i y analys s o accu a ely pinpoin he o se whe e con ol o p og am execu ion is gained.
The Py hon sc ip shown in Image 3 exempli ies his me hod by sending a ca e ully c a ed pa e n s ing o he a ge
applica ion. Ins ead o using epe i i e cha ac e s like “A” o “B,” his sc ip ansmi s a sequence ha uniquely iden i ies
each by e’s posi ion wi hin he bu e . This is achie ed by inco po a ing he pa e n—gene a ed ex e nally—in o he
payload sen h ough he socke o he ulne able se ice, he e accessed a IP add ess 192.168.15.230 on po 9999.
The sc ip ’s y-excep block ensu es g ace ul handling o connec ion e o s while deli e ing he es s ing.
Upon sending his pa e n, he p og am is expec ed o c ash i an o e low exis s, and he ins uc ion poin e (EIP)
egis e in he debugge will con ain a alue ex ac ed om he pa e n. By using ools such as pa e n_o se . b, secu i y
esea che s can inpu he o e w i en EIP alue o calcula e he exac posi ion wi hin he inpu whe e he o e low
occu ed. This o se is pi o al o subsequen exploi de elopmen , allowing p ecise o e w i ing o c i ical con ol
s uc u es like e u n add esses.
Debugge ools like Immuni y Debugge p o ide a eal- ime en i onmen o moni o his p ocess, e ealing aluable
in o ma ion such as egis e s a es, memo y dumps, and c ash logs. The combina ion o pa e n-based uzzing and
de ailed debugging o ms he backbone o exac o e low posi ion de ec ion, enabling esea che s o ansi ion om
ulne abili y disco e y o exploi a ion wi h accu acy and con idence.
Figu e 3 Py hon sc ip sending a unique pa e n s ing o iden i y he exac o se in he inpu bu e whe e he
o e low o e w i es he EIP
2.5. Regis e O e w i e Valida ion
A e de e mining he exac o se whe e he bu e o e low occu s, i is essen ial o e i y ha c i ical egis e s,
especially he Ins uc ion Poin e (EIP), can be success ully o e w i en. This alida ion s ep con i ms con ol o e
p og am execu ion and is undamen al o exploi de elopmen .
The Py hon sc ip shown in Image 4 exempli ies his echnique by sending a payload composed o a se ies o 2003 “A”
cha ac e s ollowed by 4 “B” cha ac e s. The choice o “B” is delibe a e; i co esponds o he hexadecimal alue
0x42424242, making i easily ecognizable in he debugge . By c a ing he payload in his manne , secu i y analys s
can obse e i he EIP egis e is o e w i en wi h 42424242, con i ming ha he exac o e w i e loca ion has been
pinpoin ed.

Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 2895-2908
2900
Using socke p og amming, he sc ip es ablishes a TCP connec ion o he a ge se ice (192.168.15.230 on po 9999),
hen sends he ca e ully cons uc ed payload as pa o he TRUN /.:/ command. The y-excep s uc u e ensu es ha
any connec ion ailu es a e g ace ully handled, p omp ing he use o check he debugge s a us.
When his payload is execu ed, he debugge —such as Immuni y Debugge —should display he EIP egis e con aining
he “BBBB” pa e n. This ou come p o es ha he o e low p ecisely con ols he p og am’s execu ion low. I he
egis e con ains di e en alues o he p og am does no c ash, he o se calcula ion equi es e-e alua ion.
This alida ion s ep is c ucial because con olling EIP enables he a acke o edi ec execu ion o malicious shellcode
o o he payloads. Addi ionally, i helps secu i y esea che s unde s and he p og am’s memo y layou and guides
u he s ages o exploi c a ing, such as inding sui able jump ins uc ions and bypassing p o ec ions like ASLR and
DEP.
In conclusion, egis e o e w i e alida ion using con olled pa e ns is a co ne s one o bu e o e low exploi a ion,
b idging he gap be ween ulne abili y de ec ion and p ac ical exploi a ion.
Figu e 4 Py hon sc ip sending a payload wi h 2003 “A” cha ac e s ollowed by 4 “B” cha ac e s (0x42424242) o
alida e con ol o e he EIP egis e
2.6. De ec ion o Bad Cha ac e s
Once con ol o he Ins uc ion Poin e is e i ied, he nex c i ical s ep is o disco e which by e alues he a ge
applica ion will co up , unca e, o ans o m du ing ansi om inpu o memo y. These so-called bad cha ac e s
a e a al o eliable shellcode execu ion: i a payload con ains a by e ha he applica ion eplaces wi h a NULL (0x00),
con e s, o s ips en i ely, he shellcode will mis-align and c ash be o e i achie es code-execu ion.
The Py hon sc ip in Image 5 illus a es a sys ema ic bad-cha ac e es . A e ep oducing he con i med o se
("A"*2003) and EIP o e w i e placeholde ("B"*4), he sc ip appends a sequence named badcha s ha enume a es
i ually e e y by e om 0x01 h ough 0xFF. (No ice ha 0x00—uni e sally ega ded as a e mina o in C-s yle
s ings—has been in en ionally omi ed.) Because each by e appea s exac ly once and in ascending o de , any de ia ion
obse ed inside he debugge di ec ly iden i ies which alues he p og am canno handle.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 2895-2908
2901
Using Py hon’s socke lib a y, he sc ip connec s o 192.168.15.230 on po 9999 and deli e s he composi e payload
as pa o he TRUN /.:/ command. On eceip , he ulne able se ice p ocesses he da a and—assuming he o e low is
s ill eachable—c ashes. Inside Immuni y Debugge , he analys hen inspec s he memo y egion jus beyond he
o e w i en EIP. I he by e pa e n eads smoo hly om 0x01 o 0xFF, no addi ional bad cha ac e s exis ; howe e , any
missing, duplica ed, o al e ed alue pinpoin s a by e ha mus be excluded when gene a ing inal shellcode.
The me hodology is i e a i e: emo e he o ending by e(s) om he badcha s s ing, e un he sc ip , and compa e he
new memo y dump un il all p oblema ic alues a e ca alogued. Only a e he comple e “good-by e” lis is known should
ms enom o a simila encode be in oked o c a shellcode wi h he -b lag, explici ly excluding each disco e ed bad
cha ac e .
Inco po a ing igo ous bad-cha ac e es ing ea ly in exploi de elopmen p e en s la e-s age payload ailu es,
ensu ing ha subsequen s eps—such as loca ing a JMP ESP add ess o chaining ROP gadge s o bypass DEP—ope a e
on s able, p edic able by ecode. Thus, bad-cha ac e de ec ion ac s as he quali y-con ol ga e be ween p oo -o -concep
o e low and a ully weaponized exploi .
Figu e 5 Py hon sc ip appending a comple e sequence o by e alues (badcha s) a e he shellcode o de ec
p oblema ic cha ac e s ha may dis up payload execu ion
2.7. ASLR and DEP Bypass Techniques
Mode n ope a ing sys ems deploy Add ess Space Layou Randomiza ion (ASLR) and Da a Execu ion P e en ion (DEP)
o us a e classic bu e -o e low exploi a ion. ASLR andomizes he base add esses o execu able modules, hwa ing
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 2895-2908
2902
ha d-coded jumps, while DEP ma ks s ack and heap pages non-execu able, p e en ing di ec shellcode execu ion. To
o e come hese p o ec ions, a acke s i s sea ch o modules ha a e loaded wi hou ASLR and a e no compiled wi h
DEP— o example, legacy DLLs shipped wi h hi d-pa y so wa e. In Immuni y Debugge , he Mona plug-in simpli ies
his ask wi h commands such as !mona modules, highligh ing lib a ies whe e all secu i y lags a e False.
Once an unp o ec ed module is loca ed, he a acke hun s o an ins uc ion ha edi ec s execu ion o con olled
da a—commonly JMP ESP o CALL ESP. Mona’s !mona jmp - esp enume a es such opcodes and eco ds hei ixed
i ual add esses; placing one o hese add esses (in li le-endian o m) o e he o e w i en EIP bypasses ASLR
because he module’s base ne e changes. DEP s ill blocks code on he s ack, so he exploi pi o s o a Re u n-O ien ed
P og amming (ROP) chain ha calls Vi ualP o ec o N P o ec Vi ualMemo y o ma k he shellcode egion execu able.
Building hese gadge chains equi es ha es ing sho ins uc ion sequences ha end in a RET, a echnique documen ed
as he p incipal coun e measu e a ge in con empo a y con ol- low in eg i y esea ch (Tymbu ibá, 2020).
A p ac ical demons a ion can be seen in he exploi a ion o he classic SL-Mail 5.5 o e low: esea che s iden i ied a
non-ASLR, non-DEP SLMailSMTP.dll, inse ed i s JMP ESP add ess, chained gadge s o disable DEP, and inally execu ed
e e se-shell payloads, alida ing ha obus bypasses emain easible when insecu e lib a ies a e p esen (Sha ana &
Pawa , 2021).
In summa y, bypassing ASLR and DEP e ol es a ound h ee pilla s: isola ing unp o ec ed modules, edi ec ing
execu ion wi h s able poin e s such as JMP ESP, and le e aging ROP o e-enable execu able pe missions o jump in o
al eady-execu able memo y. Mas e y o debugge au oma ion, opcode sea ches, and gadge ca aloging ans o ms hese
os ensibly o midable de enses in o su moun able hu dles o seasoned pene a ion es e s.
2.8. Shellcode Gene a ion and Injec ion
Wi h he c ash poin , o se , bad-cha ac e lis , and bypass s a egy con i med, he inal s ep is c a ing and implan ing
execu able payloads. ms enom, pa o he Me asploi F amewo k, is he de- ac o u ili y o on-demand shellcode
gene a ion. By speci ying he a ge pla o m (-p windows/shell_ e e se_ cp), a chi ec u e (-a x86 o x64), local hos
and po (LHOST/LPORT), and an ou pu o ma (- py hon), es e s ob ain by e a ays eady o di ec inse ion in o
p oo -o -concep sc ip s. The -e lag selec s encode s—such as shika a_ga_nai— ha polymo phically ans o m
payloads o a oid in usion-p e en ion signa u es, while he -b op ion excludes disco e ed bad cha ac e s o gua an ee
eliable ansmission.
To cushion unce ain ies in jump accu acy, exploi s o en p epend a NOP sled: a sequence o 0x90 by es ha unc ions
like a con eyo bel , sliding execu ion sa ely in o he shellcode e en i he landing add ess is imp ecise. Al hough as ew
as 16 NOPs can su ice, la ge sleds (32–64 by es) p o ide g ea e ole ance agains sligh a ia ions in oduced by ROP
alignmen o ne wo k encoding.
Injec ion s a egy depends on he bypass me hod. I DEP has been disabled ia a ROP call o Vi ualP o ec , he exploi
may simply jump s aigh o he NOP sled on he s ack. Al e na i ely, some a acks loca e al eady-execu able
memo y— o ins ance, he . ex sec ion o a non-ASLR DLL—and copy he shellcode he e, hen di ec EIP o ha
add ess. In Unicode o wide-cha ac e ulne abili ies, alphanume ic encode s like x86/alpha_mixed eshape he
shellcode in o accep able by e pa e ns, la e eassembling a un ime.
Tho ough es ing emains essen ial. A e embedding he gene a ed shellcode and NOP sled in o he inal payload,
epea ed execu ion unde he debugge e i ies ha egis e s, memo y p o ec ions, and con ol low beha e exac ly as
sc ip ed. Only a e consis en , c ash- ee execu ion deli e ing a e e se shell—o al e na e pos -exploi a ion ac ion—
should he exploi be conside ed p oduc ion- eady. Robus shellcode gene a ion and disciplined injec ion p ac ices hus
comple e he bu e -o e low exploi a ion li ecycle, ans o ming heo e ical con ol o EIP in o p ac ical, dependable
code execu ion on he a ge sys em.
3. Me hodology
3.1. Resea ch Design
The esea che s employed a sys ema ic me hod o loca e and use bu e o e low laws. The i s s ep in ol es
iden i ying he sou ce o inpu s ha may cause a bu e o e low in he a ge sys em. Au oma ically gene a ed uzzing
inpu s a e u ilized o injec huge o co up alues in o he sys em in o de o igge an o e low. A e an o e low is
iden i ied, Immuni y Debugge is u ilized o ace he loca ion whe e he ins uc ion poin e is o e w i en. The
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 2895-2908
2903
subsequen s ep in ol es designing unique payloads by le e aging he insigh s gained om he o se and he sys em’s
add ess heap. Shellcode is hen injec ed in o he a ge p ocess by implemen ing s a egies ha can o e come he
secu i y measu es o e ed by ASLR and DEP. This app oach ensu es ha e e y s age o he esea ch is es ed
sys ema ically, esul ing in accu a e and eliable ou comes when exploi ing bu e o e lows.
3.2. Da a Collec ion
The esea ch ocuses on collec ing esul s om di e en aspec s o bu e o e low analysis and exploi a ion. Fuzzing
ools a e used o gene a e a ious ypes o inpu and collec epo s de ailing he a ge sys em’s esponse o each inpu .
The use o Immuni y Debugge enables esea che s o gene a e memo y dumps, ack he s a e o egis e s, and cap u e
s ack aces ha show how and wha a eas o he sys em a e impac ed by he o e low. Fu he mo e, da a abou he
e ec i eness o payloads and e o s encoun e ed while sc ip ing sc ip s is eco ded du ing he es ing p ocess. This
in o ma ion plays a pi o al ole in pinpoin ing he law, assessing i s ulne abili y, and imp o ing he payload o exploi
i consis en ly. Using his in o ma ion helps p o ide an accu a e analysis o he ulne abili y and de ise e ec i e exploi
echniques.
3.3. Case S udies/Examples
3.3.1. Case S udy 1: The Tes Web Applica ion’s Vulne abili y Was Exploi ed.
An impo an ask pe o med du ing a pene a ion es is de e mining and exploi ing weaknesses in a web applica ion
o iden i y secu i y ulne abili ies. The au hen ica ion mechanism implemen ed in a web applica ion designed o
eaching and es ing pu poses was e ealed o include a se ious bu e o e low ulne abili y. This case s udy examines
he p ocess o iden i ying, in es iga ing, and capi alizing on he ulne abili y using adi ional echniques o pene
Disco e y o he Vulne abili y
The applica ion was examined as pa o a egula secu i y e iew and he law was iden i ied. Use s had o p o ide
hei login c eden ials by illing ou a o m and clicking he submi bu on o send hem o he se e . The p og am didn'
adequa ely check and clean up he leng h o inpu , which is a weakness o en ound in many ulne able applica ions.
The use name ield did no limi inpu leng h, which mean ha unchecked elemen s la ge han he alloca ed memo y
space could be en e ed by use s.
Fuzzing was used o injec inpu s ha would cause he applica ion o mal unc ion o c ash. INPUT OVERFLOWING
CAUSED THE APPLICATION TO FAIL IN VARIOUS WAYS AND OFTEN CRASHED COMPLETELY. This demons a ed ha
he applica ion had a high chance o being exploi ed using a bu e o e low a ack.
Exploi ing he O e low
The secu i y eam hen ocused on iden i ying he speci ic spo inside he bu e whe e he o e low occu s and he ways
in which i in luenced he applica ion’s memo y. They used Immuni y Debugge o moni o he applica ion’s esponses
when i was ed an excessi e numbe o alues.
Immuni y Debugge showed hem ha he EIP egis e was modi ied by injec ing mo e da a han he bu e could
handle. The modi ied EIP poin ed o he applica ion being di e ed om i s in ended cou se o ope a ion. This indica ed
ha he inpu was co up ing he bu e as well as aking con ol o he p og am’s low o ins uc ions, cha ac e is ic o
a bu e o e low bug.
They c ea ed a dis inc i e s ing o cha ac e s using Me asploi ’s pa e n_c ea e. b ha would e eal he p ecise add ess
a which he bu e o e low was occu ing. The eam p epa ed he payload by including a ious pa e ns and used he
loca ion o he c ashed EIP o de e mine he co ec o se . This ga e hem he in o ma ion hey needed o con ol he
EIP in he co ec way.
C a ing he Exploi
A med wi h he o se , he eam was able o c ea e he app op ia e payload. The a acke se led on modi ying he EIP
o jump o he shellcode on he s ack. As a esul , injec ing he malicious code in o he EIP enabled he a acke o ob ain
con ol o e he se e .