wtorek, 20 sierpnia 2019

PicoCTF 2013 - rop1

Next level from PicoCTF 2013 I tried was related to ROP exploitation. Let's see the details...
I started here from breakpoint on vulnerable_function():


Sending small payload (100b):


Not much. Sending 200:


Good. Preparing pattern_create:


Offset known, we are ready to go:

 This time we will not look for system() - we will run not_called() function to run /bin/bash:

Modifying poc.py and we are here:


Cool. :)

See you next time!

Cheers




Brak komentarzy:

Prześlij komentarz