This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
session:12 [2020/07/20 16:48] Liza-Elena BABU (78556) |
session:12 [2020/07/20 17:34] (current) Liza-Elena BABU (78556) [1. Challenge: Using ROP to Leak and Call system()] |
||
---|---|---|---|
Line 279: | Line 279: | ||
==== 1. Challenge: Using ROP to Leak and Call system() ==== | ==== 1. Challenge: Using ROP to Leak and Call system() ==== | ||
- | Having completed the recap in the walkthrough above let's proceed to more advanced things. Use the '' | + | Having completed the recap in the walkthrough above let's proceed to more advanced things. Use the '' |
You can now call the functions in the binary but '' | You can now call the functions in the binary but '' | ||
Line 356: | Line 356: | ||
The previous binary had the luxury of plenty of stack space to be overflown. It is often the case that we don't have enough space for a long ROP chain. Let's handle that. | The previous binary had the luxury of plenty of stack space to be overflown. It is often the case that we don't have enough space for a long ROP chain. Let's handle that. | ||
- | For the current task, switch to the '' | + | For the current task, switch to the '' |
Find out how much space you have in the overflow and assess the situation. | Find out how much space you have in the overflow and assess the situation. | ||
Line 464: | Line 464: | ||
==== 4. Challenge [Bonus] ==== | ==== 4. Challenge [Bonus] ==== | ||
- | Switch to '' | + | Switch to '' |
* First overflow the buffer and call vuln_gate. You will need to prepare registers for the 64 bit calling convention. | * First overflow the buffer and call vuln_gate. You will need to prepare registers for the 64 bit calling convention. | ||
* Then overflow the second buffer and issue a syscall for **execve("/ | * Then overflow the second buffer and issue a syscall for **execve("/ |