Think outside the box.
You are getting that message bacause ..?
Programmer knew you are gonna try ret2plt. He also knew you are gonna use that /bin/sh string address you leaked.
You are getting LOL NOPE. message.
So you can assume, that /bin/sh is n…
sock.accept() function is hanging because it is waiting for a connection. You can set a timeout about 30 seconds I think.
Nothing is wrong with these scripts. If you are not get a connection back, you can try a few more times. If the …
You are getting %s%s... string on remote right ?
Because remote offset of bin_sh is a bit different.
If you search offset for %s%s... string in your local libc you will see that address is actually remote address of bin_sh.
So you need to d…
I am working on some buffer overflow challenge.
I build a binary it uses puts function.
ASLR is active, NX is enabled.
So how can I leak the libc base addr?
32-bit binary btw.
My payload looks like: padding + [email protected] + [email protected]
But not wo…