-
Hi,
the bug which is responsible for the 'additional' gadget in the ropchain is fixed.
It would have been good if I had known this earlier ;)
So, if you want you can change your lessen6 scrip…
sashs updated
5 years ago
-
get segfault for 64 bit, the 64+context.bytes are 72, and this seems to be the correct offset for the 64bit example.
on 32 bit
p.send(fit({76: rop.chain(), 200: dlresolve.payload}))
getting stil…
-
hello, I have a question (might sound noob, I know)
but, why does ROPGadget successfully create the python code of the ROP chain sometimes, and some other times it doesnt?
And when it doesn't, wha…
-
Hi
(bystander here checking new CVEs in the CVE feeds)
Recentyl a CVE popped up originating from https://bugzilla.redhat.com/show_bug.cgi?id=2319212 . The description in the Red Hat Bugzilla ent…
-
This feature should enable user to easily set a gdb breakpoint in a `ROP.chain()` from a pwntools script.
Perhaps it could be implemented under the `rop` module.
Examples of possible successful…
-
**Name**: pam
**CVEs**: [CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365), [CVE-2024-10041](https://nvd.nist.gov/vuln/detail/CVE-2024-10041)
**CVSSs**: 5.5, 4.7
**Action Needed**: u…
-
I was doing this challenge: https://2020.ctf.link/assets/files/kernel-rop-bf9c106d45917343.tar.xz
and the gadget `0xffffffff8246dc83: push rax; ret;` is returned for the extracted vmlinux. I used it …
-
Would it be possible to make the C sources available so we can modify and re-compile the ROP chains?
-
Let me know if I'm doing something stupid:
```
$ sw_vers
ProductName: Mac OS X
ProductVersion: 10.14.3
BuildVersion: 18D21c
$ ./exploit id
2018-12-22 12:20:37 [+] Resolving symbols...
201…
timwr updated
5 years ago
-
Hello,
I got an idea. I want to implement a feature on r2 that when the user puts a debugger to a point, turring, finds a set of gadgets to use together for stack buffer overflow attacks.
http:/…