This time I tried to solve rop3 challenge from PicoCTF 2013. Below you will find the details...
I started here:
Cool. Next thing was to check the binary with checksec:
Unfortunately NX bit was enabled. :|
... so the idea was to disable No eXecutable bit and then run the shellcode. Let's do it:
Prepared pattern was used to build basic skeleton poc. Now checking:
Results:
Checking offset:
Looks good. Next we will need read() and mprotect() address:
So far, so good. Now, preparing the poc:
Now the case is to find a good shellcode to use it with our poc (to run our shellcode from fd ;)). A good source of example shellcodes you can find here. :) I used this one created by created by xgc (thanks!):
As you can see there are some differences between last two screens but the reason for that is I switched from Kali VM to another (a little bit older ;)) VM.
See you next time!
Cheers
Brak komentarzy:
Prześlij komentarz