Share
## https://sploitus.com/exploit?id=F901C6AD-D678-53D7-90E7-3352074E0085
# ATM Challenge - Buffer Overflow Exploit

**Author**: Olalekan Owoloye
**Course**: Software Exploitation  
**Date**: November 2025

## Overview

This is a binary exploitation challenge featuring a vulnerable ATM banking application. The challenge demonstrates a classic stack-based buffer overflow vulnerability that can be exploited to gain shell access.

## Files Included

- **atm_challenge.c** - Source code of the vulnerable ATM application
- **atm_challenge.bin** - Compiled binary (ELF 64-bit)
- **build.sh** - Build script to compile the binary
- **exploit.py** - Working exploit script (Python + pwntools)
- **Olalekan Owoloye SW Final Porject** - Full writeup
- **README.md** - This file

## Vulnerability

**Type**: Stack-based buffer overflow  
**Location**: `update_account_info()` function, line 102  
**Cause**: Use of unsafe `gets()` function without bounds checking

## Quick Start

### Compile the Binary
```bash
bash build.sh
```

### Run the Exploit
```bash
python3 exploit.py
```

Expected: A shell with "ADMIN ACCESS GRANTED" message!

## Exploitation Summary

1. Authenticate with PIN: 1234
2. Select option 4 (Update Account Info)
3. Send 40 bytes + address of admin_panel()
4. Return address overwritten โ†’ jumps to admin_panel()
5. Shell spawned!

**For full details**

## Security Mitigations

All disabled for educational purposes:
- Stack Canaries: DISABLED
- PIE/ASLR: DISABLED  
- NX/DEP: DISABLED

## Educational Value

Demonstrates:
- Buffer overflow exploitation
- Stack corruption
- Return address hijacking
- Why gets() is dangerous

**Permission**: May be used in educational settings with attribution