Open Security Training — Introduction to Software Exploits — Off-by-one

Open Security Training’s Introduction to Software Exploits course includes a brief coverage of a C program with an off-by-one vulnerability, but due to time limitations the instructor did not get a chance to develop a full exploit. In the interests of learning, I invite you to join me in this walkthrough that goes over the challenge of writing an elegant exploit for this vulnerability.

The Challenge