Don't like this style? Click here to change it! blue.css
Of course we need more practice at these things, but it's a fine start.
My instinct is that we need to practice more shellcode and address leak parsing, but there is something else on the table that we need to practice in the PWN style first (if we're to be properly FIFO).
We learned calling conventions and that helped us understand WHERE to put a new address:
retinstruction we POP RIP
Here is that as a diagram:
This knowledge unlocked controlling RIP.
Now we will unlock something else, Defeating NX
Calling conventions will help us not need shellcode.
The trick is called ROP chaining
Let's work through the problems at: https://ropemporium.com/
Soon you will want this:
ROPgadget --binary binaryhere
The output will look something like:
Here's the big idea of ROP chains:
retthe next address is in the stack
Let's solve the first 2 ROP Emporium problems together.
I also wrote 2 PCPs for you.