glibc – Page 2 – WindowsTechs.com

CTF setup for debugging heap exploits

Posted on September 22, 2020 by Z. Alessandro

I’m hope this is the right StackExchange to ask the following question
I’m currently studying binary heap exploitation (mainly the glibc (ptmalloc2) implementation), for CTF competitions. The problem I’m facing is debugging challenges desi… Continue reading CTF setup for debugging heap exploits→

CTF setup for debugging heap exploits

Posted on September 22, 2020 by Z. Alessandro

I’m currently studying binary heap exploitation (mainly the glibc (ptmalloc2) implementation), for CTF competitions. The problem I’m facing is debugging challenges designed for a certain glibc version. I know there are some differences bet… Continue reading CTF setup for debugging heap exploits→

How does strings find the offset for a string? [on hold]

Posted on November 2, 2018 by Tryna Learn Somethin

How does strings find the offset for the string /bin/sh inside of libc.so.6

strings -a -t x /lib/i386-linux-gnu/libc.so.6 | grep “/bin/sh”

Continue reading How does strings find the offset for a string? [on hold]→

Could not load library libcutils.so while injecting shellcode

Posted on February 27, 2018 by Topper Harley

I am working on my school thesis.

I am trying to inject some shellcode into a shared library using Dirty Cow vulnerability on Android x86.

My shellcode is written in asembly and only calls sys_execve with an argument touc… Continue reading Could not load library libcutils.so while injecting shellcode→

Jump Oriented Programming segmentation fault issue

Posted on January 14, 2018 by dearn44

I found this interesting post on jop, and since I was not familiar with the concept I decided to play with it. I managed to call arbitrary functions defined in my binary with or without arguments, but never managed to run the… Continue reading Jump Oriented Programming segmentation fault issue→

Return-to-libc Attack mystery

Posted on January 6, 2018 by Spring

I’m studying the Return-to-libc Attack and I understand the concept. But one thing still does not make sense. In order to make the attack I need the memory address of system() and “/bin/sh”, which is different on every system… Continue reading Return-to-libc Attack mystery→

Unable to system("/bin/sh") in return to libc practice

Posted on September 14, 2017 by Jdone7763

I am attempting to practice some return-to-libc exercise found here but I’m stumped.

According to the exercise, I am suppose to be able to obtain a shell by arranging my input as follows:

|——————————-|-… Continue reading Unable to system("/bin/sh") in return to libc practice→

Unable to system("/bin/sh") in return to libc practice

Posted on September 14, 2017 by Jdone7763

I am attempting to practice some return-to-libc exercise found here but I’m stumped.

According to the exercise, I am suppose to be able to obtain a shell by arranging my input as follows:

|——————————-|-… Continue reading Unable to system("/bin/sh") in return to libc practice→

return to libc- finding libc’s address and finding offsets

Posted on August 24, 2017 by J.J

So I tried performing a return-to-libc according to https://sploitfun.wordpress.com/2015/05/08/bypassing-nx-bit-using-return-to-libc/ .

I found libc’s address by using “ldd vuln”, and found system’s offset by using “readelf -s /lib/i386-l… Continue reading return to libc- finding libc’s address and finding offsets→

How to increase gadget occurence in a program

Posted on August 15, 2017 by Yvain

I’m exercising with ROP. In a vulnerable program I control the RIP, use “ropeme” and search for gadgets I find many references to 32 bits long registers, but not a single extended register.

I need a simple “pop rdi; ret;” t… Continue reading How to increase gadget occurence in a program→