All Questions

4 questions

6votes

2answers

46kviews

return to libc- finding libc's address and finding offsets

So I tried performing a return-to-libc according to https://sploitfun.wordpress.com/2015/05/08/bypassing-nx-bit-using-return-to-libc/ . I found libc's address by using "ldd vuln", and found system's ...

Jonathan

asked Aug 24, 2017 at 7:33

1vote

1answer

739views

How to increase gadget occurence in a program

I'm exercising with ROP. In a vulnerable program I control the RIP, use "ropeme" and search for gadgets I find many references to 32 bits long registers, but not a single extended register. I need a ...

Yvain

asked Aug 15, 2017 at 14:32

5votes

1answer

7kviews

How to bypass ASLR with ROP

I was reading this article by the InfoSec institute: http://resources.infosecinstitute.com/an-introduction-to-returned-oriented-programming-linux/#gref And was able to follow along until he did the ...

alloy

asked Jul 30, 2017 at 20:47

10votes

2answers

8kviews

Why must a ret2libc attack follow the order "system(),exit(),command?

In a ret2libc attack, I understand that the return address can be overwritten with the address of the system command, which takes a command string as an argument. In this case, shouldn't the address ...

Lew Wei Hao

asked Sep 12, 2016 at 21:31

Stack Exchange Network

All Questions

return to libc- finding libc's address and finding offsets

How to increase gadget occurence in a program

How to bypass ASLR with ROP

Why must a ret2libc attack follow the order "system(),exit(),command?

Hot Network Questions

All Questions

Related Tags