All Questions
Tagged with rop vulnerability
2
questions
0
votes
0
answers
93
views
Bash deletes null bytes in exploit input for ROP/returntolibc
I am trying to do a returntolibc exploit. The goal is to gain a shell with root privilege by calling setuid(0) and then system("/bin/sh"). I have been agonizing over trying to get this thing ...
1
vote
1
answer
3k
views
Dealing with NULL byte (0x00) in offsets
I'm trying to exploit a strcpy() buffer overflow vulnerability to test ROP attack. I found a very useful gadget at address 0x0000f26c so I am obliged to insert null bytes to the stack to override the ...