Security Summer School

User Tools

Site Tools

session:12

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
session:12 [2020/07/20 14:34] – [2. Challenge: Handling Low Stack Space] Liza-Elena BABU (78556)session:12 [2020/07/20 14:34] (current) – [1. Challenge: Using ROP to Leak and Call system()] Liza-Elena BABU (78556)
Line 279: Line 279:
 ==== 1. Challenge: Using ROP to Leak and Call system() ==== ==== 1. Challenge: Using ROP to Leak and Call system() ====
  
-Having completed the recap in the walkthrough above let's proceed to more advanced things. Use the ''challenge-01/ropasaurusrex1'' executable file and update the script above in order to spawn a shell.+Having completed the recap in the walkthrough above let's proceed to more advanced things. Use the ''task-01/ropasaurusrex1'' executable file and update the script above in order to spawn a shell.
  
 You can now call the functions in the binary but ''system()'' or any other appropriate function is missing and ASLR is enabled. How do you get past this? You need an information leak! To leak information we want to print it to standard output and process it. We use calls to ''printf()'', ''puts()'' or ''write()'' for this. In our case we can use the ''write()'' function call. You can now call the functions in the binary but ''system()'' or any other appropriate function is missing and ASLR is enabled. How do you get past this? You need an information leak! To leak information we want to print it to standard output and process it. We use calls to ''printf()'', ''puts()'' or ''write()'' for this. In our case we can use the ''write()'' function call.
session/12.1595255678.txt.gz · Last modified: by Liza-Elena BABU (78556)