@miccah said:
Hints for buffer overflow:
- If you own the stack, you own the IP
- Make sure you look at all the functions available to you, even if they aren’t called
- “set disable-randomization off” in gdb helps see what you have and what you can’t count on
Finally got the B*F after reading @miccah’s comment. Just a little tweak got a working local exploit to work remotely as well, ignoring ASLR.
Root was easy but a little frustrating at first.
Feel free to PM me about the BOF; explaining stuff to others will help me solidify things.