Next level from PicoCTF 2013 I tried was related to ROP exploitation. Let's see the details...
I started here from breakpoint on vulnerable_function():
Sending small payload (100b):
Not much. Sending 200:
Good. Preparing pattern_create:
Offset known, we are ready to go:
This time we will not look for system() - we will run not_called() function to run /bin/bash:
Modifying poc.py and we are here:
Cool. :)
See you next time!
Cheers
Brak komentarzy:
Prześlij komentarz