deviate

Activity

• 
  rowra → deviate

  hello
  I have basic idea of binex (did the Ellingston root both manual and auto way) but can't crack this one.
  My idea: I realised there's a rbp register that contains the last 16 bytes of the input. I found 120 chars cause overflow, so I searched :
  system call at 0x401040,
  pop_rdi at 0x40120b
  pop_rbp at 0x401139

  Now, /bin/sh is only 7 chars, but //bin/sh works just fine, so I made it that, made a junk of 120-8 =112 chars and assembled a rop chain like:

  junk + '//bin/sh' + pop_rdi + pop_rbp + sys

  Executing it results in
  sh: $']\303\017\037D': command not found

  So that makes me think I'm onto something just gotta get rid of that nonsense static crap afterward. I just can't find what causes it?

  Please nudge/help me andofc also tell if I'm doing somethingstupid

  August 30