Questions tagged [rop]

Return-oriented programming (ROP) is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as executable space protection and code signing.

In this technique, an attacker gains control of the call stack to hijack program control flow and then executes carefully chosen machine instruction sequences that are already present in the machine's memory, called "gadgets". Each gadget typically ends in a return instruction and is located in a subroutine within the existing program and/or shared library code. Chained together, these gadgets allow an attacker to perform arbitrary operations on a machine employing defenses that thwart simpler attacks.

Source Wikipedia:

Return Oriented Programming

33 questions

votes

1 answer

ROP execute a shell with execl() - /bin/sh: 0: Can't open

A vulnerable C program to stack buffer overflow, requires 112 byte stuffing to get to return address of the calling function. Here the Strcpy() is the vulnerable function. void f(char *name){ char buf[100]; strcpy(buf, name); } void main(int…

rop

asked Sep 11 '20 at 13:41

Marco_81

votes

0 answers

Is JIT-compiler required for JIT-ROP attack?

I have been studying up on the concept of Just-in-Time (JIT) ROP attack (https://cs.unc.edu/~fabian/papers/oakland2013.pdf), and came across this question which I have not been able to find the definite answer. In the above paper, the authors state…

web-browser exploit attacks shellcode rop

asked Apr 09 '19 at 19:49

zzang3

-1

votes

1 answer

is it possible to call libc function with rop

let say hacker want to come over the aslr or he want to call function that doesn't exists in user program ,can he insert to the return address address to the share library function or this functions being load only when the user program call them

linux c rop

asked Dec 03 '20 at 08:48

daniel

Prev 1 2