Skip to main content
The 2024 Developer Survey results are live! See the results
Information Security

All Questions

Ask Question
Tagged with
7 questions
Newest Active Bountied Unanswered
1 vote
0 answers
47 views

Jump-Oriented Programming: Why is it better/easier to jump to the dispatcher gadget than to jump from one functional gadget directly to another?

Jump-oriented Programming: Why is it better/easier to jump to the dispatcher gadget than to jump from one functional gadget directly to another functional gadget? My understanding of JOP: In jump-...
user25100341's user avatar
user25100341
  • 11
0 votes
0 answers
26 views

Jump-Oriented Programming: Harder than ROP because the registers need to be prepared individually? + Turing complete, but large overhead/slow?

Full title: Jump-Oriented Programming: Is it harder than traditional return-oriented programming because you need to manually prepare all the addresses and registers or is there a different reason? ...
user25100341's user avatar
user25100341
  • 11
0 votes
0 answers
191 views

Buffer Overflow with ROP Chain Output Problem

I have the following problem: I have this C program and I have done buffer overflow using ROP gadgets. I have a problem with the output. I want to stop the printf() call in the vuln function to get ...
Flowless Man's user avatar
Flowless Man
  • 1
2 votes
2 answers
2k views

ROP executes system("/bin/sh") but does not attach to it

Here is the code: import struct buf = "" buf += "A" * 552 buf += struct.pack('<Q', 0x401493) # pop rdi; ret buf += struct.pack('<Q', 0x7ffff7f79152) # /bin/sh buf += ...
Toma's user avatar
Toma
  • 121
1 vote
1 answer
343 views

ROP on MIPS Doesn't Land Where Calculated

I am working on exploiting an application on MIPS to further my knowledge of ROP chaining. The library I am trying to build a ROP chain is libuClibc-0.9.30.3.so. I found a gadget that I want to use ...
joshu's user avatar
joshu
  • 121
0 votes
0 answers
272 views

Is JIT-compiler required for JIT-ROP attack?

I have been studying up on the concept of Just-in-Time (JIT) ROP attack (https://cs.unc.edu/~fabian/papers/oakland2013.pdf), and came across this question which I have not been able to find the ...
zzang3's user avatar
zzang3
  • 1
1 vote
1 answer
706 views

ROP Attack :Force the program to manipulate an instruction as a gadget

I'm doing basic exploitation test on a simple program with fiew lines of code. I intend to exploit a buffer overflow vulnerability to perform a ROP attack. To gather the available gadgets I use ...
Ahmed's user avatar
Ahmed
  • 83