I’m trying to exploit the r*p binary.
I’ve already read all this that was posted here:
http://codearcana.com/posts/2013/05/28/introduction-to-return-oriented-programming-rop.html
https://www.shellblade.net/docs/ret2libc.pdf
Also watched ippsec video.
I can’t make it work so I have a few questions:
1- Did you copy the binary to your own box to disas it? I think its not necessary since I have the addr and offsets.
2- Did you have to build a new binary? I don’t think it’s necessary either.
3- My reverse shell is a bit limited and don’t have all the output, can this be my problem? What did you do?
I’m a bit lost. The idea is really simple and I knew this technique before.
I hope there are no spoilers in this message, all the info posted here was mentioned before in the thread.
Any advise would be appreciated.