# Pointer Redirecting

{{#include ../../banners/hacktricks-training.md}}

## String pointers

Ikiwa wito wa kazi utaenda kutumia anwani ya mfuatano iliyoko kwenye stack, inawezekana kutumia overflow ya buffer ili **kuandika upya anwani hii** na kuweka **anwani ya mfuatano tofauti** ndani ya binary.

Ikiwa kwa mfano wito wa kazi **`system`** utaenda **kutumia anwani ya mfuatano kutekeleza amri**, mshambuliaji anaweza kuweka **anwani ya mfuatano tofauti kwenye stack**, **`export PATH=.:$PATH`** na kuunda kwenye saraka ya sasa **script yenye jina la herufi ya kwanza ya mfuatano mpya** kwani hii itatekelezwa na binary.

Unaweza kupata **mfano** wa hili katika:

- [https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/strptr.c](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/strptr.c)
- [https://guyinatuxedo.github.io/04-bof_variable/tw17_justdoit/index.html](https://guyinatuxedo.github.io/04-bof_variable/tw17_justdoit/index.html)
- 32bit, badilisha anwani kwa mfuatano wa bendera kwenye stack ili iweze kuchapishwa na `puts`

## Function pointers

Vivyo hivyo kama pointer ya mfuatano lakini ikitumia kazi, ikiwa **stack ina anwani ya kazi** ambayo itaitwa, inawezekana **kuibadilisha** (kwa mfano, kuita **`system`**).

Unaweza kupata mfano katika:

- [https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/funcptr.c](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/funcptr.c)

## References

- [https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/NOTES.md#pointer-redirecting](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/NOTES.md#pointer-redirecting)

{{#include ../../banners/hacktricks-training.md}}