deviate

About

Username
deviate
Joined
Visits
143
Last Active
Roles
Member

Activity

  • rowra

    hello
    I have basic idea of binex (did the Ellingston root both manual and auto way) but can't crack this one.
    My idea: I realised there's a rbp register that contains the last 16 bytes of the input. I found 120 chars cause overflow, so I searched :
    system call at 0x401040,
    pop_rdi at 0x40120b
    pop_rbp at 0x401139

    Now, /bin/sh is only 7 chars, but //bin/sh works just fine, so I made it that, made a junk of 120-8 =112 chars and assembled a rop chain like:

    junk + '//bin/sh' + pop_rdi + pop_rbp + sys

    Executing it results in
    sh: $']\303\017\037D': command not found

    So that makes me think I'm onto something just gotta get rid of that nonsense static crap afterward. I just can't find what causes it?

    Please nudge/help me andofc also tell if I'm doing somethingstupid

    August 30
Avatar

Howdy, Stranger!

Click here to create an account.