Hello man, i seen your comment about Intense. i'm in the last steps for root, I caught the canary bytes the rbp and the return address.
from here i can calculate the program base address, and i tried to caught the libc offset. to do i need to leak this address using the write and show the [email protected] and the difference with [email protected]
The problem is that when i search for some rope gadgets, i found:
Can you tell me any hint about that, Thanks for reply