All Questions
5
questions
0
votes
1
answer
316
views
64-bit ROP-based Buffer Overflow Attack
I am facing a CTF challenge in which I have to conduct an attack using a ROP chain on this program below:
#include <stdio.h>
#include <stdint.h>
#include <stdbool.h>
#include <sys/...
0
votes
0
answers
191
views
Buffer Overflow with ROP Chain Output Problem
I have the following problem: I have this C program and I have done buffer overflow using ROP gadgets. I have a problem with the output.
I want to stop the printf() call in the vuln function to get ...
0
votes
1
answer
625
views
Segfault after reaching system
I'm doing a pretty bog-standard return-to-libc attack and I'm in a bit of a pickle.
I first got the entire attack working with my local version of libc, then I used the version of libc provided by the ...
-1
votes
1
answer
251
views
is it possible to call libc function with rop
let say hacker want to come over the aslr or he want to call function that doesn't exists in user program ,can he insert to the return address address to the share library function or this functions ...
1
vote
1
answer
12k
views
How to find address of system() in an executable - ROP exploit
I'm trying to find the address of system() in a code repo that I'm trying to exploit using Return Oriented Programming (for a course project). The code has included stdlib.h but it has not used system(...