oxeo0/hacking-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/hacking-blogposts.git synced 2025-07-02 10:36:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix references

Browse source
This commit is contained in:
nihilist 2025-05-07 08:47:16 +02:00
parent fd1fec5663
commit 8e4e47a9d8
16 changed files with 19 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

2
2/feed.md
View file

@ -410,7 +410,7 @@ So we can overwrite the stack canary one byte a a time, The byte we overwrite it
Now onto the ROP chain: Once we have the stack canary and nothing will be able to stop us from reaching the return function to get code execution as usual. Then what do we execute ? NX is turned on, so we cannot just jump to the shellcode we place on the stack. However the elf does have PIE set to enabled which randomizes the address of code, Therefore building a ROP chain without an infoleak is possible. For this ROP Chain, we will be making an execve() syscall to /bin/sh to give us a shell.
Now to build our ROP chain we need to look for ROP Gadgets as we saw in the previous 2 challenges. We will use ROPGadget for that, check out [simplecalc](calc.html) to check out how i installed it. now let's find the following gadgets:
Now to build our ROP chain we need to look for ROP Gadgets as we saw in the previous 2 challenges. We will use ROPGadget for that, check out [simplecalc](calc.md) to check out how i installed it. now let's find the following gadgets:
[ 192.168.0.18/24 ] [ /dev/pts/2 ] [binexp/2/feed]