All Questions
7
questions
1
vote
0
answers
47
views
Jump-Oriented Programming: Why is it better/easier to jump to the dispatcher gadget than to jump from one functional gadget directly to another?
Jump-oriented Programming: Why is it better/easier to jump to the dispatcher gadget than to jump from one functional gadget directly to another functional gadget?
My understanding of JOP:
In jump-...
0
votes
0
answers
26
views
Jump-Oriented Programming: Harder than ROP because the registers need to be prepared individually? + Turing complete, but large overhead/slow?
Full title: Jump-Oriented Programming: Is it harder than traditional return-oriented programming because you need to manually prepare all the addresses and registers or is there a different reason?
...
0
votes
0
answers
191
views
Buffer Overflow with ROP Chain Output Problem
I have the following problem: I have this C program and I have done buffer overflow using ROP gadgets. I have a problem with the output.
I want to stop the printf() call in the vuln function to get ...
2
votes
2
answers
2k
views
ROP executes system("/bin/sh") but does not attach to it
Here is the code:
import struct
buf = ""
buf += "A" * 552
buf += struct.pack('<Q', 0x401493) # pop rdi; ret
buf += struct.pack('<Q', 0x7ffff7f79152) # /bin/sh
buf += ...
1
vote
1
answer
343
views
ROP on MIPS Doesn't Land Where Calculated
I am working on exploiting an application on MIPS to further my knowledge of ROP chaining. The library I am trying to build a ROP chain is libuClibc-0.9.30.3.so. I found a gadget that I want to use ...
0
votes
0
answers
272
views
Is JIT-compiler required for JIT-ROP attack?
I have been studying up on the concept of Just-in-Time (JIT) ROP attack (https://cs.unc.edu/~fabian/papers/oakland2013.pdf), and came across this question which I have not been able to find the ...
1
vote
1
answer
706
views
ROP Attack :Force the program to manipulate an instruction as a gadget
I'm doing basic exploitation test on a simple program with fiew lines of code. I intend to exploit a buffer overflow vulnerability to perform a ROP attack.
To gather the available gadgets I use ...