Skip to main content
The 2024 Developer Survey results are live! See the results
Information Security

All Questions

Ask Question
Tagged with
4 questions
Newest Active Bountied Unanswered
0 votes
1 answer
445 views

ROP - ret VS ret 0

I'm doing a binary challenge from pwnable.kr and I'm examining a some ROP gadget. Until now I've always used gadget ending with ret or syscall/int 0x80, but now ROPgadget gave me a gadget ending with ...
Marco Balo's user avatar
Marco Balo
  • 103
1 vote
2 answers
604 views

How do attackers determine ROP gadgets remotely?

Being gadgets change per each system and architecture (do they?), how would an attacker be able to determine the offsets of various Return Oriented Programming gadgets, would an attacker first need to ...
asd40732's user avatar
asd40732
  • 11
1 vote
1 answer
1k views

Understanding ret2libc return address location

I recently was studying x86 buffer overflows + ret2libc attacks from https://www.ret2rop.com/2018/08/return-to-libc.html and I noticed the order is as follows: bytes to fill buffer + address of system ...
asd_665's user avatar
asd_665
  • 13
1 vote
1 answer
660 views

Remote Buffer Overflow w/out Memory Leak

I'm working on an exploit development challenge right now in which I've been presented with a compiled binary and I have to exploit it on a remote server. No stack protections have been enabled and ...
leaustinwile's user avatar
leaustinwile
  • 366