Salam,Very Well Brother! Help us more :)
Cool.. begin to read
Thank you for sharing your knowledge, man!
thank you. I have some questions using ROP but in windows can you help me?
Very good explanations !! Appreciate you taking your time to explain this to us.
This comment has been removed by the author.
I worked out the ROP exactly as you explained in the tutorial, but it gives me a segmentation error. How do I resolve this error?
hi, i followed your tutorial on a x86 kali distr and I was able to build my chain and execute it. .data section starts at 201C I build the address in eax and then write at [eax] but I get a segsigv. do you can figureout why? is there a security mechanism in place?thx
Wow, cool post. I'd like to write like this too - taking time and real hard work to make a great article... but I put things off too much and never seem to get started. Thanks though. alamat video bokep
"We cannot use system() function since it will drop privileges. We will have to use execl() function in thisprototype;"Why execl would escalate privileges ?
good stuff man
about the dummy function in the ret to libc pdf: I don't understand how you can pass the address of the environment variable SHELL to system() while the stack will change after the pop esp is executed before the pop eip.