@Seepckoa said:
@jreeves said:
@Seepckoa said:
@jreeves said:
so is r*p the key to privesc?Yes !
I see you can case a overflow by throwing in an argument longer than (redacted) digits and cause eip to become a memory address of you choice… i guess you could use this to write a custom program that just waits in memory trying to read root.txt and then cause r*p to execute that code… but is this really the way to do it or am i overthinking this
this is what im going to attempt, and dont get me wrong, it sounds like fun but is a 20pt root really as complicated as this?
Edit: nvm, im overcomplicating it. this is a path and im making it too tough
Me personally I try to inject a shellcode in the program I do not know if I’m in the right track.
Im guessing that worked for you? I ended up exploiting a stack overflow.
RIP rop