You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm just curious, how did you compile binaries for the linux_x64?
I am able to successfully exploit the binary that comes with the repository as shown below:
~/Downloads/ROP_STEP_BY_STEP/linux_x64 (master*) » python3 exp5.py
[*] '/home/Downloads/ROP_STEP_BY_STEP/linux_x64/level3'
Arch: amd64-64-little
RELRO: Partial RELRO
Stack: No canary found
NX: NX enabled
PIE: No PIE (0x400000)
[+] Starting local process './level3': pid 74600
[*] Switching to interactive mode
Hello, World
$ pwd
/home/Downloads/ROP_STEP_BY_STEP/linux_x64
$ exit
[*] Got EOF while reading in interactive
$
[*] Process './level3' stopped with exit code -11 (SIGSEGV) (pid 74600)
[*] Got EOF while sending in interactive
However, if I try to compile the binary by myself such as using the option shown below: gcc level3.c -o level3_custom -fno-stack-protector -no-pie
Then it won't work:
~/Downloads/ROP_STEP_BY_STEP/linux_x64 (master*) » python3 exp5.py
[*] '/home/Downloads/ROP_STEP_BY_STEP/linux_x64/level3_custom'
Arch: amd64-64-little
RELRO: Partial RELRO
Stack: No canary found
NX: NX enabled
PIE: No PIE (0x400000)
[+] Starting local process './level3_custom': pid 75948
[*] Switching to interactive mode
Hello, World
[*] Got EOF while reading in interactive
$ whoami
[*] Process './level3_custom' stopped with exit code -11 (SIGSEGV) (pid 75948)
[*] Got EOF while sending in interactive
I have made sure to adjust the exp5.py by using gdb to figure out what is the system@plt address with 0x401040:
~/Downloads/ROP_STEP_BY_STEP/linux_x64 (master*) » gdb ./level3_custom
GNU gdb (Debian 8.2.1-2+b3) 8.2.1
...
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./level3_custom...(no debugging symbols found)...done.
>>> disas callsystem
Dump of assembler code for function callsystem:
0x0000000000401142 <+0>: push %rbp
0x0000000000401143 <+1>: mov %rsp,%rbp
0x0000000000401146 <+4>: lea 0xeb7(%rip),%rdi # 0x402004
0x000000000040114d <+11>: callq 0x401040 <system@plt>
...
Thank you in advance.
The text was updated successfully, but these errors were encountered:
Hello, thank you for sharing these examples.
I'm just curious, how did you compile binaries for the
linux_x64?I am able to successfully exploit the binary that comes with the repository as shown below:
However, if I try to compile the binary by myself such as using the option shown below:
gcc level3.c -o level3_custom -fno-stack-protector -no-pieThen it won't work:
I have made sure to adjust the
exp5.pyby usinggdbto figure out what is thesystem@pltaddress with0x401040:Thank you in advance.
The text was updated successfully, but these errors were encountered: