Questions tagged [rop]
Return-oriented programming (ROP) is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as executable space protection and code signing.
36
questions
1
vote
1
answer
12k
views
How to find address of system() in an executable - ROP exploit
I'm trying to find the address of system() in a code repo that I'm trying to exploit using Return Oriented Programming (for a course project). The code has included stdlib.h but it has not used system(...
- 13
3
votes
1
answer
3k
views
Why ret2libc is not working in the below code on x86_64?
I am trying to bypass DEP in x86_64 (64 bit - ASLR OFF). I have my own vulnerable code and I have also written an exploit code with a basic ROP to jump into system() with parameter "/bin/sh",...
- 51
1
vote
1
answer
3k
views
Dealing with NULL byte (0x00) in offsets
I'm trying to exploit a strcpy() buffer overflow vulnerability to test ROP attack. I found a very useful gadget at address 0x0000f26c so I am obliged to insert null bytes to the stack to override the ...
- 83
1
vote
1
answer
706
views
ROP Attack :Force the program to manipulate an instruction as a gadget
I'm doing basic exploitation test on a simple program with fiew lines of code. I intend to exploit a buffer overflow vulnerability to perform a ROP attack.
To gather the available gadgets I use ...
- 83
3
votes
2
answers
3k
views
Stack location range on linux for user process
In Linux, with ASLR enabled, is there a range of addresses where user stack address lies? What about heap, instruction addresses(text section)? In general, is it possible to look at an address and ...
5
votes
1
answer
1k
views
How does GCC's -mmitigate-rop work?
GCC 6 has a flag, -mmitigate-rop, which compiles binaries in a way that reduces the number gadgets exploitable by ROP. The GCC documentation explaining this feature is minimal:
-mmitigate-rop
Try ...
- 67k